Jean DaRolt, G. D. Natale, M. Flottes, B. Rouzeyre
{"title":"Are advanced DfT structures sufficient for preventing scan-attacks?","authors":"Jean DaRolt, G. D. Natale, M. Flottes, B. Rouzeyre","doi":"10.1109/VTS.2012.6231061","DOIUrl":null,"url":null,"abstract":"Standard Design for Testability (DfT) structures are well known as potential sources of confidential information leakage. Scan-based attacks have been reported in publications since the early 2000s. It has been shown for instance that the secret key for symmetric encryption standards (DES, AES) could be retrieved from information gathered on scan-out pins when scan-chains are fully observed through these pins. However DfT practices have progressed to adapt to large and complex designs such as test response compaction, associated X-masking structure, partial scan, etc. As a side effect, these techniques mask part of the information collected on scan outputs. Thus, at first glance, they may appear as countermeasures against scan-based attacks. Nevertheless, in this paper we show that DfT structures, regardless of their nature, do not inherently enhance security and that specific additional countermeasures are still needed. We propose a new-scan attack able to deal with designs where only part of the internal circuit's state is observed for test purpose.","PeriodicalId":169611,"journal":{"name":"2012 IEEE 30th VLSI Test Symposium (VTS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"70","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 30th VLSI Test Symposium (VTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VTS.2012.6231061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 70
Abstract
Standard Design for Testability (DfT) structures are well known as potential sources of confidential information leakage. Scan-based attacks have been reported in publications since the early 2000s. It has been shown for instance that the secret key for symmetric encryption standards (DES, AES) could be retrieved from information gathered on scan-out pins when scan-chains are fully observed through these pins. However DfT practices have progressed to adapt to large and complex designs such as test response compaction, associated X-masking structure, partial scan, etc. As a side effect, these techniques mask part of the information collected on scan outputs. Thus, at first glance, they may appear as countermeasures against scan-based attacks. Nevertheless, in this paper we show that DfT structures, regardless of their nature, do not inherently enhance security and that specific additional countermeasures are still needed. We propose a new-scan attack able to deal with designs where only part of the internal circuit's state is observed for test purpose.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
