New scan-based attack using only the test mode and an input corruption countermeasure

Sk Subidh Ali, Samah Mohamed Saeed, Ozgur Sinanoglu, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Scan-based design-for-testability, which improves access and thus the test quality, is highly vulnerable to scan attack. While in-field test is enabled through the scan design to provide debug capabilities, an attacker can leverage the test mode to leak the secret key of the chip. The scan attack can be thwarted by a simple defense that resets the data upon a switch from the normal mode to the test mode. We proposed a new class of scan attack in [15] using only the test mode of a chip, circumventing this defense. In this book chapter we extend our earlier work by introducing case studies to explain this new attack in greater detail. Furthermore, we study the effectiveness of existing countermeasures to thwart the attack and propose a new input corruption countermeasure that requires a smaller area overhead compared to the existing countermeasures.

Original languageEnglish (US)
Title of host publicationVLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers
PublisherSpringer New York LLC
Pages48-68
Number of pages21
Volume461
ISBN (Print)9783319237985
DOIs
StatePublished - 2015
Event21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Istanbul, Turkey
Duration: Oct 6 2013Oct 9 2013

Publication series

NameIFIP Advances in Information and Communication Technology
Volume461
ISSN (Print)18684238

Other

Other21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013
CountryTurkey
CityIstanbul
Period10/6/1310/9/13

Fingerprint

Countermeasures
Attack
Corruption
Testability
Leverage

Keywords

  • AES
  • Scan attack
  • Scan chain
  • Scan-based dft
  • Security
  • Testability

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Ali, S. S., Saeed, S. M., Sinanoglu, O., & Karri, R. (2015). New scan-based attack using only the test mode and an input corruption countermeasure. In VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers (Vol. 461, pp. 48-68). (IFIP Advances in Information and Communication Technology; Vol. 461). Springer New York LLC. https://doi.org/10.1007/978-3-319-23799-2_3

New scan-based attack using only the test mode and an input corruption countermeasure. / Ali, Sk Subidh; Saeed, Samah Mohamed; Sinanoglu, Ozgur; Karri, Ramesh.

VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers. Vol. 461 Springer New York LLC, 2015. p. 48-68 (IFIP Advances in Information and Communication Technology; Vol. 461).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ali, SS, Saeed, SM, Sinanoglu, O & Karri, R 2015, New scan-based attack using only the test mode and an input corruption countermeasure. in VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers. vol. 461, IFIP Advances in Information and Communication Technology, vol. 461, Springer New York LLC, pp. 48-68, 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Istanbul, Turkey, 10/6/13. https://doi.org/10.1007/978-3-319-23799-2_3
Ali SS, Saeed SM, Sinanoglu O, Karri R. New scan-based attack using only the test mode and an input corruption countermeasure. In VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers. Vol. 461. Springer New York LLC. 2015. p. 48-68. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-319-23799-2_3
Ali, Sk Subidh ; Saeed, Samah Mohamed ; Sinanoglu, Ozgur ; Karri, Ramesh. / New scan-based attack using only the test mode and an input corruption countermeasure. VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers. Vol. 461 Springer New York LLC, 2015. pp. 48-68 (IFIP Advances in Information and Communication Technology).
@inproceedings{d239d5cbff134a5295ac7b6a08abb58b,
title = "New scan-based attack using only the test mode and an input corruption countermeasure",
abstract = "Scan-based design-for-testability, which improves access and thus the test quality, is highly vulnerable to scan attack. While in-field test is enabled through the scan design to provide debug capabilities, an attacker can leverage the test mode to leak the secret key of the chip. The scan attack can be thwarted by a simple defense that resets the data upon a switch from the normal mode to the test mode. We proposed a new class of scan attack in [15] using only the test mode of a chip, circumventing this defense. In this book chapter we extend our earlier work by introducing case studies to explain this new attack in greater detail. Furthermore, we study the effectiveness of existing countermeasures to thwart the attack and propose a new input corruption countermeasure that requires a smaller area overhead compared to the existing countermeasures.",
keywords = "AES, Scan attack, Scan chain, Scan-based dft, Security, Testability",
author = "Ali, {Sk Subidh} and Saeed, {Samah Mohamed} and Ozgur Sinanoglu and Ramesh Karri",
year = "2015",
doi = "10.1007/978-3-319-23799-2_3",
language = "English (US)",
isbn = "9783319237985",
volume = "461",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "48--68",
booktitle = "VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers",

}

TY - GEN

T1 - New scan-based attack using only the test mode and an input corruption countermeasure

AU - Ali, Sk Subidh

AU - Saeed, Samah Mohamed

AU - Sinanoglu, Ozgur

AU - Karri, Ramesh

PY - 2015

Y1 - 2015

N2 - Scan-based design-for-testability, which improves access and thus the test quality, is highly vulnerable to scan attack. While in-field test is enabled through the scan design to provide debug capabilities, an attacker can leverage the test mode to leak the secret key of the chip. The scan attack can be thwarted by a simple defense that resets the data upon a switch from the normal mode to the test mode. We proposed a new class of scan attack in [15] using only the test mode of a chip, circumventing this defense. In this book chapter we extend our earlier work by introducing case studies to explain this new attack in greater detail. Furthermore, we study the effectiveness of existing countermeasures to thwart the attack and propose a new input corruption countermeasure that requires a smaller area overhead compared to the existing countermeasures.

AB - Scan-based design-for-testability, which improves access and thus the test quality, is highly vulnerable to scan attack. While in-field test is enabled through the scan design to provide debug capabilities, an attacker can leverage the test mode to leak the secret key of the chip. The scan attack can be thwarted by a simple defense that resets the data upon a switch from the normal mode to the test mode. We proposed a new class of scan attack in [15] using only the test mode of a chip, circumventing this defense. In this book chapter we extend our earlier work by introducing case studies to explain this new attack in greater detail. Furthermore, we study the effectiveness of existing countermeasures to thwart the attack and propose a new input corruption countermeasure that requires a smaller area overhead compared to the existing countermeasures.

KW - AES

KW - Scan attack

KW - Scan chain

KW - Scan-based dft

KW - Security

KW - Testability

UR - http://www.scopus.com/inward/record.url?scp=84950132356&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950132356&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-23799-2_3

DO - 10.1007/978-3-319-23799-2_3

M3 - Conference contribution

AN - SCOPUS:84950132356

SN - 9783319237985

VL - 461

T3 - IFIP Advances in Information and Communication Technology

SP - 48

EP - 68

BT - VLSI-SoC: At the Crossroads of Emerging Trends - 21st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2013, Revised and Extended Selected Papers

PB - Springer New York LLC

ER -