ScanSaT: Unlocking obfuscated scan chains

Lilas Alrahis, Muhammad Yasin, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, Ozgur Sinanoglu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

Original languageEnglish (US)
Title of host publicationASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages388-393
Number of pages6
ISBN (Electronic)9781450360074
DOIs
StatePublished - Jan 21 2019
Event24th Asia and South Pacific Design Automation Conference, ASPDAC 2019 - Tokyo, Japan
Duration: Jan 21 2019Jan 24 2019

Other

Other24th Asia and South Pacific Design Automation Conference, ASPDAC 2019
CountryJapan
CityTokyo
Period1/21/191/24/19

Fingerprint

Outsourcing
Semiconductor materials
Networks (circuits)
Testing
Industry

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design

Cite this

Alrahis, L., Yasin, M., Saleh, H., Mohammad, B., Al-Qutayri, M., & Sinanoglu, O. (2019). ScanSaT: Unlocking obfuscated scan chains. In ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference (pp. 388-393). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3287624.3287693

ScanSaT : Unlocking obfuscated scan chains. / Alrahis, Lilas; Yasin, Muhammad; Saleh, Hani; Mohammad, Baker; Al-Qutayri, Mahmoud; Sinanoglu, Ozgur.

ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. Institute of Electrical and Electronics Engineers Inc., 2019. p. 388-393.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alrahis, L, Yasin, M, Saleh, H, Mohammad, B, Al-Qutayri, M & Sinanoglu, O 2019, ScanSaT: Unlocking obfuscated scan chains. in ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. Institute of Electrical and Electronics Engineers Inc., pp. 388-393, 24th Asia and South Pacific Design Automation Conference, ASPDAC 2019, Tokyo, Japan, 1/21/19. https://doi.org/10.1145/3287624.3287693
Alrahis L, Yasin M, Saleh H, Mohammad B, Al-Qutayri M, Sinanoglu O. ScanSaT: Unlocking obfuscated scan chains. In ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. Institute of Electrical and Electronics Engineers Inc. 2019. p. 388-393 https://doi.org/10.1145/3287624.3287693
Alrahis, Lilas ; Yasin, Muhammad ; Saleh, Hani ; Mohammad, Baker ; Al-Qutayri, Mahmoud ; Sinanoglu, Ozgur. / ScanSaT : Unlocking obfuscated scan chains. ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 388-393
@inproceedings{a051607502ac4d57babaac728d4aa982,
title = "ScanSaT: Unlocking obfuscated scan chains",
abstract = "While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.",
author = "Lilas Alrahis and Muhammad Yasin and Hani Saleh and Baker Mohammad and Mahmoud Al-Qutayri and Ozgur Sinanoglu",
year = "2019",
month = "1",
day = "21",
doi = "10.1145/3287624.3287693",
language = "English (US)",
pages = "388--393",
booktitle = "ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - ScanSaT

T2 - Unlocking obfuscated scan chains

AU - Alrahis, Lilas

AU - Yasin, Muhammad

AU - Saleh, Hani

AU - Mohammad, Baker

AU - Al-Qutayri, Mahmoud

AU - Sinanoglu, Ozgur

PY - 2019/1/21

Y1 - 2019/1/21

N2 - While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

AB - While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

UR - http://www.scopus.com/inward/record.url?scp=85061141495&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061141495&partnerID=8YFLogxK

U2 - 10.1145/3287624.3287693

DO - 10.1145/3287624.3287693

M3 - Conference contribution

AN - SCOPUS:85061141495

SP - 388

EP - 393

BT - ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference

PB - Institute of Electrical and Electronics Engineers Inc.

ER -