ABSTRACT
Scan-based Design-for-Test (DFT) is a powerful testing scheme, but it can be used to retrieve the secrets stored in a crypto chip thus compromising its security. On one hand, sacrificing security for testability by using traditional scan-based DFT restricts its use in privacy sensitive applications. On the other hand, sacrificing testability for security by abandoning scan-based DFT hurts product quality. The security of a crypto chip comes from the small secret key stored in a few registers and the testability of a crypto chip comes from the data path and control path implementing the crypto algorithm. Based on this key observation, we propose a novel scan DFT architecture called secure scan that maintains the high test quality of traditional scan DFT without compromising the security. We used a hardware implementation of the Advanced Encryption Standard (AES) to show that the traditional Scan DFT scheme can compromise the secret key. We then showed that by using secure scan DFT, neither the secret key nor the testability of the AES implementation is compromised.
- S. Mangard, M. Aigner and S. Dominikus, A Highly Regular and Scalable AES Hardware Architecture, IEEE Transactions on Computer, vol. 52, no.1, pp. 483--491, April 2004. Google ScholarDigital Library
- M.L. Bushnell and V.D. Agrawal, Essentials of Electronic Testing, Kluwer Academic Publishers, 2000.Google Scholar
- D. Josephson and S. Poehhnan, Debug methodology for the McKinley processor, International Test Conference, pp.451--460, 2001 Google ScholarDigital Library
- B. Yang, K. Wu and R. Karri, Scan Based Side Channel Attack on Dedicated Hardware Implementations of Data Encryption Standard, International Test Conference, pp.339--344, 2004 Google ScholarDigital Library
- R. Goering, Scan Design Called Portal for Hackers, EE Times, Oct. 2004. http://www.eetimes.com/news/latest/ showArticle.jhtml?articleID=51200146Google Scholar
- Maestra Comprehensive Guide to Satellite TV Testing, 2002. http://www.maestra.tv/downloads/Maestra_Guide. pdfGoogle Scholar
- O. Kömmerling, M. G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors, USENIX Workshop on Smartcard Technology, pp.9--20, May, 1999. Google ScholarDigital Library
- R. J. Easter, E. W. Chencinski, E. J. D'Avignon, S. R. Greenspan, W. A. Merz and C. D. Norberg, S/390 Parallel Enterprise Server CMOS Cryptographic Coprocessor, IBM Journal of Research and Development, Vol 43, pp.761--776,1999 Google ScholarDigital Library
- D. Hély, F. Bancel, ML Flottes, B. Rouzeyre, M. Renovell and N. Bérard, Scan Design and Secure Chip, IEEE International On-Line Testing Symposium pp.219--226, 2004. Google ScholarDigital Library
- R. Zimmermann, A. Curiger, H. Bonnenberg, H. Kaeslin, N. Felber and W. Fichtner, A 177Mb/sec VLSI implementation of the international data encryption algorithm, IEEE Journal of Solid-State Circuits, vol. 29, no. 3, pp. 303--307, March, 1994.Google ScholarCross Ref
- National Bureau of Standards, Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication FIPS PUB 140--2, 2002.Google Scholar
- Biham and A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, CRYPTO, pp. 156--171, 1991. Google ScholarDigital Library
Index Terms
- Secure scan: a design-for-test architecture for crypto chips
Recommendations
Secure Scan: A Design-for-Test Architecture for Crypto Chips
Scan-based design for test (DFT) is a powerful testing scheme, but it can be used to retrieve the secrets stored in a crypto chip, thus compromising its security. On one hand, sacrificing the security for testability by using a traditional scan-based ...
Balanced Secure Scan: Partial Scan Approach for Secret Information Protection
Scan-based Design-for-Testability technique is widely used to enhance the testability. However, it increases the vulnerability to attacks through scan chains for secure chips such as cryptographic circuits with embedded secret keys. This paper proposes ...
Aggregate designated verifier signatures and application to secure routing
A designated verifier signature convinces only the specific recipient of the message of its integrity and origin. Following the notion of aggregate signature introduced by Boneh et al. we introduce in this work the notion of aggregate designated ...
Comments