Scan‐based attack tolerance with minimum testability loss: a gate‐level approach

Abstract

Scan chain is an architectural solution to facilitate in-field tests and debugging of digital chips, however, it is also known as a source of security problems, e.g. scan-based attacks in the chips. The authors conduct a comprehensive gate-level security analysis on crypto-chips, which are equipped with a scan chain, and then propose a set of protection mechanisms to immune vulnerable nets of the chips against scan-based attacks. After extracting the set of most vulnerable nets, they perform net pruning algorithms on them, and gate-level protection mechanisms to block the information leaking from the nets during test mode. The protection mechanisms employ net masking, net flipping, and net shuffling based on the specifications of every net, i.e. gate-type driving the net, fan-out of the net, and net's logical depth. Their evaluations on the hardware-implemented advanced encryption standard (AES) and data encryption standard (DES) encryption algorithms show 100% for all types of scan-based attack tolerance, while the area overhead is at most 1.5%, 6.1% for AES and DES crypto-chip, respectively. As they find the smallest set of nets that have a high contribution to the scan attack, the test coverage loss of their protection mechanism is evaluated to be <0.8%.