The IEEE 1687 test standard provides an effective way to access on-chip instruments by an Internal Joint Test Action Group (IJTAG) network. However, it also leads to severe security problems because anyone can easily access these instruments through IJTAG networks. This paper proposes an authentication-based secure IJTAG network to defend the potential threats. The main idea is to ensure that instruments can be accessed only when users enter legal patterns. The secure structure generates different keys for different patterns to overcome the single key's weakness. If attackers shift in illegal patterns, they cannot manipulate target instruments. An obfuscator to generate fake output data is also developed to confuse attackers. The proposed method can defend against memory attacks, brute-force attacks, and reverse engineering attacks. Experimental results show that the proposed method requires only a small area overhead.

A hardware root of trust (RoT) is the foundation on which all secure operations of a circuit depend, including those related to DFT. Despite many countermeasures aimed at facing potential threats such as untrusted users accessing a test interface, IC vendors raise several concerns regarding the complexity of such solutions, both in terms of area overhead and the impact on the design flow. These concerns have motivated this work presenting a simple, yet effective, comprehensive and non-intrusive lightweight hardware root of trust to counteract scan-related security threats. It builds on and easily integrates with a Streaming Scan Network (SSN) technology and takes advantage of its inherent data scrambling and packetized test data distribution.

We demonstrate a Hardware Trojan (HT)-based circuit-to-circuit attack mechanism in the context of Systems-on-Chip (SoCs). The HT trigger is hidden inside the attacking circuit and the HT payload travels from the attacking circuit to the victim circuit via the test infrastructure. The common test infrastructure is configured accordingly by the HT so as to propagate the HT payload. We demonstrate the capability of this HT to perform a denial-of-service attack on an industrial Analog-to-Digital Converter (ADC) connected to a IEEE 1687 test infrastructure.

Hardware Trojan (HT) insertion is a major security threat for electronic components that demand a high trust level. Several HT attack mechanisms have been demonstrated to date, and several HT prevention and detection countermeasures have been proposed to thwart HT attacks. Given the multitude of HT attack mechanisms, run-time monitors for HT detection are used as a last line of defense. In this paper, we propose a run-time monitoring methodology for HT attack mechanisms affecting the analog and mixed-signal (AMS) sections of an Integrated Circuit (IC). The methodology is based on the Symmetry-based Built-In Self-Test (SymBIST) principle that relies on distributing invariances across the IC and continuously checking for their compliance. Detection of various HT attacks are demonstrated on a Successive Approximation Register (SAR) Analog-to-Digital Converter (ADC) IP at transistor-level.

We propose a Hardware Trojan (HT) attack for analog circuits with its key characteristic being that it cannot be prevented or detected in the analog domain. The HT attack works in the context of Systems-on-Chip (SoCs) comprising both digital and analog Intellectual Property (IP) blocks. The attacker could be either the SoC integrator or the foundry. More specifically, the HT trigger is placed inside a dense digital IP block where it can be effectively hidden, whereas the HT payload is in the form of a digital pattern transported via the test bus or generated within the test bus, reaching the Design-for-Test (DfT) or programmability interface of the victim analog IP with the test bus. The HT payload unexpectedly activates the DfT and sets the victim analog IP into some possibly partial and undocumented test mode or changes the nominal programmability. The HT payload can be designed to result in performance degradation or complete malfunction, i.e., denial of service. We demonstrate this HT attack scenario on two analog IPs, namely a low-dropout (LDO) regulator using simulation and an RF receiver using hardware measurements.

Hardware security and trust have become a pressing issue during the last two decades due to the globalization of the semi-conductor supply chain and ubiquitous network connection of computing devices. Computing hardware is now an attractive attack surface for launching powerful cross-layer security attacks, allowing attackers to infer secret information, hijack control flow, compromise system root-of-trust, steal intellectual property (IP) and fool machine learners. On the other hand, security practitioners have been making tremendous efforts in developing protection techniques and design tools to detect hardware vulnerabilities and fortify hardware design against various known hardware attacks. This paper presents an overview of hardware security and trust from the perspectives of threats, countermeasures and design tools. By introducing the most recent advances in hardware security research and developments, we aim to motivate hardware designers and electronic design automation tool developers to consider the new challenges and opportunities of incorporating an additional dimension of security into robust hardware design, testing and verification.

The globalized supply chain in the Integrated Circuit (IC) industry raises several security concerns such as overproduction, IP piracy and Hardware Trojan insertion. Logic locking has emerged as a potential countermeasure to address these issues. However, its efficiency is challenged by various attacks, especially oracle-guided attacks based on Boolean Satisfiability (SAT) solvers. These attacks rely on the possibility for an attacker to control and observe in the field the internal state of a functional IC, which acts as an oracle. This ability to control/observe the IC states is offered by scan chains, typically used for IC production testing. In this paper, we propose a method, complementary to logic locking, to prevent such attacks. This method introduces a scan chain controller with a key-based authentication mechanism, in order to prevent unauthorized access to the scan chains once the IC is deployed in the field. The solution can be coupled with any logic locking technique at the cost of negligible area overhead. Furthermore, it is secure against state-of-the-art attacks and supports full testing.

Scan chain is an architectural solution to facilitate in-field tests and debugging of digital chips, however, it is also known as a source of security problems, e.g. scan-based attacks in the chips. The authors conduct a comprehensive gate-level security analysis on crypto-chips, which are equipped with a scan chain, and then propose a set of protection mechanisms to immune vulnerable nets of the chips against scan-based attacks. After extracting the set of most vulnerable nets, they perform net pruning algorithms on them, and gate-level protection mechanisms to block the information leaking from the nets during test mode. The protection mechanisms employ net masking, net flipping, and net shuffling based on the specifications of every net, i.e. gate-type driving the net, fan-out of the net, and net's logical depth. Their evaluations on the hardware-implemented advanced encryption standard (AES) and data encryption standard (DES) encryption algorithms show 100% for all types of scan-based attack tolerance, while the area overhead is at most 1.5%, 6.1% for AES and DES crypto-chip, respectively. As they find the smallest set of nets that have a high contribution to the scan attack, the test coverage loss of their protection mechanism is evaluated to be <0.8%.

We present a Hardware Trojan (HT) attack scenario for analog circuits. The characteristic of this HT is that it does not reside inside the victim analog circuit. Instead, it resides on an independent digital circuit on the same die where it is triggered, yet its payload is applied only to the analog circuit after being transferred via the common test infrastructure and the test interface of the analog circuit. This HT attack cannot be detected or prevented in the analog domain and it exploits the dense digital circuit to hide effectively its footprint.

In most safety-critical systems, the robustness and the confidentiality of the application code are crucial. Such code is generally stored into Non-Volatile Memories (NVMs) that are prone to faults (e.g., due to radiation effects). Unfortunately, faults affecting the instruction code result very often into Silent Data Corruption (SDC). This condition lets faults remain undetected and it can lead to undesiderable errors that may compromise the system functionality. Thus, it is desirable that the system is able to detect faults affecting the code memory. To overcome this issue, designers often resort to expensive error detection/correction mechanisms. Furthermore, they also adopt memory encryption techniques to prevent unauthorized, hence malicious, access to the code or to protect it from any unauthorized copy. In this paper, we show that the presence of memory encryption alone is able to strongly reduce the probability of SDC, without the need of implementing expensive error detection. We have performed some experiments on the OpenRISC1200 microprocessor in order to evaluate the impact on reliability stemming from different encryption methods.