Research On Secure Scan Test Architecture Thwarting Scan-Based Side-Channel Attacks

Nowadays,people are paying more attention on the security of chip.How to protect the encryption algorithm in the chip is an important research topic.Although the encryption algorithms and decryption algorithm are open to public,the cipher key are usually deemed impossible to crack by only using plaintext and ciphertext pairs without the valid cipher key.In hardware implementation of cryptographic algorithms,the cipher key is normally stored inside the chip and is not accessible to users.Scan design is a widely used design-for-testability(DFT)technique that improves the controllability and observability of integrated circuits(ICs)so that the test and maintenance of chip is enhanced.However,it also provides a back door for stealing key information,which brings serious security risks to the chip.In this paper,we propose two improved countermeasures against scan-based attacks,which protect the internal information and security of the chip.The main content of the paper is as follows.For the non-boundary scan design environment,a safe scanning test scheme is proposed.When the encryption chip first enters the functional mode after power-on or reset,the security scheme prohibits the chip from switching from the functional mode to the test mode,thereby protecting the intermediate sensitive data stored in the scan chain.The proposed scheme isolates the encryption key when the encryption chip runs in test mode.During this time,the data shifted out from scan chains is independent of the cipher key.This scheme allows for the execution of various tests,such as fixed tests and delayed tests,with simple modifications,in addition to keeping the advatanges of the scan design.Furthermore,it has a small area overhead while effectively protecting the crypto chip.For the boundary scan environment structure,a secure DFT structure is proposed.This structure provides a scan chain reset mechanism,so that attacks can be prevented based on the mode switching method.At the same time,the cipher key is isolated from the scan chain desiged by the Advanced Encryption Standard(AES)in the test mode.Therefore,it can also block scan attacks in test mode.The proposed security scan DFT technology ensures the security and testability of the original chip.Most importantly,the security scan test is implemented with very low hardware overhead.