Professional Documents
Culture Documents
Abstract
VLSI as a form of testing is a practical requirement that requires a high degree of caution to
ensure that the features enhancing testability execute maximum security. There is a possibility
that breaching can occur in the process of testing security leading to leaking of confidential data
and reduced protection of the intellectual property. This paper provides an overview of security
issues experienced during testing while particularly centering on the scan technique. Issues such
as test hazards, design challenge, and attackers are discussed into details. Along with this, the
paper gives another overview of the countermeasures that have been currently published and
finally a conclusion is given based on the best countermeasure to adopt based on cost parameters.
Introduction
In the recent years, circuit testing from an integrated point of view has emerged as a
security concern. It is worth noting that keen observation and controllability are two critical
components required for testability to prove effective. However, this is not the case when it
comes to security. It has been proven that techniques for standard design and testing can be used
to jeopardize the confidentiality of data and any intellectual property affiliated with it. In a
similar way, the structures used for testing can cause information breach regarding the chip
design. A third party can end up using the controllability from the test structures to obtain to
insert malicious data into the system or generally force the system into a state of being insecure.
It is, therefore, important to question how to achieve a higher quality in testing without
compromising the security of the circuit. Firstly, it would appear that built-in self-test (BIST) is
a magnificent technique for security risk mitigation caused by testability. Nevertheless, there are
some demerits that come along with it from the perspectives of hardware, diagnostic errors, and
security. Thus, another technique referred to as scan path is commonly used by testing
communities Over the recent years; there has been debate regarding how to proficiently secure
the scan technique. Security schemes need to mesh well with the tools used for design for test
(DfT). Furthermore, integrators of System-On-Chip (SoC) interact more with third party
providers of intellectual property (IP) leading to various questioning such as; What are the
assumptions made regarding the degradation of SoC by IP? How can DfT of the IP be
successfully integrated during the integration of SoC? and finally, how sure are we that the
infrastructure test from SoC will not be utilized in the attack of IP particularly from the point of
view of IP provider? This paper focuses on looking at some of the security challenges affiliated
with the testing of VLSI and some of the countermeasures that can be adopted based on the
available literature.
Test hazards: Bo Yang, Kaijie Wu, & Ramesh Karri (2005) present a new form of attack
on side channel against Data Encryption Standard (DES) through exploring the observability that
mechanism of scan chain provides. From these attacks, a possible inference is drawn stating that
fundamental susceptibility for the circuit. Such an attack comprises unloading of the scan chain
at various stages of the algorithm among other practices. Features of testing can also be used to
forms a fundamental concern in the design of SoC. An antagonist can exploit the structures used
for testing to obtain information related to the design. In fact, scan test features from a
magnificent tool that can be used for reversed engineering. In addition, the features could be
used as points of entry to create a chip containing malicious data or obtain particular information
related to design that can enhance repeat attack. From another perception, the possibility of
activating the scan chain can provide means for viability in the random injection. Following the
security hazards noted in the testing of IC, it has become important for any DfT technique to be
used to meet 3 criteria namely protected test mode restricted only to the privileged user,
managing leakage of confidential information, and managing malicious data insertion. These
three are aimed at ensuring no leakage of information occurs via a scan chain, and no data
insertion becomes possible via the scan path. Two distinct modes can be used to achieve security
for SoC namely functional and test mode In the test mode; there is permission to use all the test
particulars leading to permanent alteration of the IC so that they can just work in the functional
mode or require authentication to get back the test mode. Thus, leading to more benefits of
security.
The Attackers: making ICs secure is done based on the profile of an attacker. Various
attacker profiles may be identified based on test-based attacks. These include authorized test
engineer, in the field hacker, and IP provider. The first two categories are not that much
impacting. An attacker particularly based on the second part of the infield hacker would desire to
gain access to both the test mode and the functional mode thereby begging the question how best
would an individual activate the test mechanism? An attacker would basically want to merge the
two modes to enhance access to test qualities while the chip is in user mode. A test architecture
for SoC comprises a controller test and a test access mechanism (TAM). The controller test is
linked up to the tester and provides data from scanning through the TAM. Hackers use the
controller test to penetrate the IP via internal chain scan. However, in a case where the controller
test is highly protected against attackers, the attackers can still use direct attacks using brute
force techniques such as die probing. The success of such an attack is, however, minimum as it
needs a higher level of experience and proficient tools. Attackers particularly the hackers
alternatively introduce stress factors to trigger the internal errors of a design that lead to the
activation of test mechanisms. Various means can be used to induce the errors such as using
voltage, optical or electromagnetic. From such a perspective, two forms of attack can be
considered namely Protocol and Brute Force attack. Although there could also be infiltrated
attack where the attacker sniffs, recreates or introduces data on the test bus using a core in the
chip.
common and almost achievable thing for the test engineers and designers. It is important to
enhance high test coverage since flaws in production could result in system malfunction which
could pose security hazard especially when using the system. Already, there is a high-test
coverage for efforts regarding the development of IC. Similarly, certification of security needs
and evaluation based on quantitative analysis of the test coverage noted in the certification
process. DfT is a very quantitative process and well automated, thus more barriers of security can
fit into the common tools of DfT like scan insertion and generation of automated test pattern.
Furthermore, most contemporary SoC contains several modules of IP which adhere to predefined
regulations so that their interfaces used for testing can easily merge with the SoC. Eventually, it
is important to take note of security and economics in the process of designing. Security would
enhance verification of the design while the economics would utilize less die area and power.
Test affiliated with production is expensive for the VLSI production process. From the
test. The following parameters, therefore, characterize the techniques used in DfT:
Control measures
From the available literature, several techniques have been proposed to mitigate the
hazards arising due to insecurity in testing. These measures deal with the test protocol, design of
Protocol Level: protection reinforcement through following the differentiation of the test
mode has been one of the approaches used by the SoC industry. The protocol for test solution
comprises the disabling of the test feature in user mode particularly during the addressing of
confidential data. In the pursuit of protecting data that a circuit processes Hly, Bancel, Flottes,
& Rouzeyre (2007) proposes that it is important for the test protocol to be modified prior to
entering the test mode in order to reset the circuit completely. If this is done correctly then scan-
in, scan-out, and capture processes can be done. Then before getting back to the functional mode,
the circuit should be reset to see to it that no data is entering through the scan path. Also, there is
need to isolate confidential data from the chain performing the scan. This requires switching
between user and test mode (Yang, Wu, & Karri, 2006). Another counter measure is through
using a crypto-based scheme for protecting the interfaces of JTAG against attacks of protocol
level such as sniffing confidential data this has added benefit related to the authentication of
Scan Chain-level protection: attackers can strive to activate the scan chain through
bypassing the logic controlling the switch existing between the user and functional mode for
instance in probing attack. Such forms of attack can be controlled by using scan data scrambling
technique. However, during a brute-force attack on a scan chain, there is a possibility that the
scrambling can end up being ineffective, thus the protection can be determined by the length of
the scrambled part. Therefore, it is important to add more protection aimed at ensuring that there
Communication Security for test channel: it is important to test all the cores in an SoC
and communicate the responses of these tests to the tester irrespective of which testing is used. In
a case where the cores of the SoC are untrustworthy, the shared wiring can end up becoming a
security problem. Relying on the details of the shared wiring implementation it is easy to
experience infiltration by a malicious core which can cause interference with the communication
channel between the test controller and the beginning victim core. It is possible to mitigate such
a threat using crypto techniques on the test bus. Rosenfeld & Karri (2011) suggest an architecture
that can be used to create a secured test communication between a test controller and the cores in
SoC with the main idea of taking advantage of the little knowledge of the circuitry in the core of
chain. It is worth noting that during scanning the scan chain is always enabled, but with each
scanning, it is important to take note of the data in order to determine whether to authorize or
reject the incoming scan operations. From another perspective, adding some flip-flops in the scan
path and then switching the circuit to test mode can be a way of performing a countermeasure,
but only through the utilization of appropriate sequence (Paul, Chakraborty, & Bhunia, 2007).
Conclusively, the security issues surrounding the scan-based test in the contemporary
VLSI have been discussed at length. The various techniques that can be used for mitigation have
been looked at based on the literature available supporting them. It is important to take note of
the strengths and weaknesses affiliated with this mitigation techniques so as to come up with the
best technique for use. All in all, there is no universal solution that can be used to provide
protection against that security threats for arbitrary protection as far as cos is concerned.
Designers have to take note of the security concerns they wish to mitigate and the price they
Bo Yang, Kaijie Wu, & Ramesh Karri, (2005). Scan based side channel attack on dedicated
On Test. http://dx.doi.org/10.1109/test.2004.1386969
http://dx.doi.org/10.1109/tcad.2009.2028166
Hly, D., Bancel, F., Flottes, M., & Rouzeyre, B. (2007). Securing Scan Control in Crypto
007-5000-z
Lee, J., Tehranipoor, M., Patel, C., & Plusquellic, J. (2007). Securing Designs against Scan-
Paul, S., Chakraborty, R., & Bhunia, S. (2007). VIm-Scan: A Low Overhead Scan Design
Approach for Protection of Secret Key in Scan-Based Secure Chips. 25Th IEEE VLSI
Rosenfeld, K. & Karri, R. (2011). Security-aware SoC tests access mechanisms. 29Th VLSI Test
Symposium. http://dx.doi.org/10.1109/vts.2011.5783765
Yang, B., Wu, K., & Karri, R. (2006). Secure Scan: A Design-for-Test Architecture for Crypto