Author:

Keywords:

Secure Design-for-Testability, Cryptographic Circuits, Differential Scan attacks, Countermeasures, Side-Channel attacks, JTAG security, cosic

Abstract:

Cryptographic circuits are vulnerable to various side-channel attacks that target their hardware implementations to extract secret information stored inside them. One such side-channel is the scan chain based Design-for-Test (DfT) infrastructure employed for thorough and faster testing of VLSI circuits. Removing the connectivity of scan chains after manufacturing test prevents such attacks, but also makes in-field test and updates of the circuits impossible. In some applications, such as set-top box decoders, the firmware updates happen through the JTAG port internally connected to the scan chains. Hence, scan chains must be left intact and at the same time protected from these attacks. Moreover, the cost in terms of area and test time overhead must be kept to a minimum to make it feasible to incorporate the security mechanism on a reasonably priced commercial product.This work first investigates the scan attack vulnerability of symmetric-key and public-key hardware implementations, and then presents suitable countermeasures to address the aforementioned trade-off between testability, security and test cost. The thesis first presents scan attacks on hardware implementations of the symmetric-key block cipher AES and the public-key ciphers RSA and ECC in the presence of advanced DfT structures such as test compression and X-handling schemes. In addition, state-of-the-art power analysis side-channel and fault attack countermeasures are analyzed to evaluate whether they are suitable in warding off scan attacks. The thesis also investigates the practical security provided by various scan attack countermeasures (such as partial scan and scan chain scrambling) thatare proposed in the literature. At the algorithmic level, blinding and randomization based schemes that protect against Differential Power Analysis (DPA) attacks are shown to be secure against scan attacks, whereas countermeasures against Simple Power Analysis (SPA) and Fault Attacks are found to be ineffective against scan attacks. At the RTL level, Multiple Input Signature Register (MISR)-based time compaction schemes are found be inherently secure against scan attacks, provided only the final MISR signature is observable and not the intermediate states. New countermeasures are also proposed at the system level in the form of a secure JTAG architecture based on an ECC-based Schnorr Protocol and at the gate level in the form of a noise injector integrated with the test compression schemes.Another major contribution of the thesis is secure Cryptographic SoC Testing. As part of our research work, scan attack resistant Secure Test Wrappers (STWs) have been designed that integrate a challenge-response based secure entity authentication protocol with the IEEE 1500 standard Test Wrapper. Two variants of STWs are proposed; one based on a lightweight block cipher KATAN and the other using Physically Unclonable Functions (PUFs). Another work performed in this direction is integrating efficient multiplier-based pseudo-random Logic Built-In Self-Test (LBIST) solutionswith STWs. This helps in providing a flexible self-testing option for the cryptographic SoC and maintaining a high level of testability and security, while simultaneously reducing the test overhead.