Frédéric Bancel

Scan Design and Secure Chip

Testing a secure system is often considered as a severebottleneck. While testability requires to an increase inboth observability and controllability, secure chips aredesigned with the reverse in mind, limiting access to chipcontent and on-chip controllability functions. As a result,using usual design for testability techniques whendesigning secure ICs may seriously decrease the level ofsecurity provided by the chip. This dilemma is even moresevere as secure applications need well-tested hardwareto ensure that the programmed operations are correctlyexecuted. In this paper, a security analysis of the scantechnique is performed. This analysis aims at pointing outthe security vulnerability induced by using such a DfTtechnique. A solution securing the scan is finally proposed.

Test control for secure scan designs

Designing secure ICs requires fulfilling many design rules in order to protect access to secret data. However, these security design requirements may be in opposition to test needs and testability improvement techniques that increase both observability and controllability. Nevertheless, secure chip designers cannot neglect the testability of their chip; a high quality production testing is primordial to ensure a good level of security since any faulty devices could induce major security vulnerability. In this paper, we propose to merge security requirements with testability ones in a control-oriented design for security scan technique.

Scan design and secure chip [secure IC testing]

Testing a secure system is often considered as a severe bottleneck. While testability requires an increase in both observability and controllability, secure chips are designed with the reverse in mind, limiting access to chip content and on-chip controllability functions. As a result, using usual design for testability (DfT) techniques when designing secure ICs may seriously decrease the level of security provided by the chip. This dilemma is even more severe as secure applications need well-tested hardware to ensure that the programmed operations are correctly executed. In this paper, a security analysis of the scan technique is performed. This analysis aims at pointing out the security vulnerability induced by using such a DfT technique. A solution securing the scan is finally proposed.

Secure scan techniques: a comparison

Designing secure ICs requires fulfilling many design rules in order to protect access to secret data. However, these security design requirements may be in opposition to test needs and testability improvement techniques that increase both observability and controllability. Nevertheless, secure chip designers cannot neglect the testability of their chip; a high quality production testing is primordial to ensure a good level of security since any faulty devices could induce major security vulnerability. In this paper, we present different techniques securing the scan chain technique and compare them to point out their pros and cons

Securing Scan Control in Crypto Chips

The design of secure ICs requires fulfilling means conforming to many design rules in order to protect access to secret data. On the other hand, designers of secure chips cannot neglect the testability of their chip since high quality production testing is primordial to a good level of security. However, security requirements may be in conflict with test needs and testability improvement techniques that increase both observability and controllability. In this paper, we propose to merge security and testability requirements in a control-oriented design for security scan technique. The proposed security scan design methodology induces an adaptation of two main aspects of testability technique design: protection at protocol level and at scan path level. Without loss of generality, the proposed solution is evaluated on a simple crypto chip in terms of security and design cost.

A secure Scan Design Methodology

It has been proven that scan path is a potent hazard for secure chips. Scan based attacks have been recently demonstrated against DES or AES and several solutions have been presented in the literature in order to securize the scan chain. Nevertheless, the different proposed techniques are all ad hoc techniques, which are not always easy to integrate into a completely automated design flow or in an IP reuse environment. In this paper, we propose a scan chain integrity detection mechanism, which respects both automated design flow and IP reuse environment

Multiconfiguration technique to reduce test duration for sequential circuits

Sequential ATPGs, now, are able to handle an appreciable degree of sequentiality, thus allowing to treat partial scan implementations with a suitable fault coverage. Nevertheless, with these methods the test duration remains often prohibitive due to the long scan register. The DFT method we present is based on cycle breaking and sequential depth reduction guided by graph analysis. When a flip-flop is recognized as a pertinent site for breaking cycles, its input line is disconnected. The observability and controllability losses induced by this operation are compensated by the creation of overlapping configurations guided by structural analysis. Results are presented on testability improvement. They illustrate the drastic cycle and sequential depth reduction obtained when passing from an initial circuit to its corresponding configurations. An implementation of the method using scan flip-flops as modified instances is proposed. Comparison with purely scan techniques is presented in terms of fault coverage, test length and number of modified flip-flops.<<ETX>>

Robustness of circuits under delay-induced faults : test of AES with the PAFI tool

Security of cryptographic circuits is a major concern. Fault attacks are a mean to obtain critical information with the use of physical disturbance and cryptanalysis. We propose a methodology and a tool to analyse the robustness of circuit under faults induced by a delay. We tested a circuit implementing AES and showed that delay faults can permit to perform known fault attacks.

A generic method for fault injection in circuits

Microcircuits dedicated to security in smartcards are targeted by more and more sophisticated attacks like fault attacks that combine physical disturbance and cryptanalysis. The use of simulation for circuit validation considering these attacks is limited by the time needed to compute the result of the chosen fault injections. Usually, this choice is made by the user according to his knowledge of the circuit functionality. The aim of this paper is to propose a generic and semi-automatic method to reduce the number of fault injections using types of data stored in registers (latch by latch)

Securing embedded programmable gate arrays in secure circuits

The purpose of this article is to propose a survey of possible approaches for implementing embedded reconfigurable gate arrays into secure circuits. A standard secure interfacing architecture is proposed and motivations justifying such an approach are discussed. This paper also lists all features offered by FPGA vendors (field programmable gate array) aiming at securing those circuits according to different concerns. This article emphasizes on configuration memory programming which is probably the weakest point of using programmable devices on a secure context.