Giorgio Di Natale

A novel hardware logic encryption technique for thwarting illegal overproduction and Hardware Trojans

Hardware piracy is a threat that is becoming more and more serious these last years. The different types of threats include mask theft, illegal overproduction, as well as the insertion of malicious alterations to a circuit, referred to as Hardware Trojans. To protect circuits from overproduction, circuits can be encrypted so that only authorized users can use the circuits. In this paper, we propose an encryption technique that also helps thwarting Hardware Trojan insertion. Assuming that an attacker will attach a Hardware Trojan to signals with low controllability in order to make it stealthy, the principle of the encryption is to minimize the number of signals with low controllability.

New security threats against chips containing scan chain structures

Insertion of scan chains is the most common technique to ensure observability and controllability of sequential elements in an IC. However, when the chip deals with secret information, the scan chain can be used as back door for accessing secret (or hidden) information, and thus jeopardize the overall security. Several scan-based attacks on cryptographic functions have been described and showed the need for secure scan implementations. These attacks assume a single scan chain. However the conception of large designs and restrictions in terms of test costs may require the implementation of many scan chains and additional test infrastructures for test response compaction. In this paper, we present a new generic scan attack that covers a wide range of industrial test infrastructures, including spatial response compressors.

A Reliable Architecture for Parallel Implementations of the Advanced Encryption Standard

This paper presents an on-line self-test architecture for hardware implementation of the Advanced Encryption Standard (AES). The solution exploits the inherent spatial replications of a parallel architecture for implementing functional redundancy at low cost. We show that the solution is very effective for on-line fault detection while keeping the area overhead very low. Moreover, the architectural modification for on-line test does not weaken the device with respect to side-channel attacks based on power analysis.

A survey on simulation-based fault injection tools for complex systems

Dependability is a key decision factor in todays global business environment. A powerful method that permits to evaluate the dependability of a system is the fault injection. The principle of this approach is to insert faults into the system and to monitor its responses in order to observe its behavior in the presence of faults. Several fault injection techniques and tools have been developed and experimentally tested. They could be mainly grouped into three categories: hardware fault injection, simulation-based fault injection, and emulation-based fault injection. This paper presents a survey on the simulation-based fault injection techniques, with a focus on complex micro-processor based systems.

Are advanced DfT structures sufficient for preventing scan-attacks?

Standard Design for Testability (DfT) structures are well known as potential sources of confidential information leakage. Scan-based attacks have been reported in publications since the early 2000s. It has been shown for instance that the secret key for symmetric encryption standards (DES, AES) could be retrieved from information gathered on scan-out pins when scan-chains are fully observed through these pins. However DfT practices have progressed to adapt to large and complex designs such as test response compaction, associated X-masking structure, partial scan, etc. As a side effect, these techniques mask part of the information collected on scan outputs. Thus, at first glance, they may appear as countermeasures against scan-based attacks. Nevertheless, in this paper we show that DfT structures, regardless of their nature, do not inherently enhance security and that specific additional countermeasures are still needed. We propose a new-scan attack able to deal with designs where only part of the internal circuits state is observed for test purpose.

Test Versus Security: Past and Present

Cryptographic circuits need to be protected against side-channel attacks, which target their physical attributes while the cryptographic algorithm is in execution. There can be various side-channels, such as power, timing, electromagnetic radiation, fault response, and so on. One such important side-channel is the design-for-testability (DfT) infrastructure present for effective and timely testing of VLSI circuits. The attacker can extract secret information stored on the chip by scanning out test responses against some chosen plaintext inputs. The purpose of this paper is to first present a detailed survey on the state-of-the-art in scan-based side-channel attacks on symmetric and public-key cryptographic hardware implementations, both in the absence and presence of advanced DfT structures, such as test compression and X-masking, which may make the attack difficult. Then, the existing scan attack countermeasures are evaluated for determining their security against known scan attacks. In addition, JTAG vulnerability and security countermeasures are also analyzed as part of the external test interface. A comparative area-timing-security analysis of existing countermeasures at various abstraction levels is presented in order to help an embedded security designer make an informed choice for his intended application.

Scan Attacks and Countermeasures in Presence of Scan Response Compactors

The conflict between security and testability is still a concern of hardware designers. While secure devices must protect confidential information from unauthorized users, quality testing of these devices requires the controllability and observability of a substantial quantity of embedded information, and thus may jeopardize the data confidentiality. Several attacks using the test infrastructures (and in particular scan chains) have been described. More recently it has been shown how test response compaction structures provide a natural counter-measure against this type of attack. However, in this paper, we show that even in the presence of response compactors the scan-based attack is still possible and it requires low complexity computation. We then give some perspectives concerning the techniques that can be used to increase the scan-based attack complexity without affecting the testability of the device.1

A new scan attack on RSA in presence of industrial countermeasures

This paper proposes a new scan-based side-channel attack on RSA public-key cryptographic implementations in the presence of advanced Design for Testability (DfT) techniques. The attack is performed on an actual hardware implementation, for which different test scenarios were conceived (response compaction, X-Masking). The practical aspects of scan-based attacks on the RSA cryptosystem are also presented. Additionally, a novel scan-attack security analysis tool is proposed which helps in evaluating the scan-chain leakage resilience of security circuits.

A 3D IC BIST for pre-bond test of TSVs using ring oscillators

3D stacked integrated circuits based on Through Silicon Vias (TSV) are promising with their high performances and small form factor. However, these circuits present many test issues, especially for TSVs. In this paper we propose a novel Built-In-Self-Test (BIST) architecture for pre-bond testing of TSVs in 3D stacked integrated circuits. The main idea is to measure the variation of TSVs capacitances in order to detect defective TSVs. The BIST architecture is based on ring oscillators, frequencies of which depend on TSVs capacitances. The proposed BIST is integrated within the JTAG standard. This paper presents spice simulation results and logic synthesis results of the proposed TSV ring oscillator structure using a 65 nm CMOS technology, including 10 μm diameter TSV middle technology. Due to local process variations, the proposed test architecture is limited in accuracy; it detects only large capacitive faults on TSVs.

A novel differential scan attack on advanced DFT structures

Scan chains insertion is the most common technique to ensure the testability of digital cores, providing high fault coverage. However, for ICs dealing with secret information, scan chains can be used as back doors for accessing secret data thus becoming a threat to system security. So far, advanced test structures used to reduce test costs (e.g., response compaction) and achieve high fault coverage (e.g., Xs masking decoder) have been considered as intrinsic countermeasures against these threats. This work proposes a new generic scan-based attack demonstrating that these test structures are not sufficiently effective to prevent leakage through the test infrastructure. This generic attack can be easily adapted to several cryptographic implementations for both symmetric and public key algorithms. The proposed attack is demonstrated on several ciphers.