Home Computer Science Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment
Scan-Based Side-Channel Attack
The scan design is an effective DfT technique that enhances the testability by providing full controllability and observability of the storage elements (flip flops) of the chip. However, the security may be compromised upon misuse of such capabilities. Scan design exposes the internal elements of the chip. Although some applications disable the scan chains after the manufacturing test by blowing fuses for example, other applications necessitate in-fleld testing to provide debug capabilities. For cryptochips, the scan design can be misused to leak the secret key of the chip. If the key register is part of the scan chain, the attacker can retrieve the key by simply shifting out the content of the scan chain. A good design practice is to exclude the key register from the scan chain. However, this alone does not guarantee a secure test environment. Scan-based side-channel attacks have been shown to leak secret information of the chip.
Scan design can be exploited to circumvent the security of the chip. Some of the scan cells include secret information of the chip that executes encryption algorithms. The attacker targets the scan cells that store computation results of intermediate operations of the encryption algorithm. A scan-based side-channel attack utilizes the direct access to the primary inputs/outputs, and the scan-in/scan-out pins of the chip to recover the secret key; It uses the load and unload capabilities of the scan infrastructure. This attack applies differential analysis on different encryption algorithms such as Data encryption Standard (DES)  and Advanced Encryption Standard (AES) . We will focus on the AES encryption algorithm throughout this chapter. However, our analysis can be extended to different encryption algorithms.
|< Prev||CONTENTS||Next >|