Apr 6, 2013 - State of the art of secure scan-paths ... Can be used to steal important ... If the key is correct, the scan-path will be arranged in the right order.
04/06/2013
Differential Scan-Path: A Novel Solution for Secure Design-for-Testability S. Manich, Markus S. Wamser, Oscar M. Guillen, G. Sigl •
Universitat Politècnica de Catalunya – BarcelonaTECH
•
Techniche Universität Münchem – TUM
Overview
Motivation
State of the art of secure scan-paths
DiSP principle of operation
Serial an parallel configurations
Error masking and security
DiSP embedding
Simulation results for benchmarks
Conclusions
1
04/06/2013
MOTIVATION
Scan design PROS:
Most popular DFT technique
High Fault Coverage
High Testability: ◦ High Controllability ◦ High Observability
CONS:
Popular tool for attackers to perform Reverse Engineering
Can be used to steal important information such as: ◦ Intellectual Property ◦ Secret keys of cryptographic cores
2
04/06/2013
STATE OF THE ART OF SECURE SCAN-PATHS
Scan-path security approaches
Fuses
◦ Block access by blowing the fuse after production tests
Lock and Key security
◦ Test Controller protects the access into test mode ◦ Authentication is performed by shifting-in proper test keys
Scrambling the scan-paths
◦ Flip-Flops are dynamically reordered through the use of a key ◦ If the key is correct, the scan-path will be arranged in the right order ◦ Else, the scan-path is ordered in a random configuration
Scrambling the responses
◦ Flip-Flops within the scan chains are used to extract a key from the scan vectors ◦ Each test vector must contain the right combination of bits to form the correct key ◦ If the key is incorrect, the response will be mixed with random bits, becoming corrupted
3
04/06/2013
Scan-path security costs
Typical scan-path security approaches incur in at least one of the following disadvantages among others:
◦ High area overhead ◦ Timing overhead ◦ Performance degradation ◦ Increased complexity of testing ◦ Use of static keys
DISP PRINCIPLE OF OPERATION
4
04/06/2013
Schematic overview
Schematic overview
5
04/06/2013
Feedback loops
Brings SI+A-B to A Brings (B-A) to SO
Brings (A-B) to B
State equations during first shifts
Difference generation
mod 2 mod 2 mod 2 during next shifts
Difference clean up
mod 2 mod 2
mod 2 mod 2
6
04/06/2013
Operation principle New input test vector
Last capture
Operation principle First shifts
Difference generation
7
04/06/2013
Operation principle Next shifts
Difference clean up
Numerical example 0
Carry presets
1 1 0 0 0 1 0 1 1
1 1 0 0
1 0 0 1
1
1
Parity bit = 0
8
04/06/2013
Numerical example 1
Difference generation
0 0 1 1 0
1 0 0 0 1 0 1
1 1 0 0
1
1
1
Numerical example 2
Difference generation
0 1 0 0 0 1 0
0 0 1 1 1 1 0
1
1 1 01 00
0 1
1
9
04/06/2013
Numerical example 3
Difference generation
1 1 0 0 0 1
0 1 0 1 1 0 1
1 0 1
10 1 01 01
0
0
Numerical example 4
Difference generation 1 0 0 1 1 1 0 0
1 1 0 0 0
1 1 1 0
0
1 1 0 1
0 0 1 1
0
mod 2
10
04/06/2013
Numerical example 4
Carry presets
1 1 0 0 0
1 1 1 0
1 1 0 1
0 0 1 1
1
1
Numerical example 6
Difference clean up
0 1 0 0
1 1 1 1
0
1 1 1 0 1
1 0 0 1
1
11
04/06/2013
Numerical example 6
Difference clean up
0 1 0
1 1 1 1
1 1 0 0
0 1 1 1 0 1
0
1
Numerical example 7
Difference clean up
1 1
0 1 1 1
0
0 1 1 0
1 0 1 1 1 0 1
0
12
04/06/2013
Numerical example 8
Difference clean up
1 0 0 1 1
1 0 1 1
1
0 1 0 1 1 1 0 1
0 Parity bit = 1
1 0 0 0 1 0 1 1
mod 2
SERIAL AND PARALLEL CONFIGURATION
13
04/06/2013
Parallel configuration Adapts better to existing scan-path layout
Critical feedback lines 1 and 2 become shorter
ERROR MASKING AND SECURITY
14
04/06/2013
Error masking
Probability of error masking
2 2
2
Internal state and parity
Probability of guessing the internal state
1 2
2
Probability of guessing parity
1 2
1
…
2
…
2
…
1
1
log
log
15
04/06/2013
Estimated values
DISP EMBEDDING
16
04/06/2013
Sign cancellation
SIMULATION RESULTS FOR BENCHMARKS
17
04/06/2013
Rate of Parity Failures in DiSP
Benchmarks: ISCA85, 89 and ITC 99
20,000 random vectors Circuit
Number of parity evaluations and failures Bit level Word level (whole scan-path) Parity check failures in DiSP output
Parity checks
Absolute b22 b19 b18 b17 s38584 s35932 s15850 s13207 c7552 c6288 c5315 c3540
7,560,000 66,673,332 33,420,000 14,440,000 15,760,000 17,600,000 6,700,000 7,140,000 1,100,000 340,000 1,240,000 240,000
3,763,778 33,285,725 16,701,308 7,189,804 7,872,145 8,534,827 3,371,547 3,700,696 537,616 153,024 596,166 93,857
Relative [%] 49.8% 49.9% 50.0% 49.8% 50.0% 48.5% 50.3% 51.8% 48.9% 45.0% 48.1% 39.1% 48.4%
Parity Parity check failures in DiSP output checks Absolute 20,000 19,998 20,000 20,000 20,000 20,000 20,000 20,000 20,000 20,000 20,000 20,000
9,922 10,045 10,050 9,974 10,029 10,047 9,997 10,006 10,032 9,958 9,938 9,451
Relative [%] 49.6% 50.2% 50.3% 49.9% 50.1% 50.2% 50.0% 50.0% 50.2% 49.8% 49.7% 47.3% 49.8%
Input to output correlation in Σ
Circuit
Input to output correlation in Average
b22 b19 b18 b17 s38584 s35932 s15850 s13207 c7552 c6288 c5315 c3540
XOR net 0.0252 0.0233 0.0234 0.0204 0.0593 0.4022 0.1390 0.0027 -0.1643 0.1190 0.0906 0.1630 0.07532
DiSP 0.0030 0.0058 0.0063 0.0079 -0.0085 0.0228 0.0208 0.0064 0.0235 0.0422 0.0279 0.0328 0.01591
St. dev. XOR net 0.1025 0.1202 0.1344 0.1225 0.3109 0.0493 0.3283 0.3977 0.3220 0.2201 0.5085 0.3701 0.24887
DiSP 0.0195 0.0454 0.0572 0.0401 0.1321 0.1282 0.1272 0.1467 0.1691 0.1291 0.1838 0.1285 0.10891
Max - Min XOR net 1.3848 1.8891 1.8873 1.7620 2.0000 0.4359 2.0000 2.0000 1.3798 0.7690 2.0000 1.2694 1.56477
DiSP 0.2631 0.8473 1.7375 0.7216 1.4116 0.6693 1.2081 1.6030 1.1415 0.5414 1.1100 0.5407 0.98293
18
04/06/2013
Circuit s35932
Relative dispersion of pattern frequencies Circuit
b22 b19 b18 b17 s38584 s35932 s15850 s13207 c7552 c6288 c5315 c3540
Relative dispersion of pattern frequencies 1 bit patterns 8 bit patterns (disp. bw # 1'ns and # 0's) (disp. bw # each code over 256) plain 4.02% 4.52% 4.96% 4.17% 8.05% 98.00% 25.09% 0.30% 4.52% 12.73% 26.65% 24.71% 18.143%
XOR net 4.21% 5.42% 5.85% 4.47% 9.95% 97.87% 25.16% 12.01% 13.07% 5.35% 33.44% 16.89% 19.473%
DiSP 0.31% 0.38% 0.38% 0.38% 0.64% 5.69% 1.74% 0.73% 3.79% 2.82% 5.85% 5.85% 2.379%
plain 350% 339% 461% 338% 207% 12408% 1476% 381% 371% 172% 1037% 573% 1509.4%
XOR net 233% 122% 367% 102% 94% 12158% 610% 164% 153% 74% 904% 416% 1283.3%
DiSP 147% 95% 258% 70% 63% 6391% 437% 107% 135% 72% 562% 438% 731.2%
19
04/06/2013
CONCLUSIONS
Conclusions
The DiSP structure is simple, area efficient, and does not require keys. The absolute internal state is never scanned-out. Any previous internal state can’t be restored feeding back output. The input vector defines the whole content of the DiSP, making it fully controllable and independent of previous states. Most of errors in internal states propagate easily to output (difference). This improves exponentially with the length of the scan-path. The guesswork necessary to recover the internal state increases exponentially with the length of the scan-path.
20
04/06/2013
Thank you very much for your attention! QUESTIONS?
21
