New scan-based attack using only the test mode

Sk Subidh Ali; Ozgur Sinanoglu; Samah Mohamed Saeed; Ramesh Karri

doi:10.1109/VLSI-SoC.2013.6673281

New scan-based attack using only the test mode

Sk Subidh Ali, Ozgur Sinanoglu, Samah Mohamed Saeed, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Scan attack is a threat to crypto-chips. An attacker can leverage the test mode of the chip and control the scan chains in order to reveal the secret key. One solution for this kind of attacks is to hamper the ability to switch the device from normal mode to test mode and corrupt the data in the scan cells. If the device is reset each time it switches the mode from normal to test, all existing attacks can be thwarted. We propose a new scan-based attack by controlling only the scan chains and demonstrate it on the AES hardware. The attack uses only the test mode of the hardware and it does not require switching between normal and test mode. The attack will work even in the presence of mode blocking countermeasure. The attack requires only 375 test vectors with an attack time complexity around 2^12.58.

Original language	English (US)
Title of host publication	2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings
Publisher	IEEE Computer Society
Pages	234-239
Number of pages	6
ISBN (Print)	9781479905249
DOIs	https://doi.org/10.1109/VLSI-SoC.2013.6673281
State	Published - 2013
Event	2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Istanbul, Turkey Duration: Oct 7 2013 → Oct 9 2013

Publication series

Name	IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC
ISSN (Print)	2324-8432
ISSN (Electronic)	2324-8440

Other

Other	2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013
Country/Territory	Turkey
City	Istanbul
Period	10/7/13 → 10/9/13

Keywords

AES
Scan Attack
Scan Chain
Scan-based DFT
Security
Testability

ASJC Scopus subject areas

Hardware and Architecture
Software
Electrical and Electronic Engineering

Access to Document

10.1109/VLSI-SoC.2013.6673281

Cite this

Ali, S. S., Sinanoglu, O., Saeed, S. M., & Karri, R. (2013). New scan-based attack using only the test mode. In 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings (pp. 234-239). [6673281] (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC). IEEE Computer Society. https://doi.org/10.1109/VLSI-SoC.2013.6673281

New scan-based attack using only the test mode. / Ali, Sk Subidh; Sinanoglu, Ozgur; Saeed, Samah Mohamed et al.

2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings. IEEE Computer Society, 2013. p. 234-239 6673281 (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ali, SS, Sinanoglu, O, Saeed, SM & Karri, R 2013, New scan-based attack using only the test mode. in 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings., 6673281, IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC, IEEE Computer Society, pp. 234-239, 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013, Istanbul, Turkey, 10/7/13. https://doi.org/10.1109/VLSI-SoC.2013.6673281

@inproceedings{32f02aa909994d35961b5d623e8c7256,

title = "New scan-based attack using only the test mode",

abstract = "Scan attack is a threat to crypto-chips. An attacker can leverage the test mode of the chip and control the scan chains in order to reveal the secret key. One solution for this kind of attacks is to hamper the ability to switch the device from normal mode to test mode and corrupt the data in the scan cells. If the device is reset each time it switches the mode from normal to test, all existing attacks can be thwarted. We propose a new scan-based attack by controlling only the scan chains and demonstrate it on the AES hardware. The attack uses only the test mode of the hardware and it does not require switching between normal and test mode. The attack will work even in the presence of mode blocking countermeasure. The attack requires only 375 test vectors with an attack time complexity around 212.58.",

keywords = "AES, Scan Attack, Scan Chain, Scan-based DFT, Security, Testability",

author = "Ali, {Sk Subidh} and Ozgur Sinanoglu and Saeed, {Samah Mohamed} and Ramesh Karri",

year = "2013",

doi = "10.1109/VLSI-SoC.2013.6673281",

language = "English (US)",

isbn = "9781479905249",

series = "IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC",

publisher = "IEEE Computer Society",

pages = "234--239",

booktitle = "2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings",

note = "2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 ; Conference date: 07-10-2013 Through 09-10-2013",

}

TY - GEN

T1 - New scan-based attack using only the test mode

AU - Ali, Sk Subidh

AU - Sinanoglu, Ozgur

AU - Saeed, Samah Mohamed

AU - Karri, Ramesh

PY - 2013

Y1 - 2013

N2 - Scan attack is a threat to crypto-chips. An attacker can leverage the test mode of the chip and control the scan chains in order to reveal the secret key. One solution for this kind of attacks is to hamper the ability to switch the device from normal mode to test mode and corrupt the data in the scan cells. If the device is reset each time it switches the mode from normal to test, all existing attacks can be thwarted. We propose a new scan-based attack by controlling only the scan chains and demonstrate it on the AES hardware. The attack uses only the test mode of the hardware and it does not require switching between normal and test mode. The attack will work even in the presence of mode blocking countermeasure. The attack requires only 375 test vectors with an attack time complexity around 212.58.

AB - Scan attack is a threat to crypto-chips. An attacker can leverage the test mode of the chip and control the scan chains in order to reveal the secret key. One solution for this kind of attacks is to hamper the ability to switch the device from normal mode to test mode and corrupt the data in the scan cells. If the device is reset each time it switches the mode from normal to test, all existing attacks can be thwarted. We propose a new scan-based attack by controlling only the scan chains and demonstrate it on the AES hardware. The attack uses only the test mode of the hardware and it does not require switching between normal and test mode. The attack will work even in the presence of mode blocking countermeasure. The attack requires only 375 test vectors with an attack time complexity around 212.58.

KW - AES

KW - Scan Attack

KW - Scan Chain

KW - Scan-based DFT

KW - Security

KW - Testability

UR - http://www.scopus.com/inward/record.url?scp=84899568488&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84899568488&partnerID=8YFLogxK

U2 - 10.1109/VLSI-SoC.2013.6673281

DO - 10.1109/VLSI-SoC.2013.6673281

M3 - Conference contribution

AN - SCOPUS:84899568488

SN - 9781479905249

T3 - IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC

SP - 234

EP - 239

BT - 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013 - Proceedings

PB - IEEE Computer Society

T2 - 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration, VLSI-SoC 2013

Y2 - 7 October 2013 through 9 October 2013

ER -

New scan-based attack using only the test mode

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this