Novel test-mode-only scan attack and countermeasure for compression-based scan architectures

Sk Subidh Ali, Samah M. Saeed, Ozgur Sinanoglu, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


Scan design is a de facto design-for-testability (DfT) technique that enhances access during manufacturing test process. However, it can also be used as a back door to leak secret information from a secure chip. In existing scan attacks, the secret key of a secure chip is retrieved by using both the functional mode and the test mode of the chip. These attacks can be thwarted by applying a reset operation when there is a switch of mode. However, the mode-reset countermeasure can be thwarted by using only the test mode of a secure chip. In this paper, we perform a detailed analysis on the test-mode-only scan attack. We propose attacks on an advanced encryption standard (AES) design with a basic scan architecture as well as on an AES design with an advanced DfT infrastructure that comprises decompressors and compactors. The attack results show that indeed the secure chips are vulnerable to test-mode-only attacks. The secret key can be recovered within 1 s even in the presence of decompressors and compactors. We then propose new countermeasures to thwart these attacks. The proposed countermeasures incur minimal cost while providing high success rate.

Original languageEnglish (US)
Article number7027810
Pages (from-to)808-821
Number of pages14
JournalIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Issue number5
StatePublished - May 1 2015


  • AES
  • Decompressor
  • Scan Attack
  • Scan Chain
  • Scan-based DfT
  • Security
  • Testability

ASJC Scopus subject areas

  • Software
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering


Dive into the research topics of 'Novel test-mode-only scan attack and countermeasure for compression-based scan architectures'. Together they form a unique fingerprint.

Cite this