Test-mode-only scan attack and countermeasure for contemporary scan architectures

Samah Mohamed Saeed, Sk Subidh Ali, Ozgur Sinanoglu, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Scan design is a de facto design-for-testability technique that enhances access during the manufacturing test process. However, it can also be exploited to leak secret information off a secure chip. A mode-reset countermeasure has been used to thwart all the existing scan attacks, as they all rely on switching between the test and normal modes. Recently, the countermeasure was circumvented by a new scan attack that utilizes only the test mode to identify the secret key of an AES chip. However, this test-mode-only attack has overlooked the other test structures, such as a decompressor and a compactor, on the scan path, which act as fortuitous countermeasures against test-mode-only scan attacks. In this work, we present a scan attack analysis for contemporary scan architectures with a stimulus decompressor unit. A stimulus decompressor poses a challenge for the test-mode-only attack, as the bit-flips required to launch the attack may not be created through the decompressor. The problem bears similarities to the test pattern encodability problem, where certain test cubes cannot be delivered due to the correlation induced by the stimulus decompressor. This paper sheds light to the intrinsic connections between the scan attack and the test pattern encodability problem, and presents a new test-mode-only scan attack in the presence of a decompressor of any type. Our analysis on an AES design shows that the proposed attack is successful for contemporary scan architectures. We also propose countermeasures that diminish the success of the proposed attack.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE International Test Conference, ITC 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781479947225
StatePublished - Feb 6 2015
Event45th IEEE International Test Conference, ITC 2014 - Seattle, United States
Duration: Oct 21 2014Oct 23 2014

Publication series

NameProceedings - International Test Conference
ISSN (Print)1089-3539


Other45th IEEE International Test Conference, ITC 2014
Country/TerritoryUnited States


  • AES
  • Decompressor
  • Scan Attack
  • Scan Chain
  • Scan-based DFT
  • Security
  • Testability

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Applied Mathematics


Dive into the research topics of 'Test-mode-only scan attack and countermeasure for contemporary scan architectures'. Together they form a unique fingerprint.

Cite this