Co-relation scan attack analysis (COSAA) on AES: A comprehensive approach

Abstract

Scan based DfT is indispensable for IC testing in the semiconductor chip industry to ensure correctness of chip, both functionally and structurally. Since a higher degree of fault coverage is essential, cryptographic ICs rely on it as a standard technique during manufacturing test. Yet an invaluable tradeoff needs to be met between security and testability, because it is the observability and controllability of the sequential memory elements in the scan chain which are enhanced to facilitate testing. Well designed differential scan attacks which make use of this feature can prove to be critically pervasive to leak secret keys embedded in cryptochips. Use of response compactors ensure test cost reduction. Existing differential scan attacks target Hamming weight pairs that are unique. The motivation of our work lies in the fact that carefully fabricating additional bits in order to transform a unique Hamming weight to a non-unique one, existing attacks can be defended. In this paper, we propose Co-relation scan attack (COSAA) on AES crypto-system which can work even in the presence of test response compaction. We show our attack technique to be lethal against any possible Hamming weight model which means that the designer needs to prevent the circuit under test from a relatively broader attack surface. Our experiments show the proposed attack can successfully recover the secret key of AES with XOR compaction in 24 milliseconds using an average desktop machine.