Abstract

Scan based DfT is indispensable for IC testing in the semiconductor chip industry to ensure correctness of chip, both functionally and structurally. Since a higher degree of fault coverage is essential, cryptographic ICs rely on it as a standard technique during manufacturing test. Yet an invaluable tradeoff needs to be met between security and testability, because it is the observability and controllability of the sequential memory elements in the scan chain which are enhanced to facilitate testing. Well designed differential scan attacks which make use of this feature can prove to be critically pervasive to leak secret keys embedded in cryptochips. Use of response compactors ensure test cost reduction. Existing differential scan attacks target Hamming weight pairs that are unique. The motivation of our work lies in the fact that carefully fabricating additional bits in order to transform a unique Hamming weight to a non-unique one, existing attacks can be defended. In this paper, we propose Co-relation scan attack (COSAA) on AES crypto-system which can work even in the presence of test response compaction. We show our attack technique to be lethal against any possible Hamming weight model which means that the designer needs to prevent the circuit under test from a relatively broader attack surface. Our experiments show the proposed attack can successfully recover the secret key of AES with XOR compaction in 24 milliseconds using an average desktop machine.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.