Test-mode-only scan attack and countermeasure for contemporary scan architectures

Abstract

Scan design is a de facto design-for-testability technique that enhances access during the manufacturing test process. However, it can also be exploited to leak secret information off a secure chip. A mode-reset countermeasure has been used to thwart all the existing scan attacks, as they all rely on switching between the test and normal modes. Recently, the countermeasure was circumvented by a new scan attack that utilizes only the test mode to identify the secret key of an AES chip. However, this test-mode-only attack has overlooked the other test structures, such as a decompressor and a compactor, on the scan path, which act as fortuitous countermeasures against test-mode-only scan attacks. In this work, we present a scan attack analysis for contemporary scan architectures with a stimulus decompressor unit. A stimulus decompressor poses a challenge for the test-mode-only attack, as the bit-flips required to launch the attack may not be created through the decompressor. The problem bears similarities to the test pattern encodability problem, where certain test cubes cannot be delivered due to the correlation induced by the stimulus decompressor. This paper sheds light to the intrinsic connections between the scan attack and the test pattern encodability problem, and presents a new test-mode-only scan attack in the presence of a decompressor of any type. Our analysis on an AES design shows that the proposed attack is successful for contemporary scan architectures. We also propose countermeasures that diminish the success of the proposed attack.