隨著積體電路（IC）日益複雜，IEEE Std. 1149.1、IEEE Std. 1500、IEEE Std. 1687 與 IEEE Std. 1838 等標準測試架構已成為驗證、除錯與故障分析的重要基礎。儘管這些標準提升了測試可達性，但同時也帶來了嚴重的安全風險。攻擊者可利用測試存取埠（TAP）介面高度的可控制性與可觀測性，來竊取機敏資料、操控內部暫存器，甚至破壞電路完整性。即使是近期所提出的防護機制，在面對不可信測試工程師等場景時仍存在弱點。為解決上述問題，本研究提出一套結合掃描加密與認證的架構，透過加密保護掃描資料的機密性，防止未授權的觀測行為。此外，我們採用一種迭代式的驗證機制，使每筆測試向量的驗證並非獨立執行，而是作為一連串序列驗證流程的一部分。每筆測試資料的認證金鑰會根據其內部切分結果與先前驗證結果動態生成，形成具狀態性與累積性的鏈式驗證架構，進而確保即使為相同的測試向量，在先前不同驗證輸入下也會產生不同的驗證結果。
實驗結果顯示，所提出的方法能有效抵禦現有攻擊技術，並具備高度的安全性表現。

As ICs become increasingly complex, standard test infrastructures such as IEEE Std. 1149.1, IEEE Std. 1500, IEEE Std. 1687 and IEEE Std.1838 have become essential for verification, debugging, and failure analysis. While these standards improve test accessibility, they also introduce serious security risks. Attackers can exploit the high controllability and observability of the test access port (TAP) interface to extract sensitive data, manipulate internal registers, or compromise circuit integrity. Even the latest proposed protection methods remain vulnerable, particularly in scenarios involving untrusted test engineers. To address these concerns, we propose a scheme that integrates scan encryption to protect the confidentiality of scan data by preventing unauthorized observation. In addition, we adopt an iterative authentication mechanism in which each test pattern is validated not in isolation but as part of a sequential verification process. The authentication key for each pattern is dynamically generated based on its internal segmentation and the outcome of prior validations. This stateful and accumulative approach forms a chained validation structure, ensuring that even identical patterns produce different authentication results under different histories. The experimental results show that the proposed method effectively defends against existing attack techniques and ensures high-security performance.

[1]IEEE Standard for Test Access Port and Boundary-Scan Architecture—Redline, IEEE Standard 1149.1-2013, May 2013.
[2]IEEE Standard for Access and Control of Instrumentation Embedded within a Semiconductor Device, IEEE Std 1687-2014, 2014.
[3]IEEE Standard Testability Method for Embedded Core-based Integrated Circuits, IEEE Std 1500-2022, Oct. 2022.
[4]E. Valea, M. Da Silva, G. Di Natale, M. -L. Flottes and B. Rouzeyre, "A Survey on Security Threats and Countermeasures in IEEE Test Standards," IEEE Design & Test, vol. 36, no. 3, pp. 95-116, June 2019.
[5]REN, Xuanle. IC protection against JTAG/IJTAG-based attacks. 2019. PhD Thesis. Universidade do Porto (Portugal).
[6]A.Chakraborty et al., “Key note:A disquisition on logic locking,”IEEE
TCAD,vol.39,pp.1952–1972,2019.
[7]M. Da Silva, M.-L. Flottes, G. Di Natale, and B. Rouzeyre, “Preventing Scan Attacks on Secure Circuits Through Scan Chain Encryption,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 38, pp. 538–550, mar 2019.
[8]E. Valea, M. D. Silva, M. -L. Flottes, G. D. Natale and B. Rouzeyre, "Encryption-Based Secure JTAG," in Proc. IEEE 22nd International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS), Cluj-Napoca, Romania, 2019, pp. 1-6.
[9]S. S. Ali, S. M. Saeed, O. Sinanoglu, and R. Karri, "Novel Test-Mode-Only Scan Attack and Countermeasure for Compression-Based Scan Architectures," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 5, pp. 808-821, May 2015.
[10]E. Valea, M. Da Silva, G. Di Natale, M. -L. Flottes and B. Rouzeyre, "A Survey on Security Threats and Countermeasures in IEEE Test Standards," IEEE Design & Test, vol. 36, no. 3, pp. 95-116, June 2019.
[11]F. Majeric, B. Gonzalvo, and L. Bossuet, "JTAG Combined Attack - Another Approach for Fault Injection," in Proc. IFIP International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, Cyprus, 2016, pp. 1-5.
[12]J. Dworak, A. Crouch, J. Potter, A. Zygmontowicz and M. Thornton, "Don't forget to lock your SIB: hiding instruments using P1687," in Proc. IEEE International Test Conference (ITC), Anaheim, CA, USA, 2013, pp. 1-10.
[13]A. Das, J. Da Rolt, S. Ghosh, S. Seys, S. Dupuis, G. Di Natale, M.-L. Flottes, B. Rouzeyre, and I. Verbauwhede, "Secure JTAG implementation using schnorr protocol," J. Electron. Test., vol. 29, no. 2, pp. 193–209, Apr. 2013.
[14]A. Das, Ü. Kocabaş, A. Sadeghi and I. Verbauwhede, "PUF-based secure test wrapper design for cryptographic SoC testing," in Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, 2012, pp. 866-869.
[15]S. Lapeyre, N. Valette, M. Merandat, M. . -L. Flottes, B. Rouzeyre, and A. Virazel, "A Lightweight, Plug-and-Play and Autonomous JTAG Authentication IP for Secure Device Testing," in Proc. IEEE European Test Symposium (ETS), Barcelona, Spain, 2022, pp. 1-4.
[16]S. Wang et al., "SASL-JTAG: A Light-Weight Dependable JTAG," in Proc. IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), Juan-Les-Pins, France, 2023, pp. 1-3.
[17]S. Kan and J. Dworak, "IJTAG Integrity Checking with Chained Hashing," 2018 IEEE International Test Conference (ITC), Phoenix, AZ, USA, 2018, pp. 1-10, doi: 10.1109/TEST.2018.8624777.
[18]C. De Canniere & B. Preneel (2005). TRIVIUM Specifications. ECRYPT Stream Cipher Project, Report, 30, 2005.
[19]G. Zhou and H. Michalik, “Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs,” in Reconfigurable Computing: Architectures, Tools and Applications, 2009, pp. 193–203.
[20]P. Slpsk, S. Ray, and S. Bhunia, “Treehouse: A secure asset manage ment infrastructure for protecting 3dic designs,” IEEE Transactions on Computers, 2023.
[21]E. Valea, M. Da Silva, M.-L. Flottes, G. Di Natale, and B. Rouzeyre, “Stream vs block ciphers for scan encryption,” Microelectronics Journal, vol. 86, pp. 65–76, Apr. 2019.
[22]MCGREW, David; VIEGA, John. The Galois/counter mode of operation (GCM). submission to NIST Modes of Operation Process, 2004, 20: 0278-0070.
[23]BELLARE, Mihir; ROGAWAY, Phillip. Provably secure session key distribution: the three party case. In: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing. 1995. p. 57-66.
[24]S. F. Yitbarek, M. T. Aga, R. Das, and T. Austin, "Cold boot attacks are still hot: Security analysis of memory scramblers in modern processors," in Proc. IEEE Int. Symp. High Perform. Comput. Archit. (HPCA), Feb. 2017, pp. 313–324.
[25]X. Wang, D. Zhang, M. He, D. Su, and M. Tehranipoor, "Secure Scan and Test Using Obfuscation Throughout Supply Chain," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 37, no. 9, pp. 1867-1880, Sept. 2018.
[26]M. Tehranipoor and C. Wang, Introduction to Hardware Security and Trust, Springer, 2011, ch.7, ch.8, and ch.11.
[27]P. Subramanyan, S. Ray and S. Malik, "Evaluating the security of logic encryption algorithms," IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA, 2015, pp. 137-143.
[28]L. Alrahis et al., "ScanSAT: Unlocking Static and Dynamic Scan Obfuscation," in IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 4, pp. 1867-1882, 1 Oct.-Dec. 2021, doi: 10.1109/TETC.2019.
[29]N. Limaye and O. Sinanoglu, "DynUnlock: Unlocking Scan Chains Obfuscated using Dynamic Keys," in Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 2020, pp. 270-273.
[30]Syntacore. SCR1. [Online]. Available: https://github.com/syntacore/scr1
[31]P. Syverson, "A taxonomy of replay attacks," Proceedings The Computer Security Foundations Workshop VII, pp. 187-191, 1994.
[32]Nikhil Chawla, Chen Liu, Abhishek Chakraborty, Igor Chervatyuk, Ke Sun, Thais Moreira Hamasaki, Henrique Kawakami (2023). Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems [Online]. Available: https://arxiv.org/abs/2306.16391.
[33]R. Spreitzer, V. Moonsamy, T. Korak and S. Mangard, "Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices," in IEEE Communications Surveys & Tutorials, vol. 20, no. 1, pp. 465-488, Firstquarter 2018.
[34]R. Nara, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "A scan-based attack based on discriminators for AES cryptosystems," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 92, no. 12, pp. 3229–3237, 2009.
[35]S. Jang, Y. Moon, D. Won and S. Kang, "PASS: Pattern-Sequence-Authentication-Based Secure Scan Against Reverse Engineering Attacks," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 44, no. 1, pp. 52-64, Jan. 2025
[36]G. -R. Chen and K. -J. Lee, "A Universal Sequential Authentication Scheme for TAPC-Based Test Standards," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, doi: 10.1109/TVLSI.2025.