掃描設計是一種普遍用於提高電路可測性的測試技術 (Design for Testability)。然而，掃描設計亦會導致一種電路安全上的風險：攻擊者可以使用掃描鏈作為後門去竊取電路中的機密資料。常見的防禦方法包括在製造測試後禁用掃描鏈，或使用密鑰對掃描數據進行加密/解密或驗證用戶身份。前者將無法使用現場測試，而後者需要將密鑰儲存在記憶體中，恐仍將面臨記憶體攻擊的威脅。在此篇論文中，我們提出了一個使用動態式密鑰技術之安全性測試架構，該架構可與物理不可複製密鑰(PUF) 結合，以有效抵禦基於掃描設計旁側訊號攻擊以及記憶體冷啟動攻擊。使用此安全架構之系統在執行測試時，只有輸入合法測試向量才能取得真正的測試結果。此外由於本架構系動態地產生測試密鑰，而非將其靜態地儲存至記憶體中，因此不會遭受記憶體攻擊的威脅。我們亦利用PUF為每一顆製造的晶片提供一組獨特的安全測試向量，以進一步保護晶片。分析結果顯示，本架構可以在不犧牲系統性能、可測試性和可診斷性的前提下達到高安全層級。我們進一步提出了一種使用動態式密鑰技術之可暫停且恢復系統運作之矽除錯技術，該技術能與我們的安全性測試架構結合，並使每個中斷點擁有獨特的密鑰，確保只有合法的除錯員能觀察真正的除錯結果。

Design for testability (DFT) technology based on scan chains is widely used to increase the testability of circuits. However, it also leads to a potential security problem that attackers can use scan chains as a backdoor to attack a system. Common methods to defend such attacks include disabling the scan chain after manufacturing test or employing some secret keys to encrypt/decrypt scan data or to verify the identities of users. The former would make in-field impossible and the latter would require storing keys in memory which might also undergo high risk of memory attacks. In this thesis, we propose a dynamic-key secure scan structure that works together with an intrinsic Physical Unclonable Function (PUF) of chips to defend both scan-based and memory attacks while facilitating both manufacturing and in-field testing. A system equipped with this secure structure will shift out true circuit responses only when legal test patterns are shifted into the scan chains. Moreover, since no test key is stored in memory, no memory attacks is possible. We also leverage the PUF to distinct the legal test patterns for different manufactured chips so as to further protect chips. Analysis results show that our protection scheme can achieve a very high security level without sacrificing system performance, testability and diagnosability. We further propose a dynamic-key secure run-pause-resume debug structure that can be incorporated in our secure scan method such that each breakpoint can have its own unique key so as to achieve high security of the debug circuitry.

[1] J. Da Rolt et al., "Test versus security: Past and present," IEEE Trans. Emerg. Topics Comput., vol. 2, no. 1, pp. 50-62, Mar. 2014.
[2] M. Tehranipoor and C. Wang, "Introduction to Hardware Security and Trust," Springer, 2011.
[3] B. Yang, K. Wu, and R. Karri, "Scan based side channel attack on dedicated hardware implementations of data encryption standard," in Proc. Int’l Test Conf., 2004, pp. 339-344.
[4] J. G. Ooi and K. H. Kam, "A proof of concept on defending cold boot attack", in Proc. Asia Symposium on Quality Electronic Design. ASQED, 2009, pp. 330-335.
[5] J. Bauer, M. Gruhn, and F. C. Freiling, "Lest We Forget: Cold-Boot Attacks on Scrambled DDR3 Memory," Digital Investigation, 2016, pp.65-74.
[6] S. F. Yitbarek, M. T. Aga, R. Das, and T. Austin, "Cold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors," in Proc. IEEE International Symposium on High Performance Computer Architecture (HPCA), 2017, pp. 313-324.
[7] J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J.Appelbaum, and E. Felten, "Lest We Remember:Cold Boot Attacks on Encryption Keys," Communications of the ACM, 2009, pp.91-98.
[8] M. Gruhn and T. Muller, "On the Practicability of Cold Boot Attacks," in Proc. International Conference on Availibility, Reliability and Security. Sep. 2013, pp. 390-397.
[9] K. Shamsi and Y. Jin, "Security of emerging non-volatile memories: Attacks and defenses," in Proc. IEEE VLSI Test Symposium (VTS), 2016, pp. 1-4.
[10] S. Skorobogatov, "Fault attacks on secure chips: From glitch to flash," in Proc. Design Security Cryptograph. Algorithms Devices (ECRYPT II), 2011, pp. 1–64.
[11] C. Herder et al., "Physical unclonable functions and applications: A tutorial," Proceedings of IEEE, 2014, pp. 1126–1141.
[12] S. Wei, J. B. Wendt, A. Nahapetian and M. Potkonjak, "Reverse engineering and prevention techniques for physical unclonable functions using side channels," in Proc. ACM/EDAC/IEEE Design Automation Conference (DAC), 2014, pp. 1-6.
[13] C.-C. Wu, M.-H. Kuo and K.-J. Lee, "A Dynamic-Key Secure Scan Structure Against Scan-Based Side Channel and Memory Cold Boot Attacks," in Proc. Asian Test Symposium (ATS), 2018, pp. 48-53.
[14] Sourgen, "Security locks for integrated circuits," US Patent 638459, 1993.
[15] J. Lee, M. Tehranipoor, C. Patel and J. Plusquellic, "Securing Designs against Scan-Based Side-Channel Attacks," IEEE Transactions on Dependable and Secure Computing, 2007, pp. 325-336.
[16] G.-M. Chiu and J. C.-M. Li, "A secure test wrapper design against internal and boundary scan attacks for embedded cores," IEEE Transactions on VLSI Systems, 2012, pp. 126-134.
[17] S. Paul, R. S. Chakraborty, and S. Bhunia, "Vim-scan: A low overhead scan design approach for protection of secret key in scan-based secure chips," in Proc. VLSI Test Symposium (VTS), 2007.
[18] A. Cui, C.-H. Chang, W. Zhou, Y. Zheng, "A New PUF Based Lock and Key Solution for Secure In-field Testing of Cryptographic Chips, " IEEE Transactions on Emerging Topics in Computing (TETC), 2019.
[19] D. Hely, F. Bancel, M. L. Flottes, B. Rouzeyre, M. Renovell, and N. Brard, "Scan design and secure chip," in Proc. IEEE Int. On-Line Testing Symp., 2004, pp. 219-224.
[20] Y. Atobe, S. Youhua, M. Yanagisawa, and N. Togawa, "Secure scan design with dynamically configurable connection," in Proc. Pacific Rim Inter. Symp. on Dependable Computing (PRDC), 2013, pp. 256-262.
[21] J. Lee, M. Tehranipoor and J. Plusquellic, "A Low-Cost Solution for Protecting IPs Against Side-Channel Scan-Based Attacks," in Proc. VLSI Test Symposium (VTS), 2006, pp. 6-9.
[22] A. Cui, Y. Luo, and C. H. Chang, "Static and Dynamic Obfuscations of Scan Data Against Scan-based Side-channel Attacks." in Proc. IEEE Transactions on Information Forensics and Security. 2017, pp. 363-376.
[23] X. Wang, D. Zhang, M. He, D. Su and M. Tehranipoor, "Secure Scan and Test Using Obfuscation Throughout Supply Chain," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, pp. 1867-1880.
[24] M. Da Silva, M. Flottes, G. Di Natale and B. Rouzeyre, "Preventing Scan Attacks on Secure Circuits Through Scan Chain Encryption," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2019, pp. 538-550.
[25] M. Da Silva, E. Valea, M. Flottes, S. Dupuis, G. Di Natale and B. Rouzeyre, "A New Secure Stream Cipher for Scan Chain Encryption," in Proc. IEEE International Verification and Security Workshop (IVSW), 2018, pp. 68-73.
[26] L. Guan, J. Lin, B. Luo, J. Jing, and J. Wang, "Protecting private keys against memory disclosure attacks using hardware transactional memory," in Proc. IEEE Symposium on Security and Privacy. SP’15, 2015, pp. 3-19.
[27] José L. Ayala, "Communication Architectures for Systems-on-Chip," USA: CRC Press , 2017, ch.8.
[28] S. Chhabra and Y. Solihin, "i-nvmm: A secure non-volatile main memory system with incremental encryption," in Proc. International Symposium on Computer Architecture (ISCA), 2011, pp. 177-188.
[29] X. Zhang, C. Zhang, G. Sun, J. Di and T. Zhang, "An efficient run-time encryption scheme for non-volatile main memory," in Proc. International Conference on Compilers, Architecture and Synthesis for Embedded Systems (CASES), 2013, pp. 1-10.
[30] Y. Dodis, R. Ostrovsky, L. Reyzin and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," SIAM J. Comput., 2008, pp. 97–139.
[31] Daihyun Lim, J. W. Lee, B. Gassend, G. E. Suh, M. van Dijk and S. Devadas, "Extracting secret keys from integrated circuits," IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2005, pp. 1200-1205.
[32] R. Maes, V. Rozic, I. Verbauwhede, P. Koeberl, E. van der Sluis and V. van der Leest, "Experimental evaluation of Physically Unclonable Functions in 65 nm CMOS," in Proc. ESSCIRC, 2012, pp. 486-489.
[33] Synopsys, "Antifuse-Based Split-Channel 1T-Fuse Bit Cell for OTP NVM IP," Available: https://www.synopsys.com/dw/ipdir.php?ds=nvm_1t-bit-cell
[34] L-T. Wang, C.-W. Wu, and X. Wen, "VLSI Test Principles And Architectures: Design for Testability," Morgan Kaufmann Pub, 2006, ch.5.
[35] D. Hely, F. Bancel, M. L. Flottes and B. Rouzeyre, "Test control for secure scan designs," in Proc. European Test Symposium (ETS), 2005, pp. 190-195.
[36] S. S. Ali, S. M. Saeed, O. Sinanoglu, and R. Karri, "New scan-based attack using only the test mode," in Proc. IEEE VLSI-SoC, 2013, pp. 234-239.
[37] L. Azriel, R. Ginosar, and A. Mendelson, "Exploiting the scan side channel for reverse engineering of a VLSI device," Tech. Rep., Israel Inst. Technol. Haifa, Israel, CCIT #897, 2016.
[38] OpenCores, Available: http://opencores.org/
[39] A. Cui, Y. Luo, H. Li, and G. Qu, "Why current secure scan designs fail and how to fix them?" Integration, the VLSI Journal, vol. 56, 2017.
[40] M. Alioto, "Trends in Hardware Security: From Basics to ASICs," in Proc. IEEE Solid-State Circuits Magazine, 2019, pp. 56-74.
[41] R. Maes, "Physically Unclonable Functions: Constructions, Properties and Applications, " Springer, 2013.
[42] Green IC, "Physically Unclonable Function database," Available: http://www.green-ic.org/pufdb
[43] M.-Y. Wu, T.-H. Yang, L.-C. Chen, C.-C. Lin, H.-C. Hu, F.-Y. Su, C.-M. Wang, J. Huang, H.-M. Chen, C.-H. Lu, C.-S. Yang and S.-J. Shen, "A PUF scheme using competing oxide rupture with bit error rate approaching zero," in Proc. IEEE International Solid-State Circuits Conference (ISSCC), 2018, pp. 130-132.
[44] W. Wang, Y. Yona, Y. Wu, S. Hung, S. Diggavi and P. Gupta, "Implementation of stable PUFs using gate oxide breakdown," in Proc. Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2017, pp. 13-18.
[45] U. Chandran and D. Zhao, "SS-KTC: A High-Testability Low-Overhead Scan Architecture with Multi-level Security Integration," in Proc. IEEE VLSI Test Symposium (VTS), 2009, pp. 321-326.
[46] W. Li, J. Ye, X. Li, H. Li and Y. Hu, "Bias PUF based Secure Scan Chain Design," in Proc. Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2018, pp. 31-36.
[47] A. Das, Ü. Kocabaş, A. Sadeghi and I. Verbauwhede, "PUF-based secure test wrapper design for cryptographic SoC testing," in Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2012, pp. 866-869.
[48] Cadence, "JasperGold Formal Verification Platform (Apps)," Available: https://www.cadence.com/zh_TW/home/tools/system-design-and-verification/formal-and-static-verification/jasper-gold-verification-platform.html?fbclid=IwAR3IgTHXucaXLVYpJjoyQw5fHcMYfOvDR_O1i6WTLaRJ3gEn79BjkZ3Q7eA
[49] G. K. Contreras, A. Nahiyan, S. Bhunia, D. Forte and M. Tehranipoor, "Security vulnerability analysis of design-for-test exploits for asset protection in SoCs," Asia and South Pacific Design Automation Conference (ASP-DAC), 2017, pp. 617-622.
[50] N. Farzana, F. Rahman, M. Tehranipoor and F. Farahmandi, "SoC Security Verification using Property Checking," IEEE International Test Conference (ITC), 2019, pp. 1-10.
[51] A.B.T. Hopkins and K.D. McDonald-Maier, “Debug Support forComplex Systems On-Chip: a Review,“ IEE Proceedings- Computers and Digital Techniques, pp. 197-207, 2006.
[52] B. Vermeulen, “Functional Debug Techniques for Embedded Systems,” IEEE Trans. Design & Test of Computers, pp. 208-215, 2008.
[53] P. Komari and R. Vemuri, "A novel simulation based approach for trace signal selection in silicon debug," in Proc. Int’l Conf. on Computer Design, 2016, pp. 193-200.
[54] B. Vermeulen and K. Goossens, “Interactive Debug of SoCs with Multiple Clocks,” IEEE Trans. Design & Test of Computers, pp. 44-51, 2011.
[55] S. Hong and K. Lee, "A run-pause-resume silicon debug technique with cycle granularity for multiple clock domain systems," in Proc. IEEE International Test Conference (ITC), 2017, pp. 1-10.
[56] L.-Y. Lu, C.-Y. Chang, Z.-H. Chen, B.-T. Yeh, T.-H. Lu, P.-Y. Chen, P.-H. Tang, K.-J. Lee, L.-Y. Chiou, S.-J. Chang, C.-H. Tsai, C.-H. Chen, and J.-M. Lin, "A testable and debuggable dual-core system with thermal-aware dynamic voltage and frequency scaling," in Proc. Asia and South Pacific Design Automation Conf., 2016, pp. 17-18.
[57] A. Cui, M. Li, G. Qu and H. Li, "A Guaranteed Secure Scan Design based on Test Data Obfuscation by Cryptographic Hash," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2020.
[58] M. A. Razzaq, V. Singh, and A. Singh, “SSTKR: Secure and testable scan design through test key randomization,” in Proc. IEEE Asian Test Symp (ATS), pp. 60–65, 2011.
[59] H.-C. Chen, C.-R. Wu, K. S.-M. Li and K.-J. Lee, "A breakpoint-based silicon debug technique with cycle-granularity for handshake-based SoC," in Proc. Design, Automation & Test in Europe, pp. 1281-1284, 2015.
[60] Xinmiao Zhang and K. K. Parhi, "High-speed VLSI architectures for the AES algorithm," in Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp. 957-967, 2004.