掃描設計是一種普遍用於測試的設計(design for test)，其可利用加入掃描鏈以增加待測試電路之可觀察性以及控制性。然而，掃描設計亦會導致一種電路安全上的風險，也就是攻擊者會將掃描設計當作一個後門去竊取電路中的機密資料，例如加密電路中所使用的密鑰。許多研究者嘗試利用身分驗證之概念來開發安全性測試架構以解決此問題，這些方法通常都會使用增加另外的密鑰以確認使用者身分。但此類傳統方法均只使用單一且固定的一組密鑰，另外更會將其或者運算時產生之中間資料存於電路內部，此種作法亦會使電路處於易被攻擊之風險下。因此在此篇論文中，我們提出了一個使用動態式密鑰技術之安全性測試架構，可在不影響電路之可測性的同時防禦基於掃描設計旁側訊號攻擊以及記憶體冷啟動攻擊，主要方法為建構一可動態產生密鑰之測試密鑰產生器，並且不會將密鑰靜態儲存於電路內部。在執行測試時，只有正確經認證過之測試向量可以建構出正確之密鑰進而有效的對電路進行測試，因此，當攻擊者掃入其自行設計之攻擊性測試向量時，將無法觀察到正確的測試結果，也不得從記憶體或密鑰暫存器中竊取密鑰。此架構可達到高安全層級，並且由於其動態產生之特性，安全層級不會隨著攻擊者之猜測密鑰次數而降低。

Scan design is a universal design for test (DFT) technology to increase the observability and controllability of the circuits under test by using scan chains. However, it also leads to a potential security problem that attackers can use scan design as a backdoor to extract confidential information. Researchers have tried to address this problem by using secure scan structures that usually have some keys to confirm the identities of users. However, the traditional methods to store intermediate data or keys in memory are also under high risk of being attacked. In this work, we propose a dynamic-key secure DFT structure that can defend scan-based and memory attacks without decreasing the system performance and the testability. The main idea is to build a scan design key generator that can generate the keys dynamically instead of storing and using keys in the circuit statically. Only the correct test patterns provided by the designer are valid to construct the keys and hence the attackers cannot shift in any other patterns to extract correct internal response from the scan chains or retrieve the keys from memory. Analysis results show that the proposed method can achieve a very high security level and the security level will not decrease no matter how many rounds the attackers have tried due to the dynamic nature of our method.

[1] J. Da Rolt et al., "Test versus security: Past and present," IEEE Trans. Emerg. Topics Comput., vol. 2, no. 1, pp. 50-62, Mar. 2014.
[2] M. Tehranipoor and C. Wang, Introduction to Hardware Security and Trust. New York: Springer, 2011.
[3] B. Yang, K. Wu, and R. Karri, "Scan based side channel attack on dedicated hardware implementations of data encryption standard," in Proc. ITC, Oct. 2004, pp. 339-344.
[4] J. G. Ooi and K. H. Kam, "A proof of concept on defending cold boot attack", in Proc. Asia Symposium on Quality Electronic Design. ASQED, Jul. 2009, pp. 330-335.
[5] J. Bauer, M. Gruhn, and F. C. Freiling, "Lest We Forget: Cold-Boot Attacks on Scrambled DDR3 Memory," Digital Investigation, vol. 16, pp.65-74, March 2016.
[6] S. F. Yitbarek, M. T. Aga, R. Das, and T. Austin, "Cold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors," in Proc. IEEE International Symposium on High Performance Computer Architecture. HPCA, Feb. 2017, pp. 313-324.
[7] J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J.Appelbaum, and E. Felten, "Lest We Remember:Cold Boot Attacks on Encryption Keys," Communications of the ACM, vol. 52, no. 5, pp.91-98, May. 2009.
[8] M. Gruhn and T. Muller, "On the Practicability of Cold Boot Attacks," in Proc. International Conference on Availibility, Reliability and Security. Sep. 2013, pp. 390-397.
[9] Datasheet-High Performance DES and Triple DES core for ASIC, 2003, [online] http://www.heliontech.com!downlads/des_asic_helioncore.pdf.
[10] Atmel 32-bit Embedded Core Peripheral: DES, [online] http://www.atmel.com!dyn/resources/prod_documents/doc1351.pdf.
[11] Sourgen, Security locks for integrated circuits, US Patent 638459, 1993
[12] B. Yang, R. Karri, and K. Wu, 'Secure Scan: A Design for-Test Architecture for Crypto Chips,' in Proc. Design Automation Conf., June 2005, pp. 135-140.
[13] G.-M. Chiu and J. C.-M. Li, "A secure test wrapper design against internal and boundary scan attacks for embedded cores," IEEE Transactions on VLSI Systems, vol. 20, no. 1, pp. 126-134, Jan. 2012.
[14] S. Paul, R. S. Chakraborty, and S. Bhunia, “Vim-scan: A low overhead scan design approach for protection of secret key in scan-based secure chips,” in IEEE VTS, 2007.
[15] D. Hely, F. Bancel, M. L. Flottes, B. Rouzeyre, M. Renovell, and N. Brard, "Scan design and secure chip," in Proc. IEEE Int. On-Line Testing Symp., July 2004, pp. 219-224.
[16] M. Oya, Y. Atobe, Y. Shi, M. Yanagisawa and N. Togawa, "Secure scan design using improved random order and its evaluations," in Proc. IEEE Asia Pacific Conference on Circuits and Systems. Nov. 2014, pp. 555-558.
[17] J. Lee, M. Tehranipoor and J. Plusquellic, "A Low-Cost Solution for Protecting IPs Against Side-Channel Scan-Based Attacks," in Proc. VLSI Test Symposium, May 2006, pp. 6-9.
[18] L. Guan, J. Lin, B. Luo, J. Jing, and J. Wang, "Protecting private keys against memory disclosure attacks using hardware transactional memory," in Proc. IEEE Symposium on Security and Privacy. SP’15, May 2015, pp. 3-19.
[19] José L. Ayala, Communication Architectures for Systems-on-Chip. USA: CRC Press , 2017, ch.8.
[20] L-T. Wang, C.-W. Wu, and X. Wen, VLSI Test Principles And Architectures: Design for Testability. USA: Morgan Kaufmann Pub, 2006, ch.5.
[21] S. S. Ali, S. M. Saeed, O. Sinanoglu, and R. Karri, “New scan-based attack using only the test mode,” in Proc. IEEE VLSI-SoC, Oct. 2013, pp. 234-239.
[22] L. Azriel, R. Ginosar, and A. Mendelson, “Exploiting the scan side channel for reverse engineering of a VLSI device,” Techn., Israel Inst. Technol., Haifa, Israel, Tech. Rep. CCIT #897, 2016.
[23] A. Cui, Y. Luo, and C. H. Chang, "Static and Dynamic Obfuscations of Scan Data Against Scan-based Side-channel Attacks." in Proc. IEEE Transactions on Information Forensics and Security. Feb 2017, pp. 363-376.