Transactions on Cryptographic Hardware and Embedded Systems (Sep 2024)

Through the Looking-Glass: Sensitive Data Extraction by Optical Probing of Scan Chains

  • Tuba Kiyan,
  • Lars Renkes,
  • Marvin Sass,
  • Antonio Saavedra,
  • Norbert Herfurth,
  • Elham Amini,
  • Jean-Pierre Seifert

DOI
https://doi.org/10.46586/tches.v2024.i4.541-568
Journal volume & issue
Vol. 2024, no. 4

Abstract

Read online

There is an imminent trade-off between an Integrated Circuit (IC)’s testability and its physical security. While Design for Test (DfT) techniques, such as scan chains make the circuit’s physical behavior at runtime observable and easy to control, these techniques form a lucrative class of attack vectors with the potential to compromise the entire security architecture of the Device under Test (DuT). Moreover, with the rapid development of more complex technologies, the need for integration of DfT techniques even intensifies due to the requirement for faster time-to-market of cutting-edge ICs. In this work, we demonstrate that sensitive data can be extracted from the registers once their locations on the chip are identified by exploiting DfT structures and optically probing them — in this case, scan chains, even after the access to test mode is restricted. Furthermore, we show that also an obfuscated scan chain architecture can be fully reconstructed by using tools and techniques encountered in the Failure Analysis (FA) domain.

Keywords