IEEE Access (Jan 2021)
A Secure Scan Architecture Protecting Scan Test and Scan Dump Using Skew-Based Lock and Key
Abstract
Scan-based Design for Testability (DFT) is widely used in industry as it consistently provides high fault coverage. However, scan-based DFT is prone to security vulnerabilities where attackers use the scan design to obtain secret information from the system-on-chip. Existing countermeasures for such attacks contribute to enhancing the security of the scan design but cannot prevent the loss of debuggability because scan dumps are also treated as a type of attack even though they provide debuggers with high observability after a chip has been packaged. Therefore, it is necessary for secure scan architectures to effectively defend various existing attacks without losing the debuggability of the scan dump. In this paper, we propose a secure scan architecture using a skew-based lock and key to enhance the security of the scan design while maintaining the debuggability of the scan dump. The proposed architecture builds up an invisible barrier against the attacker by combining the physical information into a lock and key scheme. While the security is improved effectively with the new barrier by only a few key flip-flops, the scan dump, which has been treated as an attack, is protected separately in the acquisition and analysis steps using secure software in the proposed architecture. Performance evaluations show that the area and the test time overhead in the proposed architecture are negligible while achieving both a high level of security and scan dump protection.
Keywords