An On-Chip Detection Mechanism to Detect Scan-Based Attack in Crypto-Chips
Subject Areas : electrical and computer engineeringF. Jamali Zavareh 1 , H. Beitollahi 2 *
1 - University of Science and Technology
2 - Iran University of Science and Technology
Keywords: Hardware securitytestabilityscan-based attack,
Abstract :
Since the advent of cryptographic chips, the side channel attacks have become a serious threat to cryptographic algorithms and security systems. The side channel attacks use weaknesses in the chip implementation instead of using the computational weaknesses of the algorithms. The scan chain that is widely used in the chip test is one of these side channels. To avoid an attack using a scan chain, one can remove the scan chain after the construction test, but this method makes it impossible to test the post-construction and updating the circuit. Therefore, in addition to preserving the testability of the scan chain, it is necessary to look for a method to prevent the side channel attacks. In this article, a method is proposed to identify the attacker and prevent his scan-based attacks. In this way, by the user authorization, the corresponding output will be generated and the attacker's access to sensitive information is prevented. The proposed method, with an area overhead of less than 1%, power overhead around 1% and a negligible delay overhead retains testability and can prevent differential and signature-based scan attacks better than previous state-of-the-art techniques.
[1] Y. Bo, W. Kaijie, and R. Karri, "Scan-based side-channel attack on dedicated hardware implementations of data encryption standard," in Proc. IEEE Int. Test Conf., ITC'04, pp. 339-344, Washington DC, USA, 26-28 Oct. 2004.
[2] Y. Bo, W. Kaijie, and R. Karri, "Secure scan: a design-for-test architecture for crypto chips," IEEE Trans. CAD Integr. Cir. Syst., vol. 25, no. 10, pp. 2287-2293, Oct. 2006.
[3] H. Kodera, M. Yanagisawa, and N. Togawa, "Scan-based attack against DES cryptosystems using scan signatures," in Proc. Asia Pacific Conf. Cir. Syst., APCCAS'12, pp. 2-5, Kaohsiung, Taiwan, 2-5 Dec. 2012.
[4] R. Nara, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "A scan-based attack based on discriminators for AES cryptosystems," IEICE Trans. on Fundamentals Electronics, Communications and Computer Sciences, vol. E92-A, no. 12, pp. 3229-3237, Dec. 2009.
[5] R. Nara, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "Scan-based attack against elliptic curve cryptosystems," in Proc. of Asia and South Pacific Des. Autom. Conf., ASP-DAC'10, pp. 407-412, Taipei, Taiwan, 18-21 Jan. 2010.
[6] R. Nara, K. Satoh, M. Yanagisawa, and N. Togawa, "Scan-based sidechannel attack against RSA cryptosystems using scan signatures," IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences, vol. E93-A, no. 12, pp. 2481-2489, Dec. 2010.
[7] K. S. Kumar, K. Lodha, S. R. Sahoo, and K. K. Mahapatra, "On-chip comparison based secure output response compactor for scan-based attack resistance," in Proc. Int. Conf. on VLSI Systems, Architecture, Technology and Applications, VLSI-SATA'15, 6 pp., Bangalore, India, 8-10 Jan. 2015.
[8] A. Mehta, D. Saif, and R. Rashidzadeh, "A hardware security solution against scan-based attacks," IEEE Int. Symp. on Circuits and Systems, ISCAS'16, pp. 1698-1701, May 2016.
[9] J. Da Rolt, A. Das, G. Di Natale, M. L. Flottes, B. Rouzeyre, and I. Verbauwhede, "Test versus security: past and present," IEEE Trans. on Emerging Topics in Computing, vol. 2, no. 1, pp. 50-62, Mar. 2014.
[10] J. D. Rolt, G. D. Natale, M. L. Flottes, and B. Rouzeyre, "Scan attacks and countermeasures in presence of scan response compactors," in Proc. 16th IEEE European Test Symp., ETS'11, Annecy, France, pp. 19-24, May 2011.
[11] J. D. Rolt, G. D. Natale, M. Flottes, and B. Rouzeyre, "Are advanced DFT structures sufficient for preventing scan-attacks?" in Proc. of the IEEE VLSI Test Symp., VTS'12, pp. 246-251, Maui, HI, USA, Apr. 2012.
[12] J. D. Rolt, G. D. Natale, M. Flottes, and B. Rouzeyre, "Are advanced DFT structures sufficient for preventing scan-attacks?" in Proc. IEEE VLSI Test Symp., VTS'12, pp. 246-251, Maui, HI, USA, 23-25 Apr. 2012.
[13] A. Cui, Y. Luo, and C. H. Chang, "Static and dynamic obfuscations of scan data against scan-based side-channel attacks," IEEE Trans. on Information Forensics and Security, vol. 12, no. 2, pp. 363-376, Feb. 2017.
[14] G. Sengar, D. Mukhopadhyay, and D. R. Chowdhury, "Secured flipped scan-chain model for crypto-architecture," IEEE Trans. on Computer Aided Design of Integrated Circuits and Systems, vol. 26, no. 11, pp. 2080-2084, Nov. 2007.
[15] Y. Shi, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "Robust secure scan design against scan-based differential cryptanalysis," IEEE Trans. on Very Large Scale Integration (VLSI) Systems, vol. 20, no. 1, pp. 176-181, Jan. 2012.
[16] M. Agrawal, S. Karmakar, D. Saha, and D. Mukhopadhyay, "Scan based side channel attacks on stream ciphers and their counter-measures," in Proc. 9th Annual Int. Conf. on Cryptology in India, Kharagpu, India, pp. 226-238, Dec. 2009.
[17] Y. Atobe, Y. Shi, M. Yanagisawa, and N. Togawa, "Dynamically changeable secure scan architecture against scan_based side channel attack," in Proc. Int. SoC Design Conf., ISOCC'12, pp. 155-158, Jeju Island, Korea, 4-7 Nov. 2012.
[18] Y. Atobe, Y. Shi, M. Yanagisawa, and N. Togawa, "Secure scan design with dynamically configurable connection," in Proc. 19th IEEE Pacific Rim Int. Sym. Dependable Computing, PRDC'13, pp. 256-262, Vancouver, Canada, 2-4 Dec. 2013.
[19] D. Hly, et al., "Scan design and secure chip," in Proc. 10th IEEE Int. On-Line Testing Symp., pp. 219-226, 14-14 Jul. 2004.
[20] J. D. Rolt, G. Di Natale, M. L. Flottes, and B. Rouzeyre, "Thwarting scan-based attacks on secure-ICs with on-chip comparison," IEEE Trans. on Very Large Scale Integration (VLSI) Systems, vol. 22, no. 4, pp. 947-951, Apr. 2014.
[21] B. Yang, K. Wu, and R. Karri, "Secure scan: a design-for-test architecture for crypto chips," in Proc. of 42nd Annual Conf. on Design Automation, pp. 135-140, Anaheim, CA, USA, 13-17 Jun. 2005.
[22] S. Paul, R. S. Chakraborty, and S. Bhunia, "VIm-scan: a low overhead scan design approach for protection of secret key in scan-based secure chips," in Proc. the 25th IEEE VLSI Test Symp., pp. 455-460, Berkeley, CA, USA, 6-10 May 2007.
[23] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, "Securing designs against scan-based side-channel attacks, " IEEE Trans. on Dependable and Secure Computing, vol. 4, no. 4, pp. 325-336, Oct. 2007.
[24] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, "Securing designs against scan-based side-channel attacks," IEEE Trans. on Dependable and Secure Computing, vol. 4, no. 4, pp. 325-336, Oct. 2007.
[25] J. Li, J. Jiang, H. Cheng, M. Zhang, and S. Wei, "An efficient hardware random number generator based on the MT method," in 12th IEEE Int. Conf. on Computer and Information Technology, pp. 1011-1015, Chengdu, China, 27-29 Oct. 2012.
[26] B. Sileshi, C. Ferrer, and J. Oliver, "Accelerating hardware Gaussian random number generation using Ziggurat and CORDIC algorithms," in Proc. IEEE Int. Conf. on Sensors, pp. 2122-2125, Valencia, Spain, 2-5 Nov. 2014.
[27] I. Cicek and G. Dundar, "A hardware efficient chaotic ring oscillator based true random number generator," in Proc.18th IEEE Int. Conf. on Electronics, Circuits, and Systems, pp. 430-433, Beirut, Lebanon, 11-14 Dec. 2011.