A Dynamic-Key Based Secure Scan Architecture for Manufacturing and In-Field IC Testing

• Published in: IEEE transactions on emerging topics in computing Vol. 10; no. 1; pp. 373 - 385
• Main Authors: Lee, Kuen-Jong, Liu, Ching-An, Wu, Chia-Chi
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.01.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Chains; Computer architecture; Discrete Fourier transforms; dynamic key generation; Field study; Generators; Hardware security; Integrated circuits; Manufacturing; memory attack; physical unclonable function (PUF); Random access memory; scan design; secure scan architecture; Security; side-channel attack; Testability; Testing
• ISSN: 2168-6750; 2168-6750
• DOI: 10.1109/TETC.2020.3021820

The design for testability (DFT) technology based on scan chains is widely used in industry to increase the testability of circuits. However, it also leads to a potential security problem that attackers can use scan chains as a backdoor to attack a system. Common methods to defend such attacks include disabling the scan chain after manufacturing test or employing some secret keys to encrypt/decrypt scan data or to verify the identities of users. The former would make in-field testing impossible and the latter would require storing keys in memory which might also undergo high risk of memory attacks. In this paper we propose a dynamic-key based secure scan architecture that works together with an intrinsic Physical Unclonable Function (PUF) of chips to defend both scan-based and memory attacks while facilitating both manufacturing and in-field testing. A system equipped with this secure architecture will shift out true circuit responses only when legal test patterns are shifted into the scan chains. Moreover, no test key will be stored in memory, hence no memory attacks are possible. We also leverage the PUF to distinct the legal test patterns for different manufactured chips so as to further protect chips. Analysis results show that our protection scheme can achieve a very high security level without sacrificing system performance, testability and diagnosability.