Challenge-Response based Secure Test Wrapper for Testing Cryptographic SoCs

Speaker

Amitabh Das on 12-9 2011

Abstract

Cryptographic circuits need a special test infrastructure due to security constraints. Typical DFT methods, such as scan chains, as applied to most ASICs cannot be applied directly to cryptographic chips. These methods, though providing the highest testability, open backdoors or side-channels for attackers to extract secret keys or Intellectual Property (IP) information from the core. Past approaches at secure test modified the existing design or on-chip DFT structure and was not suited for System on Chip (SoC) integration testing. Our work seeks to address the tradeoff between security, testability and test area overhead by presenting a challenge-response based Secure Test Wrapper structure, suitable for testing IP cores in a SoC environment. This scheme incorporates the KATAN lightweight block-cipher into IEEE 1500 Standard Test Wrapper and as such provides an extremely compact locking and unlocking mechanism for the standard scan chains. The overhead to include this secure mechanism is restricted to about 9% compared to a standard scan and test wrapper. Two possible solutions to the key management problem will also be discussed.

In addition, a new approach will be presented which overcomes the limitations of the earlier method where the authentication mechanism needs to be implemented in hardware (incurring an area overhead), and the authentication secrets to be securely stored in non-volatile memory (NVM), which may be susceptible to side-channel attacks. For this purpose, we enhance the secure test wrapper allowing testing of multiple IP blocks using a Physically Unclonable Function (PUF)-based authentication mechanism, which not only overcomes the necessity of NVM, but also reduces the implementation overhead. This gives an advantage of isolating the IP under test from the rest of the SoC and increases the probability of detecting faults. These methods are generic and are applicable for all types of cryptographic SoCs.

Slides

CE Tweets