Static and Dynamic Obfuscations of Scan Data Against Scan-Based Side-Channel Attacks

Due to the fallibility of advanced integrated circuit (IC) fabrication processes, scan test has been widely used by cryptographic ICs to provide high fault coverage. Full controllability and observability offered by the scan design also open out the trapdoor to side-channel attacks. To better resist signature attacks on scan testable cryptochip, we propose to fortify the key and lock method by the static obfuscation of scan data. Instead of spatially reshuffling the scan cells, the working mode of some scan cells is altered to jumble up the scan data when the scan test is performed with an incorrect test key. However, when the plaintext is fed directly through the primary inputs for test efficiency, the static obfuscation of scan data is inadequate as demonstrated by a new test-mode-only signature attack (TMOSA) proposed in this paper. To thwart TMOSA, a new countermeasure based on the dynamic obfuscation of scan data is proposed. By cyclically shifting the incorrect test key throughout the test phase, the blocking cells due to the mismatched bits of the test key are made to move temporally to dynamically obfuscate the scan data. This latter scheme is unconditionally resilient against TMOSA and all other known scan-based attacks while preserving the merits of high testability and low area overhead compared with other countermeasures. © 2005-2012 IEEE.