Security Assessment of Dynamically Obfuscated Scan Chain Against Oracle-guided Attacks

2021 ◽  
Vol 26 (4) ◽  
pp. 1-27
Author(s):  
M Sazadur Rahman ◽  
Adib Nahiyan ◽  
Fahim Rahman ◽  
Saverio Fazzari ◽  
Kenneth Plaks ◽  
...  
Keyword(s):  
Integrated Circuits ◽  
Formal Proof ◽  
Test Time ◽  
Security Assessment ◽  
Combinational Circuit ◽  
Promising Solution ◽  
Logic Locking ◽  
Scan Chain ◽  
Key Extraction ◽  
Time Overhead

Logic locking has emerged as a promising solution to protect integrated circuits against piracy and tampering. However, the security provided by existing logic locking techniques is often thwarted by Boolean satisfiability (SAT)-based oracle-guided attacks. Criteria for successful SAT attacks on locked circuits include: (i) the circuit under attack is fully combinational, or (ii) the attacker has scan chain access. To address the threat posed by SAT-based attacks, we adopt the dynamically obfuscated scan chain (DOSC) architecture and illustrate its resiliency against the SAT attacks when inserted into the scan chain of an obfuscated design. We demonstrate, both mathematically and experimentally, that DOSC exponentially increases the resiliency against key extraction by SAT attack and its variants. Our results show that the mathematical estimation of attack complexity correlates to the experimental results with an accuracy of 95% or better. Along with the formal proof, we model DOSC architecture to its equivalent combinational circuit and perform SAT attack to evaluate its resiliency empirically. Our experiments demonstrate that SAT attack on DOSC-inserted benchmark circuits timeout at minimal test time overhead, and while DOSC requires less than 1% area and power overhead.

Improving Yield Using Scan and DFT Based Analysis for High Performance PowerPC© Microprocessor

2006 ◽  
Author(s):  
Ray Talacka ◽  
Nandu Tendolkar ◽  
Cynthia Paquette
Keyword(s):  
High Performance ◽  
Yield Enhancement ◽  
Test Time ◽  
Balance Test ◽  
Specific Test ◽  
Defect Location ◽  
Test Methodology ◽  
Memory Arrays ◽  
Scan Chain ◽  
Scan Pattern

Abstract The use of memory arrays to drive yield enhancement has driven the development of many technologies. The uniformity of the arrays allows for easy testing and defect location. Unfortunately, the complexities of the logic circuitry are not represented well in the memory arrays. As technologies push to smaller geometries and the layout and timing of the logic circuitry become more problematic the ability to address yield issue is becoming critical. This paper presents the added yield enhancement capabilities of using e600 core Scan Chain and Scan Pattern testing for logic debug, ways to interpret the fail data, and test methodologies to balance test time and acquiring data. Selecting a specific test methodology and using today's advanced tools like Freescale's DFT/FA has been proven to find more yield issues, earlier, enabling quicker issue resolution.

Timing Sensitivity Analysis of Logical Nodes in Scan Design Integrated Circuits by Pulsed Diode Laser Stimulation

2008 ◽  
Author(s):  
T. Kiyan ◽  
C. Boit ◽  
C. Brillert
Keyword(s):  
Laser Pulse ◽  
Integrated Circuits ◽  
Continuous Wave ◽  
Fault Injection ◽  
Scan Design ◽  
Flip Flop ◽  
Laser Stimulation ◽  
Scan Chain ◽  
P Type ◽  
Scan Pattern

Abstract In this paper, a methodology based upon laser stimulation and a comparison of continuous wave and pulsed laser operation will be presented that localizes the fault relevant sites in a fully functional scan chain cell. The technique uses a laser incident from the backside to inject soft faults into internal nodes of a master-slave scan flip-flop in consequence of localized photocurrent. Depending on the illuminated type of the transistors (n- or p-type), injection of a logic ‘0’ or ‘1’ into the master or the slave stage of a flip-flop takes place. The laser pulse is externally triggered and can easily be shifted to various time slots in reference to clock and scan pattern. This feature of the laser diode allows triggering the laser pulse on the rising or the falling edge of the clock. Therefore, it is possible to choose the stage of the flip-flop in which the fault injection should occur. It is also demonstrated that the technique is able to identify the most sensitive signal condition for fault injection with a better time resolution than the pulse width of the laser, a significant improvement for failure analysis of integrated circuits.

scholarly journals Identifying the Optimal Subsets of Test Items through Adaptive Test for Cost Reduction of ICs

Electronics ◽  
2021 ◽  
Vol 10 (6) ◽  
pp. 680
Author(s):  
Huaguo Liang ◽  
Jinlei Wan ◽  
Tai Song ◽  
Wangchao Hou
Keyword(s):  
Integrated Circuits ◽  
Cost Reduction ◽  
Bayesian Model ◽  
Test Methods ◽  
Test Time ◽  
Test Quality ◽  
Test Cost ◽  
Test Items ◽  
Adaptive Test ◽  
Test Escapes

With the growing complexity of integrated circuits (ICs), more and more test items are required in testing. However, the large number of invalid items (which narrowly pass the test) continues to increase the test time and, consequently, test costs. Aiming to address the problems of long test time and reduced test item efficiency, this paper presents a method which combines a fast correlation-based filter (FCBF) and a weighted naive Bayesian model which can identify the most effective items and make accurate quality predictions. Experimental results demonstrate that the proposed method reduces test time by around 2.59% and leads to fewer test escapes compared with the recently adopted test methods. The study shows that the proposed method can effectively reduce the test cost without jeopardizing test quality excessively.

RF Modules (Tx–Rx) with Multifunctional MMICs

2017 ◽  
Vol 2017 (NOR) ◽  
pp. 1-5
Author(s):  
Martin Oppermann ◽  
Ralf Rieger
Keyword(s):  
Integrated Circuits ◽  
Integrated Circuit ◽  
Next Generation ◽  
Electronic Warfare ◽  
Chip Area ◽  
Operating Modes ◽  
Half Wavelength ◽  
X Band ◽  
Physical Channel ◽  
Promising Solution

Abstract Next generation RF sensor modules for multifunction active electronically steered antenna (AESA) systems will need a combination of different operating modes, such as radar, electronic warfare (EW) functionalities and communications/datalinks within the same antenna frontend. They typically operate in C-Band, X-Band and Ku-Band and imply a bandwidth requirement of more than 10 GHz. For the realisation of modern active electronically steered antennas, the transmit/receive (T/R) modules have to match strict geometry demands. A major challenge for these future multifunction RF sensor modules is dictated by the half-wavelength antenna grid spacing, that limits the physical channel width to < 12 mm or even less, depending on the highest frequency of operation with accordant beam pointing requirements. A promising solution to overcome these geometry demands is the reduction of the total monolithic microwave integrated circuit (MMIC) chip area, achieved by integrating individual RF functionalities, which are commonly achieved through individual integrated circuits (ICs), into new multifunctional (MFC) MMICs. Various concepts, some of them already implemented, towards next generation RF sensor modules will be discussed and explained in this work.

scholarly journals Sensitivity Analysis of Locked Circuits

10.29007/7tpd ◽  
2020 ◽  
Author(s):  
Joseph Sweeney ◽  
Marijn J. H. Heule ◽  
Lawrence Pileggi
Keyword(s):  
Sensitivity Analysis ◽  
Intellectual Property ◽  
Integrated Circuits ◽  
Inverse Relationship ◽  
Logic Locking ◽  
Provably Secure

Globalization of integrated circuits manufacturing has led to increased security con- cerns, notably theft of intellectual property. In response, logic locking techniques have been developed for protecting designs, but many of these techniques have been shown to be vulnerable to SAT-based attacks. In this paper, we explore the use of Boolean sensi- tivity to analyze these locked circuits. We show that in typical circuits there is an inverse relationship between input width and sensitivity. We then demonstrate the utility of this relationship for deobfuscating circuits locked with a class of “provably secure” logic lock- ing techniques. We conclude with an example of how to resist this attack, although the resistance is shown to be highly circuit dependent.

Formal and semi-formal verification of a web voting system

2015 ◽  
Vol 11 (2) ◽  
pp. 183-204 ◽  
Author(s):  
Maximiliano Cristia ◽  
Claudia Frydman
Keyword(s):  
Design Methodology ◽  
Web Applications ◽  
Formal Proof ◽  
Security Assessment ◽  
Content Type ◽  
Research Institution ◽  
Model Based Testing ◽  
Voting System ◽  
Functional Correctness ◽  
Verification Process

Purpose – This paper aims to present the verification process conducted to assess the functional correctness of the voting system. Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET) is the most important research institution in Argentina. It depends directly from Argentina’s President but its internal authorities are elected by around 8,000 research across the country. During 2011, the CONICET developed a Web voting system to replace the traditional mail-based process. In 2012 and 2014, CONICET conducted two Web election with no complaints from candidates and voters. Before moving the system into production, CONICET asked the authors to conduct a functional and security assessment of it. Design/methodology/approach – This process is the result of integrating formal, semi-formal and informal verification activities from formal proof to code inspection and model-based testing. Findings – Given the resources and time available, a reasonable level of confidence on the correctness of the application could be transmitted to senior management. Research limitations/implications – A formal specification of the requirements must be developed. Originality/value – Formal methods and semi-formal activities are seldom applied to Web applications.

Sign in / Sign up

Export Citation Format

Share Document