This document discusses security risks related to testing integrated circuits. It describes how scan-based side-channel attacks can exploit design-for-testability infrastructure to reveal confidential information by observing scan chains. The document also covers different types of attackers, common attack procedures, and known attacks against cryptographic primitives. Finally, it discusses how test interfaces like JTAG can be misused to facilitate scan-based attacks or upload malicious firmware.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
Hardware Trojan Identification and Detectionijcisjournal
The majority of techniques developed to detect hardware trojans are based on specific attributes. Further, the ad hoc approaches employed to design methods for trojan detection are largely ineffective. Hardware trojans have a number of attributes which can be used to systematically develop detection techniques.
Based on this concept, a detailed examination of current trojan detection techniques and the characteristics of existing hardware trojans is presented. This is used to develop a new approach to hardware trojan identification and classification. This identification can be used to compare trojan risk or severity and trojan detection effectiveness. Identification vectors are generated for each hardware trojan and trojan detection technique based on the corresponding attributes. Vectors are also defined which represent trojan risk or severity and trojan detection effectiveness.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
Hardware Trojan Identification and Detectionijcisjournal
The majority of techniques developed to detect hardware trojans are based on specific attributes. Further, the ad hoc approaches employed to design methods for trojan detection are largely ineffective. Hardware trojans have a number of attributes which can be used to systematically develop detection techniques.
Based on this concept, a detailed examination of current trojan detection techniques and the characteristics of existing hardware trojans is presented. This is used to develop a new approach to hardware trojan identification and classification. This identification can be used to compare trojan risk or severity and trojan detection effectiveness. Identification vectors are generated for each hardware trojan and trojan detection technique based on the corresponding attributes. Vectors are also defined which represent trojan risk or severity and trojan detection effectiveness.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
Reconfigurable Trust for Embedded Computing
Platforms
Published in:Applied Electronics (AE), 2012 International
Conference
By:-
Martin Schramm University of Applied Sciences Deggendorf Deggendorf,
Germanymartin.schramm@hdu-deggendorf.de
Andreas Grzemba University of Applied Sciences Deggendorf
Deggendorf, Germany andreas.grzemba@hdu-deggendorf.de
•The main topic for this paper is how to implement hardware in security.
•Implementing hardware adds sophisticated security and privacy mechanisms, by isolating security module from the rest of the system.
•Using FPGA is one way to add hardware security feature, and it was the main idea for this paper
Título: Jurassic Pcap
Autores: Aarón Flecha y Jairo Alonso
Resumen: Presentación de entornos industriales y sus redes, centrándose en el análisis y tratamiento de capturas de tráfico con protocolos propietarios. Desarrollo de filtros y disectores.
A Test-Bed Implementation for Securing OLSR In Mobile Ad-Hoc Networks IJNSA Journal
Contemporary personal computing devices are increasingly required to be portable and mobile enabling user’s wireless access, to wired network infrastructures and services. This approach to mobile computing and communication is only appropriate in situations where a coherent infrastructure is available. There are many situations where these requirements are not fulfilled such as; developing nations, rural areas, natural disasters, and military conflicts to name but a few. A practical solution is to use mobile devices interconnected via a wireless medium to form a network, known as a Mobile Ad-hoc Network (MANET), and provide the services normally found in wired networks. Security in MANETs is an issue of paramount importance due to the wireless nature of the communication links. Additionally due to the lack of central administration security issues are different from conventional networks. For the purposes of this article we have used the “WMN testbed” to enable secure routing in MANETs. The use of cryptography is an efficient proven way of securing data in communications, but some cryptographic algorithms are not as efficient as others and require more processing power, which is detrimental to MANETs. In this article we have assessed different cryptographic approaches to securing the OLSR (Optimised Link State Routing) protocol to provide a basis for research. We conclude the paper with a series of performance evaluation results regarding different cryptographic and hashing schemes. Our findings clearly show that the most efficient combination of algorithms used for authentication and encryption are SHA-1 (Secure Hash Algorithm-1) and AES (Advanced Encryption Standard) respectively. Using this combination over their counterparts will lead to a considerable reduction in processing time and delay on the network, creating an efficient transaction moving towards satisfying resource constraints and security requirements.
SHARED INFORMATION BASED SECURITY SOLUTION FOR MOBILE AD HOC NETWORKSijwmn
The mobile ad hoc networks get subjected to security threats like other wireless networks. But due to their
peer to peer approach and absence of infrastructural resources the mobile ad hoc networks can not use
strong cryptographic mechanisms as used by their other wireless counterparts. This led to the
development of trust based methods as security solutions wherein a trusted node is relaxed from security
checks when the trust value reaches to a particular limit. The trust methods are prone to security risks but
have found their acceptance due to efficiency over computationally expensive and time consuming
cryptographic methods. The major problem with the trust methods is the period during which trust is
growing and is yet to reach the requisite threshold. This paper proposes security mechanism dependent
upon Random Electronic Code Book (RECB) combined with permutation functions. The proposed
mechanism has low time complexity, is easier to implement, computationally inexpensive and has very
high brute force search value. It can be used as the temporary security guard during the trust growth
phase. The impetus behind the proposed design is the reliance upon shared information between the peers
in the ad hoc networks.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
Reconfigurable Trust for Embedded Computing
Platforms
Published in:Applied Electronics (AE), 2012 International
Conference
By:-
Martin Schramm University of Applied Sciences Deggendorf Deggendorf,
Germanymartin.schramm@hdu-deggendorf.de
Andreas Grzemba University of Applied Sciences Deggendorf
Deggendorf, Germany andreas.grzemba@hdu-deggendorf.de
•The main topic for this paper is how to implement hardware in security.
•Implementing hardware adds sophisticated security and privacy mechanisms, by isolating security module from the rest of the system.
•Using FPGA is one way to add hardware security feature, and it was the main idea for this paper
Título: Jurassic Pcap
Autores: Aarón Flecha y Jairo Alonso
Resumen: Presentación de entornos industriales y sus redes, centrándose en el análisis y tratamiento de capturas de tráfico con protocolos propietarios. Desarrollo de filtros y disectores.
A Test-Bed Implementation for Securing OLSR In Mobile Ad-Hoc Networks IJNSA Journal
Contemporary personal computing devices are increasingly required to be portable and mobile enabling user’s wireless access, to wired network infrastructures and services. This approach to mobile computing and communication is only appropriate in situations where a coherent infrastructure is available. There are many situations where these requirements are not fulfilled such as; developing nations, rural areas, natural disasters, and military conflicts to name but a few. A practical solution is to use mobile devices interconnected via a wireless medium to form a network, known as a Mobile Ad-hoc Network (MANET), and provide the services normally found in wired networks. Security in MANETs is an issue of paramount importance due to the wireless nature of the communication links. Additionally due to the lack of central administration security issues are different from conventional networks. For the purposes of this article we have used the “WMN testbed” to enable secure routing in MANETs. The use of cryptography is an efficient proven way of securing data in communications, but some cryptographic algorithms are not as efficient as others and require more processing power, which is detrimental to MANETs. In this article we have assessed different cryptographic approaches to securing the OLSR (Optimised Link State Routing) protocol to provide a basis for research. We conclude the paper with a series of performance evaluation results regarding different cryptographic and hashing schemes. Our findings clearly show that the most efficient combination of algorithms used for authentication and encryption are SHA-1 (Secure Hash Algorithm-1) and AES (Advanced Encryption Standard) respectively. Using this combination over their counterparts will lead to a considerable reduction in processing time and delay on the network, creating an efficient transaction moving towards satisfying resource constraints and security requirements.
SHARED INFORMATION BASED SECURITY SOLUTION FOR MOBILE AD HOC NETWORKSijwmn
The mobile ad hoc networks get subjected to security threats like other wireless networks. But due to their
peer to peer approach and absence of infrastructural resources the mobile ad hoc networks can not use
strong cryptographic mechanisms as used by their other wireless counterparts. This led to the
development of trust based methods as security solutions wherein a trusted node is relaxed from security
checks when the trust value reaches to a particular limit. The trust methods are prone to security risks but
have found their acceptance due to efficiency over computationally expensive and time consuming
cryptographic methods. The major problem with the trust methods is the period during which trust is
growing and is yet to reach the requisite threshold. This paper proposes security mechanism dependent
upon Random Electronic Code Book (RECB) combined with permutation functions. The proposed
mechanism has low time complexity, is easier to implement, computationally inexpensive and has very
high brute force search value. It can be used as the temporary security guard during the trust growth
phase. The impetus behind the proposed design is the reliance upon shared information between the peers
in the ad hoc networks.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...DynamicInfraDays
Slides from Barak Michener's talk "CoreOS: Building the Layers of the Scalable Cluster for Containers" at ContainerDays Boston 2015: http://dynamicinfradays.org/events/2015-boston/programme.html#layers
If you want to learn iPhone app development complete, so you arrived on right location... From my slides u easily learn iPhone app development.. This is my third tutorial slides.. I also share some more tutorials.. Keep in touch...
Design and implementation of secured scan based attacks on ic’s by using on c...eSAT Journals
Abstract Physical designing of cryptographic analysis is subjected to various physical attacks. It has been formerly evidenced that scan chains introduce for hardware testability open a back door to potential attacks. Scan based testing technique is mainly used for testing and it provides full observabilty and controllability of the inner nodes of the IC. Therefore, in this paper, we propose a scan-protection scheme that provides testing facilities both at assembly time and over the course of the circuit’s life. An efficient principle is used to scan-in both input vectors and expected responses to compare expected and actual responses inside the circuit. This method has no impact on the feature of the test or the model-based fault analysis when compared to traditional scan tests. It occupies less area on the chip and avoids the authentication test mechanism. Keywords- security, testability, Design-for-testability (DFT), scan-based attack, test pattern generator
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical
products which also embeds cryptography hardware on-chip. This device generally holds secret key and
confidential information, more attention has been given to attacks on hardware which guards such secure
information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.)
using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines
various DFT based attack implementation method applied to cryptographic hardware. The paper contains
an extensive analysis of attacks based on various parameters. The countermeasures are classified and
analyzed in details
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...idescitation
Trojan insertion has been made difficult in modern communications in the
recent years, due to extensive research work in the direction to protect Integrated Circuits
(ICs). Several Trojan detection techniques have been developed to prevent the destruction
caused by malicious insertion of Trojan in physical layer, making the process of Trojan
insertion much more difficult. In this paper, we highlight our major findings in terms of
innovative Trojan design that can easily evade existing Trojan detection approaches based
on side-channel analysis. We propose a design that makes Trojan undetectable for known
defense benchmarks and during functional testing. We demonstrate our Trojan model and
validate the results on a known defense mechanism. We also present a novel detection
mechanism for the same proposed Trojan model. The experimental results are presented
using Xilinx Place and Route characteristics, in particular, the Floorplanner tool to identify
the Trojan and address such problems.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Watchguard Firewall overview and implemetationKaveh Khosravi
This document explains firewall technologies and intrusion detection techniques by using the combination of watchguard firewall and snort , the widely known intrusion detection system ,.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATIONEditor IJMTER
Privacy preserving routing is crucial for some Ad hoc networks that require
stronger privacy protection. A number of schemes have been proposed to protect privacy in
Ad hoc networks. However, none of these schemes offer unobservability property since data
packets and control packets are still linkable and distinguishable in these schemes. In this
paper, we define stronger privacy requirements regarding privacy preserving routing in
mobile ad hoc networks. Then we propose an Unobservable Secure Routing scheme (USOR)
to offer complete unlinkability and content unobservability for all types of packets. USOR is
efficient as it uses a novel combination of group signature and ID-based encryption for route
discovery. Security analysis demonstrates that USOR can well protect user privacy against
both inside and outside attackers. We implement USOR on Network Security (NS2), and
evaluate its performance by comparing with Ad Hoc On demand Distance Vector Routing
(AODV) and MASK. The simulation results show that USOR not only has satisfactory
performance compared to AODV, but also achieves stronger privacy protection than existing
schemes like Mask.
Secure Checkpointing Approach for Mobile Environmentidescitation
Mobile nodes such as mobile phones, laptops etc are widely used nowadays. The
services must be always available, reliable and uninterrupted. The communication must be
secure. Fault tolerance is the most important feature of these systems. To make a system
fault tolerant at operating system level we apply check pointing. Security threats like
information leakage, information theft, information change can be done by a malicious node
at the time of communication between two legitimate nodes. Elliptic curve cryptography is
used to provide authentication, confidentiality, non repudiation etc. Main objective of our
work is to design a low overhead secured fault tolerant system which makes the
computation and communication secure. The saving of system state is needed to recover
from failure. The reliable backing store is also needed for recovery from failure.
Dive into the innovative world of smart garages with our insightful presentation, "Exploring the Future of Smart Garages." This comprehensive guide covers the latest advancements in garage technology, including automated systems, smart security features, energy efficiency solutions, and seamless integration with smart home ecosystems. Learn how these technologies are transforming traditional garages into high-tech, efficient spaces that enhance convenience, safety, and sustainability.
Ideal for homeowners, tech enthusiasts, and industry professionals, this presentation provides valuable insights into the trends, benefits, and future developments in smart garage technology. Stay ahead of the curve with our expert analysis and practical tips on implementing smart garage solutions.
7 Alternatives to Bullet Points in PowerPointAlvis Oh
So you tried all the ways to beautify your bullet points on your pitch deck but it just got way uglier. These points are supposed to be memorable and leave a lasting impression on your audience. With these tips, you'll no longer have to spend so much time thinking how you should present your pointers.
Between Filth and Fortune- Urban Cattle Foraging Realities by Devi S Nair, An...Mansi Shah
This study examines cattle rearing in urban and rural settings, focusing on milk production and consumption. By exploring a case in Ahmedabad, it highlights the challenges and processes in dairy farming across different environments, emphasising the need for sustainable practices and the essential role of milk in daily consumption.
Unleash Your Inner Demon with the "Let's Summon Demons" T-Shirt. Calling all fans of dark humor and edgy fashion! The "Let's Summon Demons" t-shirt is a unique way to express yourself and turn heads.
https://dribbble.com/shots/24253051-Let-s-Summon-Demons-Shirt
Expert Accessory Dwelling Unit (ADU) Drafting ServicesResDraft
Whether you’re looking to create a guest house, a rental unit, or a private retreat, our experienced team will design a space that complements your existing home and maximizes your investment. We provide personalized, comprehensive expert accessory dwelling unit (ADU)drafting solutions tailored to your needs, ensuring a seamless process from concept to completion.
Book Formatting: Quality Control Checks for DesignersConfidence Ago
This presentation was made to help designers who work in publishing houses or format books for printing ensure quality.
Quality control is vital to every industry. This is why every department in a company need create a method they use in ensuring quality. This, perhaps, will not only improve the quality of products and bring errors to the barest minimum, but take it to a near perfect finish.
It is beyond a moot point that a good book will somewhat be judged by its cover, but the content of the book remains king. No matter how beautiful the cover, if the quality of writing or presentation is off, that will be a reason for readers not to come back to the book or recommend it.
So, this presentation points designers to some important things that may be missed by an editor that they could eventually discover and call the attention of the editor.
2. Agenda
Abstract
Introduction
What is Security Testing
Purpose of Security Testing
Scan-Based Attacks
Types of Attacks
Content of Attackers
Misuse of Test Interfaces
Conclusion
References
3. Abstract
Cryptographic circuits need to be protected against side-
channel attacks, which target their physical attributes while the
cryptographic algorithm is in execution. There can be various
side-channels, such as power, timing, electromagnetic
radiation, fault response, and so on. One such important side-
channel is the design-for-testability (DfT) infrastructure present
for effective and timely testing of VLSI circuits.The purpose of
this paper is to rst present a detailed survey on the state-of-
the-art in scan-based side-channel attacks on symmetric and
public-key cryptographic hardware implementations, both in
the absence and presence of advanced DfT structures, such
as test compression and X-masking, which may make the
attack diffcult.
4. Introduction
Structural testing is one important step in the production of
integrated circuits. Indeed, the fabrication of CMOS devices is
not a totally controlled process and some of the manufactured
Chips may not work properly. Testing is therefore essential to
Sort faulty and good circuits and thus ensure the quality of the
products. The increasing test cost of new technologies demands
the insertion of test-oriented structures early in the integrated
circuit (IC) design cycle, which is called Design-for-Testabilit
(DfT). These structures aims at improving the testability
(mainl the capacity to detect the presence of faults), diagnostics,
test time and reducing the number of required test pins.
5. What is Security Testing
Security testing is a process to determine that
an information system protects data and maintains
functionality.
To check whether there is any information leakage.
To test the application whether it has unauthorized
access and having the encoded security code.
To finding out all the potential loopholes and
weaknesses of the system.
6. Purpose of Security Testing
Primary purpose of security testing is to identify the
vulnerabilities and subsequently repairing them.
Security Testing helps in improving the current system
and also helps in ensuring that the system will work
for longer time.
Security test helps in finding out loopholes that can
cause loss of important information.
7. Scan-Based Attacks
The insertion of scan chains consists of replacing the flip-flops
(FFs) of the design by scan flip-flops (SFFs) and connecting
these SFFs into a shift-register, called scan chain.
The scan chain is bound to a input pin (scan-in) and to an
output pin (scan-out). An extra pin called scan-enable should
be added to control the scan chain's data shifting. If the scanenable
is set to 0, the SFFs are connected to the circuit to
behave as functionally expected (functional mode). When the
scan-enable is set to 1, the SFFs are connected to the scan
chain, and the bitstream at the scan-in is shifted in while the
data stored in the SFFs is shifted out through the scan-out pin.
8. Scan-Based Attacks
By controlling the scan-in and scan-enable inputs and observing the
scan-out pin, and attacker can observe confidential data or corrupt
internal states. Then the below Fig. 1 illustrates the duality between test
and security.
9. Types of Attacks:
Attack Basic Procedure
Attacking Cryptographic Primitives
Attacker Model
Known Scan-Based Attacks
10. Attack Basic Procedure
As depicted in Fig. 1, the attacker can use the shift operation maliciously,
switching from functional to test mode at will.
Even if the attacker uses the shift operation as the test engineer, the attack's
procedure is different from the standard test procedure.
For instance, suppose that some of
the flip-flops inserted on the scan chain contain confidential Information .
An observability attack would consist of the following steps:
a. reset the circuit
b. load the chosen input at the cipher's input
c. run part of the encryption
d. switch to test
e. mode when the intermediate flip-flops contain data related to the secret and
shift out the scan contents containing this confidential information
f. analyze the observed contents and try to uncover the secret key.
11. Attacking Cryptographic Primitives
The science of coding and decoding messages so as to
keep these messages secure. Coding takes place using
a key that ideally is known only by the sender and
intended recipient of the message.
In computer programming, a primitive is a basic
interface or segment of code that can be used to build
more sophisticated program elements or interfaces.
The below Fig. 2 shows an example of how the scan-
based attacks can compromise the security of
symmetric-key or public-key cryptography.
12. Both symmetric-key and public-key algorithms usually have structures
that repeat the same operations for multiple iterations.
The more iterations, the harder for attackers to nd out the secret by
only observing the plaintext/input and the ciphertext/output.
13. Attacker Model
In this model we classify into 4 classes.
They are:
Class 1: Amateur,
Class 2: Expert,
Class 3: Insider,
Class 4: Expert with advanced equipment
14. Attacker Model
Class 1: Amateur
Knows the cipher algorithm implementation, as well as timing
diagrams for correctly operating the circuit (this information is usually
present in the circuit datasheet).
Class 2: Expert
Can uncover design details with the help of DPA or timing analysis,
consisting mainly of input/output register buffers and additional
registers that may be affected by plaintext (DFF storage elements).
These DFFs may complicate the observation of data related to the
secret.
15. Attacker Model
Class 3: Insider
Knows the correspondence between the circuit flip-flops and their
position within the scan chain.
Class 4: Expert with advanced equipment
Can remove the chip package and probe internal signals. This is
important in cases where the scan chains are disconnected after
manufacturing test by means of anti-fuses. This class of attackers can
still probe unconnected scan chains.
It must be noted that a Class 3 or 4 attacker have of course all the
abilities of the lower class attackers.
16. Known Scan-Based Attacks
The rst scan attack proposed in the literature was conceived to
break a Data Encryption Standard (DES) block cipher.
Yang et al. described a two-phase procedure that consists in first
finding the position of the intermediate registers in the scan
chain, and then retrieving the DES first round key.
In order to find the position, 64 pairs of plaintexts are loaded.
Two plaintexts are loaded.
Two plaintexts of any of these pairs have a single-bit difference
and each pair has a difference in a different location.
Using the procedure described in subsection II-A, the attacker
shifts out internal states when the plaintexts are loaded into the
registers that store the intermediate values and then these
register's flip-flops are localized.
Then the attacker applies three chosen plaintexts and shifts out
the scan data to recover the first round key.
17. Misuse of Test Interfaces
Test interfaces such as JTAG and IEEE 1500 have two
security drawbacks:
they make scan-based attacks easier and
They can be used to upload corrupted firmware in non-
volatile
memories or read out internal contents.
The first issue comes from the fact that they provide access
to individual components(chips on board or cores on
SoCs).
It implies that malicious users can apply scan-based attacks
on the cryptographic blocks only, which makes the analysis
phase of the attack easier.
18. Conclusion
In this paper we described two main issues related to the
test and security domain: scan-based attacks and misuse of
JTAG interfaces. Both threats exploit security issues present
in structures that implemented test and debug of digital
ICs. To help the understanding of scan-based attacks, we
have described the principles of these attacks. Then we
presented a survey of the known scan-based attacks so
that designers can take them into account when building
new circuits. Additionally, we described some well known
issues related to the misuse of JTAG and IEEE 1500 test
interfaces.
19. References
[1] (1994). Federal Information Processing Standards Publication 140-2:
Security Requirements for Cryptographic Modules [Online]. Available:
http://csrc.nist.gov/publications/ps/ps140-2/ps1402.pdf
[2] D. Hely, M.-L. Flottes, F. Bancel, B. Rouzeyre, N. Berard, and
M. Renovell, ``Scan design and secure chip [secure IC testing],'' in
Proc.
10th IEEE IOLTS, Jul. 2004, pp. 219224.
[3] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, ``Securing designs
against scan-based side-channel attacks,'' IEEE Trans. Dependable
Secure
Comput., vol. 4, no. 4, pp. 325336, Oct. 2007.
[4] J. Da Rolt, G. Di Natale, M. Flottes, and B. Rouzeyre, ``A novel
differential
scan attack on advanced DFT structures,'' ACM Trans. Des. Autom.
Electron. Syst., vol. 18, no. 4, p. 58, Oct. 2013.