Plug & Test at System Level via Testable TLM Primitives

With the evolution of Electronic System Level (ESL) design methodologies, we are experiencing an extensive use of Transaction-Level Modeling (TLM). TLM is a high-level approach to modeling digital systems where details of the communication among modules are separated from the those of the implementation of functional units. This paper represents a first step toward the automatic insertion of testing capabilities at the transaction level by definition of testable TLM primitives. The use of testable TLM primitives should help designers to easily get testable transaction level descriptions implementing what we call a "Plug & Test" design methodology. The proposed approach is intended to work both with hardware and software implementations. In particular, in this paper we will focus on the design of a testable FIFO communication channel to show how designers are given the freedom of trading-off complexity, testability levels, and cos

A partial scan methodology for testing self-timed circuits

technical reportThis paper presents a partial scan method for testing control sections of macromodule based self-timed circuits for stuck-at faults. In comparison with other proposed test methods for self-timed circuits, this technique offers better fault coverage than methods using self-checking techniques, and requires fewer storage elements to be made scannable than full scan approaches with similar fault coverage. A new method is proposed to test the sequential network in this partial scan environment. Experimental data is presented to show that high fault coverage is possible using this method with only a subset of storage elements being made scannable

An Efficient Test Relaxation Technique for Synchronous Sequential Circuits

Testing systems-on-a-chip (SOC) involves applying huge amounts of test data, which is stored in the tester memory and then transferred to the circuit under test (CUT) during test application. Therefore, practical techniques, such as test compression and compaction, are required to reduce the amount of test data in order to reduce both the total testing time and the memory requirements for the tester. Test-set relaxation can improve the efficiency of both test compression and test compaction. In addition, the relaxation process can identify selfinitializing test sequences for synchronous sequential circuits. In this paper, we propose an efficient test relaxation technique for synchronous sequential circuits that maximizes the number of unspecified bits while maintaining the same fault coverage as the original test set

Improving Power, Performance and Area with Test: A Case Study

As more low power devices are needed for applications such as Internet of Things, reducing power and area is becoming more critical. Reducing power consumption and area caused by full scan design-for-test should be considered as a way to help achieve these stricter requirements. This is especially important for designs that use near-threshold technology. In this work, we use partial scan to improve power, performance and area on a graphics processing unit shader block. We present our non-scan D flip-flop (DFF) selection algorithm that maximizes non-scan DFF count while achieving automatic test pattern generation results close to those of the full scan design. We identify a category of stuck-at faults that are unique to partial scan designs and propose a check to identify and contain them. Our final test coverage of the partial scan design is within 0.1% of the full scan test coverage for both stuck-at and transition delay fault models. In addition, we present the PPA (power, performance and area) results for both the full scan and partial scan designs. The most noteworthy improvement is seen in the hold total negative slack

Improving Power, Performance and Area with Test: A Case Study

As more low power devices are needed for applications such as Internet of Things, reducing power and area is becoming more critical. Reducing power consumption and area caused by full scan design-for-test should be considered as a way to help achieve these stricter requirements. This is especially important for designs that use near-threshold technology. In this work, we use partial scan to improve power, performance and area on a graphics processing unit shader block. We present our non-scan D flip-flop (DFF) selection algorithm that maximizes non-scan DFF count while achieving automatic test pattern generation results close to those of the full scan design. We identify a category of stuck-at faults that are unique to partial scan designs and propose a check to identify and contain them. Our final test coverage of the partial scan design is within 0.1% of the full scan test coverage for both stuck-at and transition delay fault models. In addition, we present the PPA (power, performance and area) results for both the full scan and partial scan designs. The most noteworthy improvement is seen in the hold total negative slack

SCAN CHAIN BASED HARDWARE SECURITY

Hardware has become a popular target for attackers to hack into any computing and communication system. Starting from the legendary power analysis attacks discovered 20 years ago to the recent Intel Spectre and Meltdown attacks, security vulnerabilities in hardware design have been exploited for malicious purposes. With the emerging Internet of Things (IoT) applications, where the IoT devices are extremely resource constrained, many proven secure but computational expensive cryptography protocols cannot be applied on such devices. Thus there is an urgent need to understand the hardware vulnerabilities and develop cost effective mitigation methods. One established field in the semiconductor and integrated circuit (IC) industry, known as IC test, has the goal of ensuring that fabricated ICs are free of manufacturing defects and perform the required functionalities. Testing is essential to isolate faulty chips from good ones. The concept of design for test (DFT) has been integrated in the commercial IC design and fabrication process for several decades. Scan chain, which provides test engineer access to all the flip flops in the chip through the scan in (SI) and scan out (SO) ports, is the backbone of industrial testing methods and can be found in almost all the modern designs. In addition to IC testing, scan chain has found applications in intellectual property (IP) protection and IC identification. However, attackers can also leverage the controllability and observability of scan chain as a side channel to break systems such as cryptographic chips. This dissertation addresses these two important security problems by proposing (1) a practical scan chain based security primitive for IP protection and (2) a partial scan chain framework that can mitigate all the existing scan based attacks. First, we observe the fact that each D-flip-flop has two output ports, Q and Q’, designed to simplify the logic and has been used to reduce the power consumption for IC test. The availability of both Q and Q’ ports provide the opportunity for IP protection. More specifically, we can generate a digital fingerprint by selecting different connection styles between adjacent scan cells during the design of scan chain. This method has two major advantages: fingerprints are created as a post-silicon procedure and therefore there will be little fabrication overhead; altering the connection style requires the modification of test vectors for each fingerprinted IP and thus enables a non-intrusive fingerprint verification method. This addresses the overhead and detectability problems, two of the most challenging problems of designing practical IP fingerprinting techniques in the past two decades. Combined with the recently developed reconfigurable scan networks (RSNs) that are popular for embedded and IoT devices, we design an IC identification (ID) scheme utilizing the different connection styles. We perform experiments on standard benchmarks to demonstrate that our approach has low design overhead. We also conduct security analysis to show that such fingerprints and IC IDs are robust against various attacks. In the second part of this dissertation, we consider the scan chain side channel attack, which has been reported as one of the most severe side channel attacks to modern secure systems. We argue that the current countermeasures are restricted to the requirement of providing direct SI and SO for testing and thus suffers the vulnerability of leaving this side channel open to the attackers as well. Therefore, we propose a novel public-private partial scan chain based approach with the basic idea of removing the flip flops that store sensitive information from the scan chain. This will eliminate the scan chain side channel, but it also limits IC test. The key contribution in our proposed public-private partial scan chain design is that it can keep the full test coverage while providing security to the scan chain. This is achieved by chaining the removed flip flops into one or more private partial scan chains and adding protections to the SI and SO ports of such chains. Unlike the traditional partial scan design which not only fails to provide full fault coverage, but also incur huge overhead in test time and test vector generation time, we propose a set of techniques to ensure that the desired test vectors can be entered into the system efficiently. These techniques include test vector reordering, test vector reusing, and test vector generation based on a novel finite state machine (FSM) structure we have invented. On the other hand, to enable the test engineers the ability to observe the test output to diagnose the chip while not leaking information to the attackers, we propose two lightweight mechanisms, one based on linear feedback shift register (LFSR) and the other one based on configurable physical unclonable function (PUF). Finally, we discuss a protocol on how in-field test can be realized using our public-private partial scan chain. We conduct experiments with industrial scan design tools to demonstrate that the required hardware in our approach has negligible area overhead and gives full test coverage with reduced test time and does not need to re-generate test vectors. In sum, this dissertation focuses on the role of scan chain, a conventional design for test facility, in hardware security. We show that scan chain features can be leveraged to create practical IP protection techniques including IP watermarking and fingerprinting as well as IC identification and authentication. We also propose a novel public-private partial scan design principle to close the scan chain side channel to the attackers. Through this dissertation work, we demonstrate that it is possible to develop highly practical scan chain based techniques that can benefit both the community of IC test and hardware security

Analyse de testabilité au niveau transfert de registres

Synthèse automatique et analyse de testabilité -- Les définitions de base -- Analyse de testabilité à haut niveau d'abstraction -- Analyse de testabilité et d'insertion de points de test au niveau transfert de registres -- Testability analysis and test-point insertion in RTL VHDL specifications for scan-based bist -- Implantation de l'algorithme et résultats expérimentaux