Phase Locking Authentication for Scan Architecture

Scan design is a widely used Design for Testability (DfT) approach for digital circuits. It provides a high level of controllability and observability resulting in a high fault coverage. To achieve a high level of testability, scan architecture must provide access to the internal nodes of the circuit-under-test (CUT). This access however leads to vulnerability in the security of the CUT. If an unrestricted access is provided through a scan architecture, unlimited test vectors can be applied to the CUT and its responses can be captured. Such an unrestricted access to the CUT can potentially undermine the security of the critical information stored in the CUT. There is a need to secure scan architecture to prevent hardware attacks however a secure solution may limit the CUT testability. There is a trade-off between security and testability, therefore, a secure scan architecture without hindering its controllability and observability is required. Three solutions to secure scan architecture have been proposed in this thesis. In the first method, the tester is authenticated and the number of authentication attempts has been limited. In the second method, a Phase Locked Loop (PLL) is utilized to secure scan architecture. In the third method, the scan architecture is secured through a clock and data recovery (CDR) technique. This is a manuscript based thesis and the results of this study have been published in two conference proceedings. The latest results have also been prepared as an article for submission to a high rank conference

A Hardware Security Solution against Scan-Based Attacks

Scan based Design for Test (DfT) schemes have been widely used to achieve high fault coverage for integrated circuits. The scan technique provides full access to the internal nodes of the device-under-test to control them or observe their response to input test vectors. While such comprehensive access is highly desirable for testing, it is not acceptable for secure chips as it is subject to exploitation by various attacks. In this work, new methods are presented to protect the security of critical information against scan-based attacks. In the proposed methods, access to the circuit containing secret information via the scan chain has been severely limited in order to reduce the risk of a security breach. To ensure the testability of the circuit, a built-in self-test which utilizes an LFSR as the test pattern generator (TPG) is proposed. The proposed schemes can be used as a countermeasure against side channel attacks with a low area overhead as compared to the existing solutions in literature

Survey of Soft Error Mitigation Techniques Applied to LEON3 Soft Processors on SRAM-Based FPGAs

Soft-core processors implemented in SRAM-based FPGAs are an attractive option for applications to be employed in radiation environments due to their flexibility, relatively-low application development costs, and reconfigurability features enabling them to adapt to the evolving mission needs. Despite the advantages soft-core processors possess, they are seldom used in critical applications because they are more sensitive to radiation than their hard-core counterparts. For instance, both the logic and signal routing circuitry of a soft-core processor as well as its user memory are susceptible to radiation-induced faults. Therefore, soft-core processors must be appropriately hardened against ionizing-radiation to become a feasible design choice for harsh environments and thus to reap all their benefits. This survey henceforth discusses various techniques to protect the configuration and user memories of an LEON3 soft processor, which is one of the most widely used soft-core processors in radiation environments, as reported in the state-of-the-art literature, with the objective of facilitating the choice of right fault-mitigation solution for any given soft-core processor

Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented

Side-channel Analysis of Subscriber Identity Modules

Subscriber identity modules (SIMs) contain useful forensic data but are often locked with a PIN code that restricts access to this data. If an invalid PIN is entered several times, the card locks and may even destroy its stored data. This presents a challenge to the retrieval of data from the SIM when the PIN is unknown. The field of side-channel analysis (SCA) collects, identifies, and processes information leaked via inadvertent channels. One promising side-channel leakage is that of electromagnetic (EM) emanations; by monitoring the SIM\u27s emissions, it may be possible to determine the correct PIN to unlock the card. This thesis uses EM SCA techniques to attempt to discover the SIM card\u27s PIN. The tested SIM is subjected to simple and differential electromagnetic analysis. No clear data dependency or correlation is apparent. The SIM does reveal information pertaining to its validation routine, but the value of the card\u27s stored PIN does not appear to leak via EM emissions. Two factors contributing to this result are the black-box nature of PIN validation and the hardware and software SCA countermeasures. Further experimentation on SIMs with known operational characteristics is recommended to determine the viability of future SCA attacks on these devices