DfST Nisanth Sasidharan
2018HT80040
DfST: Design for secure testability
Introduction
Security and testability are the most important factors affecting designing for
testability. Scan chain-based testing is a standard DfT (Design for Testability) due
to its simple design and low cost. But this method can act as back door, through
which the hacker can retrieve the sensitive information through side channel
attack. Therefore, an efficient and inexpensive LFSR (linear feedback shift register)
based secured architecture through which it provides predominant security
without effecting testability. The experimental result leads to a low area and
power overhead with a secure methodology
Why DfST?
Scan based Design for Testability structures are highly vulnerable to unauthorized
access to the internal signals of a chip. A secure scan-based design will prevents
the unauthorized access without any compromise in the testability. The proposed
secure architecture employs unique keys for each test vector. These unique keys
are generated by a linear feedback shift register and are then embedded into the
don't care bits of the test vectors.
Secure Scan DfT Architecture
There are different set of techniques to secure the scan design against scan-based side-
channel attacks. The proposed techniques provide a way to exercise the scan test in a
secure manner without compromising the security of the cryptographic. The proposed
techniques are based on protocol countermeasures namely encryption key masking,
test restriction, and test data encryption.
The different types of Secure Scan DFT Architectures are as follows.
1) Securing Scan through Key Masking
2) Securing Scan through Test Restriction
a) Test Authorization using LFSR
b) Test Authorization using MISR
1
�DfST Nisanth Sasidharan
2018HT80040
c) Securing Scan through Plain-text Restriction
3) Securing Scan through Test Data Encryption
4) Joint Scan Test Architecture
a) 2M-JScan Architecture
b) Scan Cell Design for Joint-scan Architecture
1) Securing Scan through Key Masking
In this technique the encryption key is isolated from the encryption module
during the test. The proposed technique masks the cipher key from the
encryption circuitry as soon as the circuit is switched to test mode [11, 12]. In
addition to that, the last functional state of the security sensitive scan cells is
also unshed or masked. Hence, the attacker cannot observe the intermediate
encryption results from the last functional mode cycle. The proposed
technique allows exercising all kinds of conventional stuck-at and timing tests.
Furthermore, the proposed secure scan test technique has no test time
overhead and uses minimal extra circuitry.
Figure: A secure scan test controller
The proposed technique uses mirror key registers (MKR's) to isolate the
encryption key during test process. A pseudo key is loaded in the MKR's
through scan-chain and used for test purpose only. After the completion of
test session, the circuit is switched back to secure mode by resetting the chip.
2
�DfST Nisanth Sasidharan
2018HT80040
Once the chip is in secure mode, the encryption key is loaded into the MKR's
and normal encryption function can be performed. The proposed technique
can effectively fend-off scan attacks, however, the key stored in the mirror-
register cannot be tested.
2) Securing Scan through Test Restriction
The proposed technique uses a test authorization step to unlock the scan
architecture. To use the scan architecture the user first needs to supply the
test authorization key. Once the user is authorized, the conventional test
sequence can be started. Further, there are two suggested ways to implement
the test authorization logic: LFSR based and MISR based
a) Test Authorization using LFSR
The test authorization logic is formed by the test controller, LFSR, test
multiplexer TestMux, and the round register masking-logic. As can be seen
from below Figure, the logic circuitry shown in the largest gray box forms
the test controller.
Figure: Proposed secure scan test technique schematic
3
�DfST Nisanth Sasidharan
2018HT80040
The LFSR and TestMux form the key masking logic and the dotted line box
around the round register forms the round register masking logic. All the
components of the test authorization logic are explained in detail in the
following subsections.
Most of the scan-based side channel attacks target the intermediate
encryption results after the completion of the first round which is stored in
the round register. The last functional state of the round register R needs to
be flushed out or masked to find out the scan attack. We propose three
schemes to mask the last functional state of round register. The three
schemes whose schematics are shown in below Figure are: A) scan-out
masking, B) round register bypassing, and C) scan-out feedback.
Figure: Round register state masking logic schematic
In scheme A, the scan-out port is masked using a simple AND gate. One input of
the AND gate is controlled using the secure-test signal. As explained in the
previous sub-sections the secure-test signal gets 1 only after a valid test
authorization key is supplied, until then it remains 0. As a result, the output of
the masking AND gate or the scan-out port is forced to a constant 0 value. This
will prevent an unauthorized user to shift-out the round register data. On the
other hand, as soon as a valid test authorization key is supplied the scan-out port
gets unmasked.
b) Test Authorization using MISR
Another way to implement the test authorization logic is to use MISR instead of
LFSR. The MISR authorization logic is used to obfuscate the plain-text inputs as
well as the scan out port whenever the circuit enters in test mode. In order to
4
�DfST Nisanth Sasidharan
2018HT80040
unmask the plain-text inputs and the scan-out port the user needs to validate his
authenticity by supplying a specific input value at the plain text inputs. If the user
is authenticated the plain-text inputs and the scan-out port get unmasked to
carry out the conventional scan test procedure can be started else the scan-out
port remains masked.
Figure: Schematic design of the proposed secure scan test architecture (MISR)
It consists of ip-op FF1 and FF2 with RESET and SET features respectively. Also
there are three AND gates A1, A2, A3, an inverter I1, and a negated OR gate tree
NT. The input signals to test authorization logic are scan enable signal SE, clock
signal (Clk), and M-match signal. Here M-match signal is bitwise Exclusive-OR of
encryption key K and output M of the MISR. The output signals of test
authorization logic is secure-test signal. Further, the test controller also gates the
clock signal of the MISR.
c) Securing Scan through Plain-text Restriction
The techniques to secure the scan design based on test restriction uses a
scan key which is used for test authorization purpose. In these schemes it is
assumed that the scan key is managed by the encryption key management
logic. The use and management of multiple keys is a disadvantage from
security point of view. To avoid the use of scan key, we improved upon our
test restriction schemes, proposed in previous sections.
5
�DfST Nisanth Sasidharan
2018HT80040
Figure: Schematic diagram of the proposed secure scan design
3) Securing Scan through Test Data Encryption
The main idea of the proposed technique is to use an on-chip lightweight block
cipher to decrypt the encrypted test data provided by the user or Automatic Test
Equipment (ATE). The decrypted test data is then loaded into the AES scan chain and
applied. A high-level schematic diagram of the proposed technique is shown in
below Figure a light weight block cipher PRESENT [31] is added before the scan-in
port of AES
Figure: Schematic design of the proposed technique
Also, a n-bit test key matching logic is embedded in the original AES core. The test
key matching logic checks for a n-bit test key which is embedded in every test vector.
6
�DfST Nisanth Sasidharan
2018HT80040
If the test key matches it allows to scan out the test response else, it masks the SO
pin. To carry out scan test with the proposed technique
Following steps are followed:
1. Generate test vectors as well as the corresponding fault-free circuit test
responses;
2. Embed a fix n-bit scan shift key (SK) in every test vector;
3. Encrypt the test vector on-chip with PRESENT cipher algorithm using the same
test encryption key (EK which is embedded on-chip to decrypt the test vectors;
4. Scan-in the encrypted test vector, which get decrypted on-the-fly by the on-
chip
PRESENT cipher embedded on-chip
5. Collect the test response and compare with the golden circuit response;
4) Joint Scan Test Architecture
For the future large scale designs the DFT solutions are required to be scalable.
The DFT architecture must be capable of reducing the test time, test data
volume, and test power proportionately for the larger designs as the design
gets more complex. The Joint-scan architecture aims at that problem
a) 2M-JScan Architecture
The 2M-JScan consist of two sub-scan architectures: Partial serial scan (P-
serial) and Partial random scan (P-random). The available ip-ops in CUT are
segregated into two groups to form P-serial and P-random. The P-serial is a
serial scan chain formed from the first group of ip-ops and the P-random is
a random-access scan formed from the second group of ip-ops. Following
sub sections give detail on the architecture.
The three primary components in the proposed architecture are P-serial, P-
random, and test control logic (TCL). The P-serial and P-random are
implemented with multiple serial scan chains (MSS) and progressive
random-access scan (PRAS) respectively.
To realize the proposed architecture, we have identified three main
challenges:
1. Integrating and operating the P-serial and P-random
2. Maintaining equilibrium in shift time across all patterns
3. Grouping of ip-ops in P-serial and P-random to obtain the best
results
7
�DfST Nisanth Sasidharan
2018HT80040
Figure: Proposed two-mode Joint-scan Architecture (2M-JScan)
The proposed 2M-JScan architecture functions in two modes of operation:
1.) functional mode, and 2.) test mode. Note that both the modules, P-Serial
and P-random, are operated concurrently.
1) The functional mode controls two primary operations: 1.) normal
function, and 2.) response capture. Normal function is when the circuit
perform desired functional operation in normal mode. The test control
logic keeps serial scan enable (SSE) signal at low to operate P-Serial scan
ip-ops as regular ip-ops. Similarly, row address shift register, and column
driver are disabled to operate P-random scan ip-ops as regular ip-ops.
2) The Test mode controls three primary test operations: 1.)
loading/unloading of stimuli/response, 2.) launching of stimuli, and 3.)
shift out of response from MISR. The test mode is en-abled by holding
test mode = 1. Loading/unloading operation in P-Serial and P-random
takes place simultaneously. The SSE signal is kept high during this mode.
In P-Serial the test stimuli are scanned in through scan-in lines and
responses are compacted using MISR. The load/unload operation in P-
random are performed row by row.
8
�DfST Nisanth Sasidharan
2018HT80040
Conclusion and Future Scope
The advancements in chip fabrication has made it possible to design systems with
highly complex functionality, which are being used in applications such as
autonomous vehicles, personnel healthcare, smart home and cities, deep neural
network, and many more IoT based emerging applications. Security and reliability
are at the forefront of design of such systems.
Because of orthogonal objectives of security and testability the problem has
become more severe. The proposed techniques ensure security of scan
architecture against scan attacks without compromising on its testability aspects.
Another problem that we addressed in this thesis is the testability issues in scan
test such as test data volume, test time, and test power. We have proposed an
efficient implementation of an alternative Joint-scan architecture that minimizes
these issues all together. Further, we have explored scan cell design-based
approach to resolve issues like, scan performance overhead, unnecessary
switching activity in combinational logic during scan, and scan chain diagnosis. In
addition to that we proposed a technique to enable LOS based delay test with
slow scan enable signal.
