Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Scan design called portal for hackers

Posted: 01 Dec 2004 ?? ?Print Version ?Bookmark and Share

Keywords:smart credit card? hacker? chip design? international test conference? ic?

Think your "smart" credit cards are safe from hackers, that your company firewall is secure and that no one can steal the intellectual property in your latest chip design?

Think again. Any chip that uses scan designand any system built around itmay be vulnerable to hackers or to other interested third parties, according to a research presented at the International Test Conference.

There's a growing recognition in the industry that the scan chains that make ICs testable can potentially be used to break their encryption algorithms and steal their intellectual property.

"Good test quality requires full access to all elements that determine the internal state of an IC," said Erik Jan Marinessen, principal scientist at Philips Research Labs in Eindhoven, Netherlands, and moderator of the panel. "Full access means full controllability and full observability. These test requirements are in complete contradiction to security requirements, where neither full controllability nor observability should be given to the world external to the IC."

Marinessen is optimistic about resolving the dilemma, however. "A proper control of the IC's life cycle prevents the use of such test features during application mode when secrets are in use," he said.

But another is far more pessimistic. Ramesh Karri, associate professor of electrical and computing engineering at the Polytechnic University in Brooklyn, New York, is co-author of an ITC paper titled "Scan-based side channel attack on dedicated hardware implementations of data encryption standard."

His paper details a two-phased attack that can nab a secret DES encryption key even when the architecture of the scan chain is unknown and the key is stored in secure memory. "Scan is a bad design-for-test methodology. It is a very good design-for-hacking methodology," he said.

"It's a real problem," concurred Rohit Kapur, scientist at EDA vendor Synopsys Inc. Kapur believes, however, that there's a solution, and at the ITC panel, he proposed a scheme that uses decoding and encoding logic to protect the data in scan chains.

"Scan chains provide a window into the chip," said Yervant Zorian, CTO of Virage Logic. "But that window can be used offline or online to extract information from the chip." Like Kapur, Zorian believes one possible solution is to add encryption and decryption logic to scan chains.

"It's well known that scan chains are a major source of vulnerability in embedded systems," said Srinivas Ravi, research staff member at NEC Laboratories America and a security architect for NEC's mobile-terminal applications chips. Karri hasn't uncovered a new problem, Ravi said, but his work is important because it provides a detailed independent analysis of the issue.

Most ASICs use scan design because it's a relatively easy way to give testers access to internal states. According to a recent Gartner Dataquest study, 82 percent of ASIC designers reported that their most recent designs used scan chain insertion.

The primary alternative is built-in self-test (BIST), which is more secure because it doesn't require visible scan chains. But BIST is more complicated to implement and has yet to be widely adopted for logic. Opinions differ on whether BIST could be an effective alternative to scan for security-conscious designs.

Trouble with scan

Scan design is based on a relatively simple concept. One or more scan chains are constructed within a chip by tying together some internal registers and flip-flops and then connecting them to the serial JTAG boundary scan interface. During testing, test vectors are scanned in through the scan input pin, and the contents of internal registers are scanned out through the scan output pin.

The good news is that ATE can thus find stuck-at-1 or stuck-at-0 faults that would otherwise lie hidden within the device, just waiting to make it fail in the field. The bad news is that hackers can see the internals of the device too, Karri said.

"By providing a scan chain, you are providing access to the internal state of a chip," he said. "If you know the algorithm that's being implemented, any proprietary data that's part of that algorithm can be easily compromised and discovered."

Thus, said Synopsys' Kapur, "if you have a chip that goes into a credit card and you are able to scan out information, you might be able to replicate that card."

Although Karri's paper focuses on a methodology for breaking encryption algorithms, the problem is far broader, he said: Any kind of intellectual property can be compromised with scan design.

Karri said he wasn't aware of any actual hacker attacks using scan chains, but he said the security community knows about the problem and that some of the high-end smart-card vendors are now avoiding scan chains. He also noted that the Federal Information Processing Standard (FIPS) for cryptographic modules states that access to the "contents" of the module must be restricted. Karri maintains that this essentially prohibits scan design, even though FIPS does not explicitly mention it.


Marinessen said providers of security-conscious applications, including Philips, take "countermeasures" to prevent hacking. But he declined to comment on the exact nature of those countermeasures.

"I think that in his ITC '04 paper, Professor Karri assumes that it is relatively easy to find out which IC pins serve as scan chain I/Os and how the scan operation of the scan chains should be controlled," Marinessen said. "This is not possible for advanced security devices, and hence provides no attack path."

Karri's ITC paper outlines two phases to breaking a DES encryption algorithm. In the first phase, the paper describes a five-step plan for applying selected user inputs, or "plaintexts," to determine the scan chain structure. The second phase shows how a hacker could break the DES algorithm by applying three known plaintexts.

Karri said he's not optimistic that scan chains can be made more secure. His paper notes that even when scan chains are unbound after testing, they can still be accessed by breaking the IC package open.

Kapur of Synopsys, however, believes there is a solution to this issue. His idea involves putting some decoding logic at the scan chain input and encoding logic at the scan chain output. "As long as the encoding logic is different from the decoding logic," he said, "what you scan in, you can't scan out."

- Richard Goering

EE Times

Article Comments - Scan design called portal for hacker...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top