Scan chain encryption in Test Standards

Similar documents
BoxPlot++ Zeina Azmeh, Fady Hamoui, Marianne Huchard. To cite this version: HAL Id: lirmm

Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression

A Novel Hardware Logic Encryption Technique for thwarting Illegal Overproduction and Hardware Trojans

A Reliable Architecture for Parallel Implementations of the Advanced Encryption Standard

Relabeling nodes according to the structure of the graph

Blind Browsing on Hand-Held Devices: Touching the Web... to Understand it Better

Fault-Tolerant Storage Servers for the Databases of Redundant Web Servers in a Computing Grid

Linux: Understanding Process-Level Power Consumption

Every 3-connected, essentially 11-connected line graph is hamiltonian

Multimedia CTI Services for Telecommunication Systems

YAM++ : A multi-strategy based approach for Ontology matching task

How to simulate a volume-controlled flooding with mathematical morphology operators?

Setup of epiphytic assistance systems with SEPIA

Linked data from your pocket: The Android RDFContentProvider

SIM-Mee - Mobilizing your social network

Tacked Link List - An Improved Linked List for Advance Resource Reservation

Teaching Encapsulation and Modularity in Object-Oriented Languages with Access Graphs

Synthesis of fixed-point programs: the case of matrix multiplication

Mokka, main guidelines and future

Self-optimisation using runtime code generation for Wireless Sensor Networks Internet-of-Things

DANCer: Dynamic Attributed Network with Community Structure Generator

Study on Feebly Open Set with Respect to an Ideal Topological Spaces

LaHC at CLEF 2015 SBS Lab

A Voronoi-Based Hybrid Meshing Method

Catalogue of architectural patterns characterized by constraint components, Version 1.0

Privacy-preserving carpooling

Zigbee Wireless Sensor Network Nodes Deployment Strategy for Digital Agricultural Data Acquisition

Assisted Policy Management for SPARQL Endpoints Access Control

The New Territory of Lightweight Security in a Cloud Computing Environment

FIT IoT-LAB: The Largest IoT Open Experimental Testbed

Decentralised and Privacy-Aware Learning of Traversal Time Models

Real-Time Collision Detection for Dynamic Virtual Environments

MUTE: A Peer-to-Peer Web-based Real-time Collaborative Editor

Malware models for network and service management

YANG-Based Configuration Modeling - The SecSIP IPS Case Study

QuickRanking: Fast Algorithm For Sorting And Ranking Data

Change Detection System for the Maintenance of Automated Testing

Open Digital Forms. Hiep Le, Thomas Rebele, Fabian Suchanek. HAL Id: hal

Very Tight Coupling between LTE and WiFi: a Practical Analysis

XBenchMatch: a Benchmark for XML Schema Matching Tools

Service Reconfiguration in the DANAH Assistive System

Comparison of spatial indexes

The Connectivity Order of Links

Efficient Gradient Method for Locally Optimizing the Periodic/Aperiodic Ambiguity Function

Traffic Grooming in Bidirectional WDM Ring Networks

X-Kaapi C programming interface

Security Analysis of Mobile Phones Used as OTP Generators

Kernel perfect and critical kernel imperfect digraphs structure

Representation of Finite Games as Network Congestion Games

Implementing an Automatic Functional Test Pattern Generation for Mixed-Signal Boards in a Maintenance Context

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

Multi-atlas labeling with population-specific template and non-local patch-based label fusion

A Short SPAN+AVISPA Tutorial

Comparator: A Tool for Quantifying Behavioural Compatibility

An FCA Framework for Knowledge Discovery in SPARQL Query Answers

Moveability and Collision Analysis for Fully-Parallel Manipulators

A Methodology for Improving Software Design Lifecycle in Embedded Control Systems

An Experimental Assessment of the 2D Visibility Complex

HySCaS: Hybrid Stereoscopic Calibration Software

Reverse-engineering of UML 2.0 Sequence Diagrams from Execution Traces

The optimal routing of augmented cubes.

Branch-and-price algorithms for the Bi-Objective Vehicle Routing Problem with Time Windows

Quality of Service Enhancement by Using an Integer Bloom Filter Based Data Deduplication Mechanism in the Cloud Storage Environment

From medical imaging to numerical simulations

[Demo] A webtool for analyzing land-use planning documents

Regularization parameter estimation for non-negative hyperspectral image deconvolution:supplementary material

Simulations of VANET Scenarios with OPNET and SUMO

Cloud My Task - A Peer-to-Peer Distributed Python Script Execution Service

Natural Language Based User Interface for On-Demand Service Composition

KeyGlasses : Semi-transparent keys to optimize text input on virtual keyboard

IntroClassJava: A Benchmark of 297 Small and Buggy Java Programs

Combined video and laser camera for inspection of old mine shafts

Development of an ATCA IPMI controller mezzanine board to be used in the ATCA developments for the ATLAS Liquid Argon upgrade

Preliminary analysis of the drive system of the CTA LST Telescope and its integration in the whole PLC architecture

Structuring the First Steps of Requirements Elicitation

Real-time FEM based control of soft surgical robots

CTF3 BPM acquisition system

Prototype Selection Methods for On-line HWR

UsiXML Extension for Awareness Support

QAKiS: an Open Domain QA System based on Relational Patterns

Experimental Evaluation of an IEC Station Bus Communication Reliability

An Implementation of a Paper Based Authentication Using HC2D Barcode and Digital Signature

Robust IP and UDP-lite header recovery for packetized multimedia transmission

Deformetrica: a software for statistical analysis of anatomical shapes

Taking Benefit from the User Density in Large Cities for Delivering SMS

GDS Resource Record: Generalization of the Delegation Signer Model

Technical Overview of F-Interop

Emerging and scripted roles in computer-supported collaborative learning

Monitoring Air Quality in Korea s Metropolises on Ultra-High Resolution Wall-Sized Displays

Search-Based Testing for Embedded Telecom Software with Complex Input Structures

A 64-Kbytes ITTAGE indirect branch predictor

Focused Ion Beam Micro Machining and Micro Assembly

Recommendation-Based Trust Model in P2P Network Environment

Scalewelis: a Scalable Query-based Faceted Search System on Top of SPARQL Endpoints

Minor-monotone crossing number

Lossless and Lossy Minimal Redundancy Pyramidal Decomposition for Scalable Image Compression Technique

Modularity for Java and How OSGi Can Help

Efficient implementation of interval matrix multiplication

Type Feedback for Bytecode Interpreters

BugMaps-Granger: A Tool for Causality Analysis between Source Code Metrics and Bugs

Transcription:

Scan chain encryption in Test Standards Mathieu Da Silva, Giorgio Di Natale, Marie-Lise Flottes, Bruno Rouzeyre To cite this version: Mathieu Da Silva, Giorgio Di Natale, Marie-Lise Flottes, Bruno Rouzeyre. Scan chain encryption in Test Standards. SURREALIST: SecURity, REliAbiLity, test, privacy, Safety and Trust of Future Devices, May 2018, Bremen, Germany. Workshop on SecURity, REliAbiLity, test, privacy, Safety and Trust of Future Devices, 2018, <http://www.lirmm.fr/surrealist18/>. <lirmm-01882578v2> HAL Id: lirmm-01882578 https://hal-lirmm.ccsd.cnrs.fr/lirmm-01882578v2 Submitted on 10 Oct 2018 HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

SCAN CHAIN ENCRYPTION IN TEST STANDARDS Mathieu Da Silva, Marie-Lise Flottes, Giorgio Di Natale, Bruno Rouzeyre SURREALIST 2018

BSR BSR CONTEXT Test standards IEEE 1149 (JTAG) for board testing TDI Device 1 Device 2 Device 3 TDO Device Scan chain TMS TCK TDI IDCODE BYP IR TAP controller TMS TCK TDO IEEE 1500 for cores testing in a SoC IEEE 1687 (IJTAG) for embedded instruments 2

BSR BSR CONTEXT Threats Unauthorized user Malicious device TDI Device 1 Device 2 Device 3 TDO Device Scan chain TMS TCK TDI IDCODE BYP IR TDO Untrusted devices Rosenfeld et al., Attacks and Defenses for JTAG, IEEE Design & Test 2010 TAP controller Malicious users (example: scan attacks) TMS TCK Yang et al., Secure Scan: A Design-for-Test Architecture for Crypto Chips, TCAD 06 3

SUMMARY 1) Scan chain encryption 2) State-of-the-art based on test communication encryption 3) Implementation with block cipher 4) Implementation with stream cipher 5) Conclusion 4

SCAN CHAIN ENCRYPTION Solution: test communication encryption Unauthorized user Unauthorized user TDI Dec Decrypted data Encrypted data Malicious device Device 1 Enc Device 3 TDO TMS TCK Input decryption prevents sending desired test data Output encryption prevents reading plain test responses 5

SCAN CHAIN ENCRYPTION Solution: test communication encryption Unauthorized user Unauthorized user Encryption Malicious device Decryption TDI Dec Device 1 Enc Device 3 TDO TMS TCK Test patterns Symmetric ciphers Authorized user Authorized user Test responses Input decryption prevents sending desired test data Output encryption prevents reading plain test responses Test/debug only possible by authorized user knowing the secret key 6

SYMMETRIC CIPHER 2 types of symmetric cipher: stream and block ciphers 7

STREAM CIPHER / BLOCK CIPHER Stream cipher encryption Keystream XORed bitwise with the plaintext Block cipher encryption Confusion and diffusion on a block of plaintext Plaintext R IV Pseudo-Random Key Generator Keystream S(IV, Key) 1 1 1 Plaintext R N Block cipher Ciphertext c Key Preference for stream ciphers Ciphertext c "Naturally" adapted to serial test communication (JTAG, IEEE 1500, IJTAG) Smaller area footprint compared to block ciphers But.. N 8

TWO-TIMES PAD: STREAM CIPHER REQUIREMENT Two-times pad: same key and IV re-used => same keystream generated to encrypt different data IV IV Key Stream cipher Reset Key Stream cipher S(IV, Key) S(IV, Key) R 1 R 1 S(IV, Key) R 2 R 2 S(IV, Key) Possible to carry out attacks if requirement is not fit R1 S(IV, Key) R2 S(IV, Key) Solution: IV generated randomly at each circuit reset R1 S(IV 1, Key) R2 S (IV 2, Key) 9

SUMMARY 1) Scan chain encryption 2) State-of-the-art based on test communication encryption 3) Implementation with block cipher 4) Implementation with stream cipher 5) Conclusion 10

STREAM-BASED ENCRYPTION ON JTAG INTERFACE Challenge/Response protocol to encrypt JTAG test communication 1) Challenge C Hashmodule 2) Response as Key Key Fuses IV Stream cipher S(IV, Key) TDI Test Data Register TDO Requirement not fulfilled 3) Encryption of the JTAG TDR with the keystream S(IV, Key) Rosenfeld et al., Attacks and Defenses for JTAG, IEEE Design & Test 2010 11

BSR BSR STREAM-BASED ENCRYPTION ON IEEE 1500 INTERFACE IEEE 1500 standard Similar as JTAG standard, but for SoC wrappers Parallel test inputs WPI and parallel test outputs WPO WSI Core 1 Core 2 Core 3 WSO Core under test WPI Scan chain WPO WSC WSI IDCODE BYP WSO IR 12

STREAM-BASED ENCRYPTION ON IEEE 1500 INTERFACE Encrypt test data on a targeted core (IEEE 1500) 1) Send the key to the core via specific scan chain non-visible from the others cores WSI Core 1 Core 2 Core 3 WSO WSC Rosenfeld et al., Security-Aware SoC Test Access Mechanisms, VTS 11 13

BSR BSR STREAM-BASED ENCRYPTION ON IEEE 1500 INTERFACE Encrypt test data on a targeted core (IEEE 1500) 1) Encrypt the parallel input/output (WPI and WPO) WSI Core 1 Core 2 Core 3 WSO Core under test WPI Scan chain WPO WSC WSI WPI IDCODE BYP IR WSO WPO Requirement not fulfilled Rosenfeld et al., Security-Aware SoC Test Access Mechanisms, VTS 11 14

STREAM-BASED ENCRYPTION ON IJTAG INTERFACE Encryption of Test Data Register associated to Instruments in the IJTAG network TDI Cipher In Cipher Out Requirement not fulfilled TDO Kan et al., Echeloned IJTAG data protection, AsianHOST 2016. 15

OUR PROPOSITION Insertion of block or stream ciphers at Scan-In and Scan-Out Assumption: original circuit embedded a crypto-core with its key management and storing Scan chain encryption solution shares the key management and storing already implemented 16

SUMMARY 1) Scan chain encryption 2) State-of-the-art based on test communication encryption 3) Implementation with block cipher 4) Implementation with stream cipher 5) Conclusion 17

BLOCK CIPHER-BASED SCAN ENCRYPTION Implementation on scan chain with 2 PRESENT block ciphers: Lightweight (1 PRESENT = 2 139 GE) Encryption by 64-bits block size 18

MODE OF OPERATIONS 64 bits encrypted every 32 clock cycles Original circuit 64 bits Input Scan Cipher S i (64 bits) S i 1 (64 bits) S 2 (64 bits) Scan chain length #SFF S 1 (64 bits) Output Scan Cipher #SFF = Px64 No test time overhead on each pattern 19

MODE OF OPERATIONS S 1 R+U = 64 bits U bits = Unused bits R=#SFF mod 64 U bits added Original circuit 64 bits Input Scan Cipher S i (64 bits) S i 1 (64 bits) S 2 (64 bits) Scan chain length #SFF Output Scan Cipher #SFF = Px64 + R Loss of U clock cycles per pattern 20

SUMMARY 1) Scan chain encryption 2) State-of-the-art based on test communication encryption 3) Implementation with block cipher 4) Implementation with stream cipher 5) Conclusion 21

STREAM CIPHER-BASED SCAN ENCRYPTION Implementation on JTAG: 1 TRIVIUM stream cipher (2 016 GE) TRNG to generate random IV New instruction GetIV with a test data register IV Mode of operations in 2 phases: initialization and encryption 22

INITIALIZATION PHASE 1) TRNG initialization: reach sufficient entropy to generate random number 23

INITIALIZATION PHASE 2) Shift IV in the dedicated Test Data Register 24

INITIALIZATION PHASE 3) Stream cipher setup 25

INITIALIZATION PHASE Initialization phase finished => Encryption phase 26

ENCRYPTION PHASE User sends GETIV instruction Shift the content of the IV register out the circuit GetIV IV 27

ENCRYPTION PHASE User can encrypt and decrypt test data with the obtained IV and the shared secret key 28

TIME FOR THE INITIALIZATION PROCESS T TRNG_init to initialize the TRNG 80 clock cycles to shift the IV in the register 1 152 clock cycles for the stream cipher setup Original circuit Triple-DES Pipelined AES-128 Test time* (clock cycles) Test time overhead Block-based solution (%) Stream-based solution (%)** Pipelined AES-256 RSA 1024 LEON3 687 101 1 944 877 4 559 845 39 405 239 11 612 051 +0.31 +0.81 +0.006 +0.33 +0.004 +0.18 +0.06 +0.03 +0.003 +0.01 *: Test time considered for a fault coverage of 100%, except for LEON3 where it reaches 70% **: test time overhead without the initialization of the TRNG 29

SUMMARY 1) Scan chain encryption 2) State-of-the-art based on test communication encryption 3) Implementation with block cipher 4) Implementation with stream cipher 5) Conclusion 30

COMPARISON BETWEEN BOTH SOLUTIONS Security Block cipher-based solution (PRESENT) Stream cipher-based solution (TRIVIUM) - Scan attacks Protected Protected (two times pad not possible) - Malicious core Protected Protected Cost - Area 10 658.96 µm² 5 408.52 µm² (+ 31 200 µm² for TRNG) - Test time Depends on the scan length (multiple or not of the block size) Integration - Diagnosis & debug Still possible in-field Clock cycles required for the initialization phase - Key management Re-use key management already implemented - Integration in test daisy-chain Possible issue with the padding of test data No issue 31

ACKNOWLEDGEMENTS FUI#20 TEEVA Project Partners 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback