Through the Looking-Glass: Sensitive Data Extraction by Optical Probing of Scan Chains
DOI:
https://doi.org/10.46586/tches.v2024.i4.541-568Keywords:
Hardware attacks, Design for Testing, Scan chains, Optical ProbingAbstract
There is an imminent trade-off between an Integrated Circuit (IC)’s testability and its physical security. While Design for Test (DfT) techniques, such as scan chains make the circuit’s physical behavior at runtime observable and easy to control, these techniques form a lucrative class of attack vectors with the potential to compromise the entire security architecture of the Device under Test (DuT). Moreover, with the rapid development of more complex technologies, the need for integration of DfT techniques even intensifies due to the requirement for faster time-to-market of cutting-edge ICs. In this work, we demonstrate that sensitive data can be extracted from the registers once their locations on the chip are identified by exploiting DfT structures and optically probing them — in this case, scan chains, even after the access to test mode is restricted. Furthermore, we show that also an obfuscated scan chain architecture can be fully reconstructed by using tools and techniques encountered in the Failure Analysis (FA) domain.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Tuba Kiyan, Lars Renkes, Marvin Sass, Antonio Saavedra, Norbert Herfurth, Elham Amini, Jean-Pierre Seifert
This work is licensed under a Creative Commons Attribution 4.0 International License.
