Through the Looking-Glass: Sensitive Data Extraction by Optical Probing of Scan Chains

Authors

  • Tuba Kiyan Technische Universität Berlin, Berlin, Germany
  • Lars Renkes Technische Universität Berlin, Berlin, Germany
  • Marvin Sass Technische Universität Berlin, Berlin, Germany
  • Antonio Saavedra Technische Universität Berlin, Berlin, Germany
  • Norbert Herfurth IHP - Leibniz-Institut für innovative Mikroelektronik, Frankfurt (Oder), Germany
  • Elham Amini Technische Universität Berlin, Berlin, Germany
  • Jean-Pierre Seifert Technische Universität Berlin, Berlin, Germany

DOI:

https://doi.org/10.46586/tches.v2024.i4.541-568

Keywords:

Hardware attacks, Design for Testing, Scan chains, Optical Probing

Abstract

There is an imminent trade-off between an Integrated Circuit (IC)’s testability and its physical security. While Design for Test (DfT) techniques, such as scan chains make the circuit’s physical behavior at runtime observable and easy to control, these techniques form a lucrative class of attack vectors with the potential to compromise the entire security architecture of the Device under Test (DuT). Moreover, with the rapid development of more complex technologies, the need for integration of DfT techniques even intensifies due to the requirement for faster time-to-market of cutting-edge ICs. In this work, we demonstrate that sensitive data can be extracted from the registers once their locations on the chip are identified by exploiting DfT structures and optically probing them — in this case, scan chains, even after the access to test mode is restricted. Furthermore, we show that also an obfuscated scan chain architecture can be fully reconstructed by using tools and techniques encountered in the Failure Analysis (FA) domain.

Downloads

Published

2024-09-05

Issue

Section

Articles

How to Cite

Kiyan, T., Renkes, L., Sass, M., Saavedra, A., Herfurth, N., Amini, E., & Seifert, J.-P. (2024). Through the Looking-Glass: Sensitive Data Extraction by Optical Probing of Scan Chains. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(4), 541-568. https://doi.org/10.46586/tches.v2024.i4.541-568