Scan attack in presence of mode-reset countermeasure

Abstract

Design for testability (DFT) is the most common testing technique used in the modern VLSI industries. However, when this technique is incorporated in a cryptographic circuit, it may open a back door to an attacker. The attacker can get access to the internal scan chains by switching the device from the normal mode to the test mode and then observe the chip content. The scan cells which were originally used to enhance the testability, can thus be misused to access the intermediate results of the cryptographic algorithm running inside the chip. One countermeasure against such attacks is to reset the device whenever there is a switch from the normal mode to the test mode. In this work we are going to analyse this countermeasure and show that it is not completely secure against scan attack. We show that an attack is possible using only the test mode which will bypass the countermeasure.