Sergej Meschkov, Dennis R. E. Gnad, Jonas Krautter, M. Tahoori
{"title":"您的安全测试基础设施是否足够安全?:基于使用瞬态行为分析的延迟测试模式的攻击","authors":"Sergej Meschkov, Dennis R. E. Gnad, Jonas Krautter, M. Tahoori","doi":"10.1109/ITC50571.2021.00048","DOIUrl":null,"url":null,"abstract":"The existing work on securing test infrastructure is based on the assumption of restricting or encrypting access to the sensitive information, which otherwise can be accessed by the scan chains or similar test access ports. Hence, the (publicly) accessible outputs or test infrastructure subset supposedly do not leak secret information. Since the on-chip test infrastructure is reused in-field for achieving functional safety requirements, disabling them completely after manufacturing test phase is not an option. In this work we invalidate this assumption by showing that having access to (small delay) test results on insensitive (public) outputs can in fact reveal secret data. Using real hardware, we have performed template attacks using the results of delay testing on the output of cryptographic circuits and were able to retrieve the key with very few test inputs. This template attack requires only few random patterns on the victim device, which could be different from the device used for template building.","PeriodicalId":147006,"journal":{"name":"2021 IEEE International Test Conference (ITC)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Is your secure test infrastructure secure enough? : Attacks based on delay test patterns using transient behavior analysis\",\"authors\":\"Sergej Meschkov, Dennis R. E. Gnad, Jonas Krautter, M. Tahoori\",\"doi\":\"10.1109/ITC50571.2021.00048\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The existing work on securing test infrastructure is based on the assumption of restricting or encrypting access to the sensitive information, which otherwise can be accessed by the scan chains or similar test access ports. Hence, the (publicly) accessible outputs or test infrastructure subset supposedly do not leak secret information. Since the on-chip test infrastructure is reused in-field for achieving functional safety requirements, disabling them completely after manufacturing test phase is not an option. In this work we invalidate this assumption by showing that having access to (small delay) test results on insensitive (public) outputs can in fact reveal secret data. Using real hardware, we have performed template attacks using the results of delay testing on the output of cryptographic circuits and were able to retrieve the key with very few test inputs. This template attack requires only few random patterns on the victim device, which could be different from the device used for template building.\",\"PeriodicalId\":147006,\"journal\":{\"name\":\"2021 IEEE International Test Conference (ITC)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Test Conference (ITC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITC50571.2021.00048\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Test Conference (ITC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITC50571.2021.00048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Is your secure test infrastructure secure enough? : Attacks based on delay test patterns using transient behavior analysis
The existing work on securing test infrastructure is based on the assumption of restricting or encrypting access to the sensitive information, which otherwise can be accessed by the scan chains or similar test access ports. Hence, the (publicly) accessible outputs or test infrastructure subset supposedly do not leak secret information. Since the on-chip test infrastructure is reused in-field for achieving functional safety requirements, disabling them completely after manufacturing test phase is not an option. In this work we invalidate this assumption by showing that having access to (small delay) test results on insensitive (public) outputs can in fact reveal secret data. Using real hardware, we have performed template attacks using the results of delay testing on the output of cryptographic circuits and were able to retrieve the key with very few test inputs. This template attack requires only few random patterns on the victim device, which could be different from the device used for template building.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
