GF-Flush: A GF(2) Algebraic Attack on Secure Scan Chains

Dake Chen, Chunxiao Lin, Peter A. Beerel

Scan chains provide increased controllability and observability for testing digital circuits. The increased testability, however, can also be a source of information leakage for sensitive designs. The state-of-the-art defenses to secure scan chains apply dynamic keys to pseudo-randomly invert the scan vectors. In this paper, we pinpoint an algebraic vulnerability of these dynamic defenses that involves creating and solving a system of linear equations over the finite field GF(2). In particular, we propose a novel GF(2)-based flush attack that breaks even the most rigorous version of state-of-the-art dynamic defenses. Our experimental results demonstrate that our attack recovers the key as long as 500 bits in less than 7 seconds, the attack times are about one hundredth of state-of-the-art SAT based attacks on the same defenses. We then demonstrate how our attacks can be extended to scan chains compressed with Multiple-Input Signature Registers (MISRs).

Knowledge Graph



Sign up or login to leave a comment