Analysis of Hardware Security to Prevent the Scan Based Attacks by

Security of integrated circuits (ICs) has emerged as a major concern at different stages of IC life spanning design, test, fabrication and deployment. Modern ICs are becoming increasingly vulnerable to various forms of security threats, such as: 1) illegaluse of hardware intellectual property (IP) Piracy. 2) Illegal manufacturing of IC Designing of confidential ICs must satisfy many design rules in order to rectify the various attacks and to protect the secret data. Based on the concept of withholding information, on-chip comparisons for actual and expected response. Obfuscation method to prevent the piracy overbuilding and reverse engineering RE. But no security against scan based attackers. This practical logic obfuscation applicable for combinational circuits and will not protect the scan attacks. In order overcome this drawback the recent works on hardware security to prevent piracy. From the security point of view, few limitations of existing method limit the security level. Some countermeasures have been proposed in order to secure the scan technique and on-chip comparison. This method can be applicable for both sequential, combinational circuits. This proposed method can be applied for all scan testing. We implement the project using Xilinx ISE tool fo Simulation and synthesis and the code is written in Verilog HDL.


I. INTRODUCTION
Traditionally, the IC design is written without any concern of obfuscation, and hence IC design is vulnerable to RE, piracy, and overbuilding. The gate-level netlist design to produce an obfuscated netlist, which is functionally equivalent to the former when correct key is given. An obfuscated gate-level netlist is synthesized into the layout geometry for manufacturing. An adversary buys the obfuscated IC on the open market and then obtains the gate-level netlist by image processing However, the functionality of obfuscated cells cannot be identified. The modi a silicon physical unclonable function (PUF), and it can exactly perform the same as that of the design as long as the correct license is issued by the IP/IC designer. This means that only the chips authorized by the designer can g functionalities. Obfuscation framework can prevent IC from RE, piracy, and over building. But no security against scan based attackers. This practical logic obfuscation applicable for combinational circuits and will not protect the sca In order overcome this drawback the recent works on hardware security to prevent piracy to rectify the various attacks and to protect the secret data. From the security point of view, few limitations of existing method limit the security level. countermeasures have been proposed in order to secure the scan technique and on Traditionally, the IC design is written without any obfuscation, and hence IC design is vulnerable to RE, piracy, and overbuilding. The level netlist design to produce an obfuscated netlist, which is functionally equivalent to the former when correct key is given. An obfuscated nthesized into the layout geometry for manufacturing. An adversary buys the obfuscated IC on the open market and then obtains level netlist by image processing-based RE. However, the functionality of obfuscated cells cannot be identified. The modified netlist reacts with a silicon physical unclonable function (PUF), and it can exactly perform the same as that of the design as long as the correct license is issued by the IP/IC designer. This means that only the chips authorized by the designer can guarantee the correct functionalities. Obfuscation framework can prevent IC from RE, piracy, and over building. But no security against scan based attackers. This practical logic obfuscation applicable for combinational circuits and will not protect the scan attacks.
In order overcome this drawback the recent works on hardware security to prevent piracy to rectify the various attacks and to protect the secret data. From the security point of view, few limitations of existing method limit the security level. Some countermeasures have been proposed in order to secure the scan technique and on-chip comparison.

II. OBFUSCATION TECHNIQUE
Obfuscation technique is IC protection techniques inserting additional key gates (XOR or XNOR). One of the inputs to a key gate is the functional input in the design and the other is 1-bit key input. The correct key will be stored in a tamper-evident memory inside the design to prevent access to attackers. The logic obfuscation can protect the IC from piracy and overbuilding. OCs. An OC is used to replace an inverter or inserted into any wires in gate-level netlist.
In this obfuscation technique only the chips authorized by the designer can guarantee the correct functionalities. Hence, the obfuscation framework can prevent IC from RE, piracy, and overbuilding. The obfuscation cell (OC) is composed of an inverter and a Multiplexer.
The structure is shown in Figure: 1(a), where the key is a select input of the multiplexer (because of the key's importance, a distribution framework must be established so that the IP designer can securely unlock each IC). To replace an inverter with the OC or insert the OC into any wire of gate-level netlist. In Figure: 1(b), a simple circuit is obfuscated by two OCs.
PUF-based obfuscation and the generation of the license: The PUF response interacts with obfuscation cell to generate a chip-dependent license to prevent piracy attacks. An attacker with no information about the key of the OCs cannot compute the correct license to unlock the pirated chips.
The designer is the only one who can issue the license to activate the chip. The generated configuration is stored in the flip-flops to unlock the chip. PUF response is used to unlock the function of the chip without the correct PUF response, the function would not perform correctly. There-fore, the circuit is kept locked until the correct license unlocks it. An example for generating the license in Figure: 2. Considering four OCs in Figure: 2  In order to overcome this draw back the recent works on hardware security with sticky counter to prevent the scan based attacks in the proposed method  Scan chain is a technique used in design for testing. The objective is to make testing easier by providing a simple way to set and observe every flip-flop in an IC. The basic structure of scan include the following set of signals in order to control and observe the scan mechanism.
 Scan_in and scan_out define the input and output of a scan chain. In a full scan mode usually each input drives only one chain and scan out observe one as well.  A scan enable pin is a special signal that is added to a design. When this signal is asserted, every flip-flop in the design is connected into a long shift register.  Clock signal which is used for controlling all the FFs in the chain during shift phase and the capture phase. An arbitrary pattern can be entered into the chain of flip-flops, and the state of every flip-flop can be read out.

Advanced Encryption Standard (AES):
Advanced Encryption Standard, also known by its original name Rijndael (Dutch U pronunciation), is a specification for the encryption of electronic data established by the S. National Institute of standards and technology (NIST) in 2001.AES is a subset of the Rijndael cipher developed by two Belgian crypto graphers, vincent Rijndael and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES became effective as a federal government standard on May 26, 2002, after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved by cryptographic module.
Registers in register block connected in scan chain Figure: 6 Registers in register block connected in scan chain The register block of our design contains 20 registers of 32 bits each. The registers are reserved for key, cipher input data, cipher output data, decryptor input data, decryptor output data and the status and control bits -start key expansion, start encryption, start decryption, key expansion done, encryption done and decryption done. All of these registers are connected serially in a scan chain as indicated below. The registers key, cipher input data, cipher output data, decryptor input data, decryptor output data are 128 bits each while the registers start key expansion, start encryption, start decryption, key expansion done, encryption done and decryption done are 1 bit wide. In scan mode, when scan_en is applied the data is shifted serially from scan_in to "key" to "cipher_in_data" to "decryptor_in_data"to"cipher_out_data"to"decryptor_ out_data"to"start_decryptor"to"start_cipher"to"start_ key_expansion"to"decryptor_done"to"cipher_done"to "key_expansion_done" to scan_out. We have inserted inverters on the scan chain to implement the flipped scan chain model. The register blocks scan chain as show in figure: 6 Combinational circuits with scan flip flop: This approach based on comparing the actual responses with the expected responses within the chip area instead of scanning-out and comparing the response within the ATE. In standard scan-based scheme, FF's is replaced with scan flip flops (i.e. flip flop with a multiplexer). These are connected serially to behave as long shift register in test mode. The input of FF is directly connected to input pin (scan-in) and the output of the FF is directly connected to scan-out (output pin). An additional pin (scan enable) is accessed to select whether the SFFs behave as normally or as a shift register. The output of one SFF is connected to the input of next SFF.
When the scan chain is introduced for hardware testing, additional scan enable pin is needed to enable the test mode from normal mode. Insertion of scan-chains while testing the hardware requires a few multiplexed pins to the standard inputs/outputs to behave as the scan-enable, scan-inputs and scanoutputs. A scan DUT with additional mux is shown in the Figure: 7 The circuit of a sequential logic which comprises of combinational circuits and flip flops. It can be observed that there is a mux in front of each flip flop which is called scan mux. As shown in figure: 8, when "scan_en" is applied the "scan_input" shifts serially through the registers and appears at the "scan_out" pin of the circuit after several cycles. The number of cycles depends on the length of the scan chain i.e the number of flip flops connected seriallyt in the scan chain. To test the correctness of the output, we supply the expected values at the "Scan_exp" pin and the result of the comparison which is done by the comparator inside the chip appears at the "test_result" output pin.
This setup suffers from a serious security flaw. As we know that software is responsible for generating the key based on the result of negotiations with the communication partner and other dependencies. The software is responsible (FSFFs). An additional inverter is added along with the scan chain (i.e. securable, SFFs is replaced with flipped scan chain flip flops Flipped scan chain).When the inverter is randomly arranged before the scan chain, the scan out data of random SFF will be flipped (inverted). Flipped Scan chain aimed at protecting the scan data form being analysed through the intermediate states of the device. Moreover, this FSFF does not impact on the normal functionality of the device.
An introduction of inverter in the scan chain to get a flipped scan chain as shown in figure.3.4. Flipped scan chain. This will guarantee that the register bits do not appear as is at the scan out as the position of the inverters are random and known only to the designer/ design house. However, the position of the inverters can be realized by carefully applying select values at scan_in and observing scan_out, though very tedious. Flipped scan chain increase the complexity of brute force attack to observe the intermediate signals exactly. Further, random arrangement of NOT gate inverts the test output randomly and goes for comparison with the same flipped expected response. Based on the approach of On-chip comparison, this paper in brief is to compare the actual response with the expected response for whole test vector and even no more unknown values in the test data make it easy to provide expected response after testing the data with flipped scan chain. When the scan chain is enabling, need to provide both expected and test input to the design. But predicting the expected response for unknown values in the test input is no longer possible. Circuit to add a sticky comparator: The second change is to modify the test circuit to add a sticky comparator and a bi-directional output buffer. In such case, this comparison will no more confidential and effective.To overcome this limitation, the proposed approach is to compress the input test data by code based scheme. Data compaction method will reduce the unknown values by making it compatible within the test patterns. The general scheme of the proposed Secure Comparator is shown in Figure 11.  The sticky comparator accumulates the test result over the entire test sequence until externally reseted, i.e. in a period of 100 cycles, if the comparison failure happens at the 20th bit, sticky comparator hold the test_result as fail throughout the rest of the test irrespective of subsequent bits resulting in a comparison pass or fail. By reading the test result after a lot of cycles will not allow to determine the comparison fail cycles and thereby the exact scan_out bits cannot be determined. However, by reading out the test_result for every cycle can guarantee the determination of the scan_out bit exactly like the previous circuit. We can prevent this by adding an I/O buffer which muxes the two pins "scan_input" and "test_result" onto the same pin. Since both the above signals have opposite direction i.e. scan_input is input to the IC and test_result is the output of the chip, both cannot be active at the same time. The direction of the I/O buffer is controlled by the "scan_enable" pin. If scan_enable is high, the I/O buffer behaves like an input pin and the value of the pin is propagated to the scan_input of the circuit. If scan_enable is low, then the I/O buffer behaves like and output pin and the value of the comparator output (test_result) is propagated to the I/O pin and scan_input is cut off from the pin. To observe the output of the sticky comparator at the output pin, scan_enable has to be set to "0", which in turn disables the scan path and the values of the combinational logic are pushed onto the flip flops and the values inside the scan chain are destroyed and no longer relevant. Since the combinational logic functionality is unknown to any unauthorized parties, it is simply impossible to scan in known values and guess the location of inverters on the scan chain by observing the scan_out as the scan chain data is corrupted when scan_enable is set to "0" and thus, the circuit in figure: 7 combinational scan flip flop, is suitable to both testing by supporting scan chain and providing security.

Scan chain:
A scan enable pin is a special signal that is added to a design. When this signal is asserted, every flip-flop in the design is connected into a long shift register. Scan chain can be in combinational circuit and it can be used for testing purpose.
Test bench of scan chain: In this scan chain whatever the key bits are given to the scan chain is same as the output of the scan chain. The input key b1f056638484d609c0895e8112153524 then the resulted output of serial collected data is b1f056638484d609c0895e8112153524. Therefore the input key is same as the serial output data. There is no security to the data.
Scan chain simulated wave form: Figure:13 Simulated wave form. resulted data. The above security flaws can be overcome by 2 modifications as shown in below Flipped scan chain: In the circuit to insert inverters randomly in the scan chain to get a flipped scan chain. This will guarantee that the register bits do not appear as is at the scan out as the position of the inverters are random and known only to the designer/ design house. However, the position of the inverters can be realized by carefully applying select values at scan_in and observing scan_out, though very tedious.
Test bench of flipped scan chain: Figure: 14 Flipped scan chain run output.
In this additional inverter is added along with the scan chain the key can flipped. The given input key as b1f056638484d609c0895e8112153524 the serial collected key is b1f056647b7b29f63f76a17eedeacadd these can be shown in figure:14 the selected portion is the resulted output.

Flipped scan chain simulated wave form:
When the inverter is randomly arranged before the scan chain, the scan out data of random SFF will be flipped. Flipped scan chain protecting the scan data. This FSFF does not impact on the normal functionality of the device. These simulated waveform can be show the input key to the serial output key. Selected particular portion is the simulation result. When the inverter is randomly arranged before the scan chain, the scan out data of random SFF will be flipped.
Flipped scan chain protecting the scan data. This FSFF does not impact on the normal functionality of the device. These simulated waveform can be show the input key to the serial output key. Selected particular portion is the simulation result  In this test result we can apply a constant "0/1" to the Scan_exp pin and based on the result of the comparison (test_result) we can find out the value of the scan_out. For example, if scan_exp is tied to "logic 0", then a value of "1" at scan_out will generate a "Fail" at the test_result and a value of "0" at scan_out will generate a "Pass" at the test_result pin. Based on Pass/Fail at the test_result pin.

CONCLUSIONS
In this proposed scheme, a new approach of flipped on-chip comparison is described for security issues. Based on the concept of holding the confidential information within the chip, proposed method is more secure than other countermeasures with less controllability to unknown users. It compares both the input response and the expected response without relying on the cost of the design. Flipped scan chain increases with negligible area overhead and design changes. This method has also been accessed in order to reduce the possible unknown values in the test procedure. On comparing with the standard scan test, this design does not impact on the quality of the test and the diagnosis of fault.

Applications:
 This method can be applicable for both sequential and combinational circuits