| Information security has been paid more attention in recent years than before.With the various application scenarios such as mobile payment,Internet finance,smart home,wearable devices and so on appearing,cryptographic chips for encryption and authentication are becoming more widely used in different electronic equipment.During design process of those cryptographic chips,how to protect the information security of the chip itself should be considered.The cryptographic chip must be totally tested before delivered.In order to achieve enough fault coverage,extra design-for-testability structure is needed to be inserted to the original design.Scan chain is the mainstream of designfor-testability structure.However,if there is no measure for protecting data in the scan chain,test response can be acquired by the adversary directly and be used for cryptanalysis,which poses a great threat to the information security.Current countermeasures to scan-based side-channel attack cannot guarantee the testability and security of the chip at the same time.In this study,a countermeasure to scan-based side-channel attack which uses the cryptographic hash function to post-process the test response is proposed to guarantee testability and security at the same time.In the original scan design,test response is directly shifted out after captured,and it can be directly acquired by the adversary.By the analysis to the test response,cipher key can be cracked.In the countermeasure proposed in this study,extra circuit for post-processing is added.Test response will be processed by an extension function,some bits in the test response will be modified,and redundant bits will be added.Then the extended test response will be processed by a cryptographic hash function,hash value can be collected at last.Original test responses cannot be accessed directly in this countermeasure,and hash value will be presented as test result.According to the analysis,hash value can also be used for diagnostics test,so the test application is still normal.But the original test response cannot be recovered by adversary from hash value,so the analysis to test response cannot complete any more.To the best of our knowledge,there is no effective attack method to some cryptographic hash function,so the countermeasure can resist the scan-based side-channel attack effectively.Hardware implementation to the proposed countermeasure is completed in the study.In the implementation,to reserve the original use of the cryptographic hash function module,test response should be transmitted to the cryptographic hash function module over the bus.The only open and free SoC interconnection,WISHBONE,and the newest one in the SHA family,SHA3,is used in the implementation.By adding interface circuit,test data can be sent as interconnection specification.A collection positions allocation method is proposed to simplify the logic in interface circuit and improve the effectiveness of collection to test data.Allowing for that the structure of interface circuit is simple after optimization,full sequential test is proper.In that case,handshake signal between interface circuit and cryptographic hash function cannot be controlled by the adversary,the trial times to crack the input of cryptographic hash function are 2512,it is almost impossible to accomplish.According to the result of synthesis of the hardware implementation,compared with countermeasures which have been proposed by others,the countermeasure proposed by us can guarantee both security and testability,and the overhead is low at the same time.So it’s a good reference to the design-for-testability to crypto chip,and have some contributions on theory and engineering applications. |
PDF Full Text Request