Paper 2019/005

ScanSAT: Unlocking Obfuscated Scan Chains

Lilas Alrahis, Muhammad Yasin, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, and Ozgur Sinanoglu

Abstract

While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan- in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic- locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. ASPDAC 2019
Keywords
hardware securityscan attackslogic obfuscationip piracyreverse engineering
Contact author(s)
myasin @ tamu edu
History
2019-01-09: received
Short URL
https://ia.cr/2019/005
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/005,
      author = {Lilas Alrahis and Muhammad Yasin and Hani Saleh and Baker Mohammad and Mahmoud Al-Qutayri and Ozgur Sinanoglu},
      title = {ScanSAT: Unlocking Obfuscated Scan Chains},
      howpublished = {Cryptology ePrint Archive, Paper 2019/005},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/005}},
      url = {https://eprint.iacr.org/2019/005}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.