Cryptology ePrint Archive: Report 2019/005

ScanSAT: Unlocking Obfuscated Scan Chains

Lilas Alrahis, Muhammad Yasin, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, and Ozgur Sinanoglu

Abstract: While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan- in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic- locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

Category / Keywords: applications / hardware security, scan attacks, logic obfuscation, ip piracy, reverse engineering

Original Publication (in the same form): ASPDAC 2019

Date: received 1 Jan 2019

Contact author: myasin at tamu edu

Available format(s): PDF | BibTeX Citation

Version: 20190109:003924 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]