Mobile QR Code

1. (School of Computer and Communication Engineering, Changsha University of Science and Technology, Changsha 410114, China)
2. (Department of Information Technology, Hunan Police Academy, Changsha 410138, China)
3. (School of Computers, Guangdong University of Technology, Guangzhou 510006, China)

Design-for-testability, hardware security, scan-based attacks, secure scan design

## I. INTRODUCTION

Several new technologies, such as wireless sensor networks and internet of things (1,2,38-40), have been rapidly developing recently and their security issue receives significant attentions (10). Meanwhile, the security of the underlying hardware has also been concerned widely (3,4,41). With the increase of the integration level and the decrease of feature size, testing for integrated circuit (IC) has become a challenging issue. By embedding aided logic into IC in the design stage, design-for-testability (DfT) methodology makes the manufacture testing and online debugging easier and cheaper. Consequently, it has been widely applied in the semiconductor industry. Scan design is the most common DfT, which can provide full testability including controllability and observability for sequential circuits (5). Unfortunately, scan design can also be exploited as a side channel, through which an adversary controls and observes illegally the states of circuit-under-test (CUT) to attack. The scan-based attack is one kind of non-invasive attacks that doesn’t need to remove the circuit packaging and probe the internal nodes. Such attack method does not rely on expensive equipment, resulting in very small cost. The target of scan-based attacks typically include as follows.

Stealing the secret information which is stored, generated or processed in the chip. The most common situation is cracking the key of a crypto chip (6,7). Typically, the attacker firstly makes the circuit work in the functional mode, and delivers pre-calculated plaintext at the input pins. After a clock cycle (or one round of encryption operation) the intermediate state of encryption will be temporarily stored in the state register. Then, he switches the chip into test mode and shifts out the intermediate state using scan chains. The process is repeated until enough pairs of plaintext and intermediate state are obtained. Finally, the secret key is deduced by means of mathematical methods.

2) Reverse analyzing the chip and extracting the organizational structure and functional characteristics of the chip. The full scan design unfolds the sequential circuit into the combinational circuit. Thus, it is possible to reveal the design information of the circuit by using the input-output relation of the scan vision. The full scan design facilitates significantly the reverse engineering attack because attackers only need to access data from scan chains with the help of a common test equipment and use Boolean function learning method to complete this attack (8). This kind of attack is often used to crack special algorithms containing trade secrets.

3) Illegally manipulating or destroying the chips. The attacker can shift the illegal data into the state register, and thus illegally manipulate the chip or destroy the chip (9).

Scan attacks targeting on crypto chips have been widely studied. Existing scan attack models can be mainly divided into two categories, namely mode-switching attacks (6,7,11,12) and test-mode-only attacks (13-16). They are both based on differential analysis in mathematics. In the mode-switching attacks, the intermediate states are generated and observed under different modes, thus depending on the switching from functional mode to testing mode. In the test-mode-only attacks, ·both delivering the input data and obtaining the sensitive information are performed uniquely under testing mode.

To overcome scan-based attacks, many secure schemes have been proposed in the past few decades. They mainly include schemes based on protecting test mode (6,17,18), schemes based on partial scan design (19-21), schemes based on encrypting scan input/output (22-24), and schemes based on obfuscating scan input/output (25-35).

Countermeasures based on protecting test mode are generally used to safeguard crypto chips. They usually introduce a small secure control circuit, which can restrain the switching between functional mode and testing mode. For example, the switching from functional mode to testing mode is prohibited in (6), while all the switching is limited in (17). In addition, the access of cipher key is blocked in testing mode with three-state buffers (6) or OR gates (17). Unfortunately, this category of countermeasures changes the normal operating process of IC, and even disables the online testing.

The partial scan design excludes the flip-flops storing secret information when constructing the scan chain, effectively preventing the leakage of intermediate sensitive data (19-21). However, it reduces the controllability and observability of the chip, and hence sacrifices the test quality of the chip.

Secure schemes based on encrypting scan data insert various cipher modules between the scan input and the scan chain, or/and between the scan chain and the scan output . For the attackers without encryption key, neither the predetermined values can be loaded into the scan chain, nor the real circuit responses can be obtained from the scan output. On the downside, these schemes incur high hardware overhead.

A high proportion of secure schemes use the obfuscation of scan data to protect the chip against scan-based attacks. Such countermeasures (25-35) attempt disturbing the input vector or the output response to disable the deducing of secret information. The authors of (25,26) achieve the purpose of obfuscating scan data by dynamically changing the connection order of scan chains. However, the scan-based attacks have been proved to be feasible even without the knowledge of scan chain order (27) . Several techniques obfuscate the scan data by inserting extra NOT gates (28) or XOR gates (29) into scan chain. However, it has been found that the sophisticated attack can defeat these secure schemes by identifying the locations of the extra logic gates (30). Cui et al (31) insert a shift register to control the test mode of some scan flip-flops. If the correct test key is not delivered into the shift register, the selected scan flip-flops will cast away the data from predecessor and obtain the data from the CUT. Hence, either the test vectors or the test responses cannot be conveyed correctly in scan chains. To avoid the risk of leaking test key, the authors in (32) improve this technique, which uses a PUF extraction scheme to generate test key. The technique in (33) locks the scan design with an inserted shadow register whose state is controlled by a LFSR and updated regularly.

To address the drawbacks of the countermeasures discussed above, in this paper we propose a new scan design based on scan input and output scrambling (SDSIOS). Notably, it can provide very high security. Even if the adversary from a malicious foundry has reverse-engineered the gate-level netlist and obtained the information about secure scan design, he still can not implement scan-based attacks to steal the cipher key or control the chip illegally.The rest of this paper is organized as follows. In Section II, we describe the proposed secure scan design methodology. In Section III, we give the flow of IC design and test based on the proposed scheme. Section IV presents experimental results to verify the proposed scheme. We conclude this paper in Section V.

## II. Proposed Secure Scan Design Methodology

The overall diagram of the proposed SDSIOS architecture is given in Fig. 1. The logic components marked in red are increased to secure the scan design. In the architecture, the XOR gates are inserted at each scan input (SI) port and each scan output (SO) port. In addition, a pseudorandom pattern generator (PRPG) is used to feed the XOR gates at scan input ports. Test stimuli from SI ports are scanned into scan chains after they are XORed with the outputs of PRPG, marked as ($K_{1}$ , … ,$K_{n}$) in Fig. 1. We suppose that N is the number of scan chains. Before test responses are shifted out from SO ports, each bit is XORed with the state of an internal node, which is selected through a MUX from two alternative nodes, marked as $Node_{i0}$ and $Node_{i1}$ (1${\leq}$ i ${\leq}$ N). These internal nodes are opted randomly from the combinational circuit part of CUT. The outputs of PRPG, marked as ($S_{1}$, $S_{2}$, …, $S_{N}$), are used to control the MUXes and determine which node is chosen for every pair of alternative nodes.

The PRPG is driven by system clock (System_Clock) and scan enable input (Scan_Enable) via an AND gate. In functional mode (Scan_Enable=0), System_Clock is locked and the PRPG remains its state. In this case, it can reduce the power dissipation on the PRPG. Every scan flip-flop grabs the value from the data input (DI) in functional mode, so the PRPG won’t affect the functional operation of the circuit. When the circuit enters the test mode (Scan_Enable=1), System_Clock} is activated. In each test clock cycle, the PRPG generates an N-bit scrambling vector via output ports {$K_{1}$, $K_{2}$, … , $K_{N}$}to obfuscate the scan input data, and an N-bit selection vector via output ports{$S_{1}$ ,$S_{2}$ , … ,$S_{N}$} to select the scrambling values from internal nodes for scan output data.

The PRPG can be implemented with a ring generator, as shown in Fig. 2. The output of PRPG can be provided by either the output of internal D flip-flop or the XOR of the outputs of some D flip-flops. When the circuit is powered-on or initialized by the reset signal (System_Reset), D flip-flops in the PRPG are initialized to specific values (called the PRPG seed), which can be stored in an embedded nonvolatile memory. The initialization logic is shown in Fig. 3. We suppose that the set and reset signals are active high. If the $i^{th}$ bit of the seed ($Seed_{i}$) is 0, the set terminal of the $i^{th}$ D flip-flop ($DFF_{i}$) in the PRPG keep inactive regardless of System_Reset. At this case, $DFF_{i}$ can be initialized to zero by resetting when System_Reset is asserted. If Seed$_{i}$ is 1, the reset terminal of $DFF_{i}$ remains zero regardless of System Reset. At this case, $DFF_{i}$ can be initialized to one by setting when System_Reset is high.

To guarantee the confidentiality of PRPG seed, a one-time programmable ROM can be used to store the seed. So, any two IC products with the same design can have different PRPG seeds. The seed needs to be programmed into ROM after IC is manufactured by foundry. Alternatively, the seed of PRPG can be stored in a nonvolatile memory and can be configured optionally by IP owners. It is inaccessible for users and attackers.

The scrambling procedure of the SDSIOS can be described below. Firstly, during system initialization, the seed is loaded into the PRPG. Secondly, during scan operation, the PRPG keeps running starting from the seed, and the test pattern is shifted in via SI ports slice by slice. The slice represents a set of values that are shifted into/out of the scan chains at the same clock cycle. Each test pattern slice is scrambled based on a scrambling vector slice generated at the outputs {$K_{1}$, $K_{2}$,…, $K_{i}$,…, $K_{N}$} of PRPG. Thirdly, during capture operation, the PRPG remains static, and the test response is captured into the scan chains. Fourthly, the circuit is switched to the scan mode again. The PRPG continues running, and the test response is shifted out via SOs slice by slice. At the $j^{th}$ (1${\leq}$ j${\leq}$ L) clock cycle, a selection vector slice {$S_{1j}$, $S_{2j}$,…, $S_{ij}$,…, $S_{Nj}$ is generated at the output ports{ $S_{1}$, $S_{2}$,…, $S_{i}$,…, $S_{N}$} of PRPG. Before shifting out, each test response slice is scrambled based on a scrambling vector slice that represents the current values of {$Node^{{1S}_{1j}}$ $Node^{{2S}_{2j}}$,… ,$Node^{{iS}_{ij}}$ ,… ,$Node^{{NS}_{Nj}}$. The values of {$Node_{10}$, $Node_{11}$, … , $Node_{i0}$, $Node_{i1}$, … , $Node_{N0}$, $Node_{N1}$} depend on the current states of all the scan chains and thus should be updated clock by clock. Meanwhile, a new test pattern is loaded into scan chains and also scrambled in the same way as described above.

Fig. 1. Proposed secure scan architecture.

Fig. 2. An example of Ring generator.

Fig. 3. Initialization logic of a PRPG cell.

Fig. 4 gives an example of scrambling procedure. It’s assumed that there are two scan chains with the length of scan cells. A test pattern {00110;10001}is shifted in from $SI_{1}$ and $SI_{2}$ ports. Meanwhile, the PRPG generates a scrambling vector {11011;10100} in five clock cycles through $K_{1}$ and $K_{2}$. The scrambled test pattern {00110$\oplus$ 11011;1001$\oplus$10100}, i.e.{11101;00101}, will be shifted into the scan chains. The rightmost bit is first shifted in or generated in the example. The Hamming distance between the loaded test pattern and the scrambled one is six. After capture operation, the test response is stored in the scan chains. Assuming the test response is {00011;11110}. The PRPG generates a selection vector {11010;01101} through $S_{1}$ and $S_{2}$ during scanning out the test response. Meanwhile, $Node_{10}$ and $Node_{11}$ generates a set of values {11001} and {10110}, respectively. $Node_{20}$ and $Node_{21}$ generates a set of values {00011} and {11011}, respectively. Under the action of selection vector, a scrambling vector {10011;01011} for test response is generated by MUXes. At SO ports, the scrambled test response {10000;10101}, instead of the factual test response, can be observed.

Fig. 4. An example of scrambling procedure (a) Generating scrambled test pattern, (b) Generating scrambled test response.

Fig. 5. Implementation flow of SDSIOS.

## III. IC Design and Test based on SDSIOS

The proposed SDSIOS should be integrated into IC design to protect chips. The main design flow of the circuit based on SDSIOS is shown in Fig. 5. The steps can be described as below.

1) In the stage of front-end design, IC designer writes RTL code, does simulation, and performs logic synthesis to obtain gate-level netlist. After the function verification and timing analysis have passed, the standard scan design will be inserted. These steps can be implemented with EDA tools, for example Synopsys Design Compiler and DFT Compiler. They are not influenced by the proposed SDSIOS.

2) After standard scan insertion, test patterns targeted on any specified fault model can be generated by Automatic Test Pattern Generation (ATPG) tool. Meanwhile, the standard scan design should be modified into the SDSIOS architecture. This includes inserting XOR gates/MUXes at scan input and output ports, selecting scrambling nodes and connecting them to MUXes, and integrating PRPG into circuit netlist and connecting PRPG to XOR gates and MUXes.

3) After SDSIOS insertion, placement, routing, and timing optimization can be completed by EDA tools. Then, the circuit will be fabricated according to design drawings by foundry. The original test patterns and corresponding fault-free responses should be modified after SDSIOS insertion. The adjusted test patterns and responses can be obtained by scrambling the original ones with the outputs of PRPG and the scrambling nodes. The algorithm to generate adjusted test patterns and responses is described in Algorithm. 1.

4) Finally, the IC is tested with the adjusted test patterns.

Algorithm. 1. Adjusted Test Patterns/Responses Generation.

## IV. Performance Analysis and Experimental Results

The proposed SDSIOS is assessed in terms of the testability,security and overhead.

### A. Testability Analysis

As can be seen from Algorithm. 1, the original test patterns will fill the scan chains after the adjusted test patterns are delivered from SI ports. The fault detection efficiency won’t be compromised. To verify the conclusion experimentally, the proposed scheme has been implemented on several larger ITC’99 benchmark circuits. Table 1 gives the results of fault coverage targeting on stuck-at fault model. The set of test patterns are generated by ATPG tool. It can be seen that the SDSIOS does not reduce the fault coverage in comparison with the standard scan design. In fact, all kinds of testing including stuck-at fault testing and delay fault testing can be performed normally. Consequently, the testability of IC is not impacted by the proposed technique.

If faults exist in the additional logic involved in SDSIOS, the chip will not be able to pass the test. In this case, the chip should be treated as defective one because the SDSIOS is part of the chip.

### B. Security Analysis

The security of the SDSIOS will be evaluated on the base of known scan-based attacks.

1) Differential Attack: Both mode-switching and test-mode-only differential attacks require to shift out the intermediate results from scan chains and analyze the confidential information (6,16). However, for the proposed SDSIOS, all the scan-out bits are scrambled by the values of selected internal nodes, so the responses observed at SO ports are useless for differential analysis. Hence, the proposed SDSIOS can overcome differential attacks.

2) Circuit Function Recovering Attack: During this attack, the adversary needs to shift in a certain amount of input data and also to shift out the responses for function deduction (8). Due to the existence of the SDSIOS, the actual input data shifted in scan chains are not the data delivered by the attacker, and the scan-out responses are not the responses directly related to the input data as well. Therefore, no function information can be stolen by the adversary without the knowledge of SDSIOS.

Table 1. Fault coverage

 Circuit Name Number of Test Pattern Fault coverage Standard scan design SDSIOS b15 1630 95.980% 95.980% b17 2555 81.985% 81.985% b20 5510 99.166% 99.166% b21 5496 99.099% 99.099% b22 3369 99.391% 99.391%

3) Brute Force Scrambling Vector Attack: The scrambling vectors play an important role in the proposed secure scheme. If the attacker does not have the knowledge of the PRPG and tries to guess the right scrambling vectors by brute force, the probability of cracking the scrambling slice at scan-in or scan out ports per clock cycle is 1/2$^{N}$, in which N is the number of scrambled scan chains. In fact, the scrambling slice change per clock cycle. The probability of cracking the scrambling vector for a test pattern or response is 1/2$^{N}$$^{\mathrm{{\times}}}$$^{L}$, in which L is the length of scan chains. If the number of scan chains N=20 and the length L=10, the cracking probability will be as low as 7.9$×$S10$^{-31}$. For a slightly larger circuit, successfully cracking the scrambling vector of a test pattern or response is very impractical. If the attacker knows the architecture of the PRPG and does not know the seed, the probability of cracking the scrambling slice will depend upon the size of seed. When the PRPG has M-bit seed, the Brute Force probability is 1/2$^{M}$.

4) Satisfiability-Checking-Based Attack: Supposing an adversary from the IC foundry can obtain the layout and mask information, and can thus reverse-engineer the gate level netlist of original design and protection logic. In this case, PRPG seeds which is assigned after fabrication, becomes the last barrier against scan-based attacks. The security of IC depends on whether the PRPG seed can be deduced. If the attacker applies several input patterns at SI ports and observes the responses at SO ports, a system of Boolean equations taking PRPG seed bits as variables can be acquired according to the gate-level netlist. In 1971, Turing Award winner Stephen A. Cook has proved that Boolean satisfiability problem (SAT) is an NP-complete problem (36). In the proposed SDSIOS, we exploit PRPG and internal nodes to obfuscate the responses. This increases a large number of alternative branches in Boolean equations to improve the complexity of Boolean equations, and thus disables the SAT heuristic algorithms (37).

As shown in Fig. 1, the PRPG, the XOR gates and the MUXes contribute to the area overhead. Table 2 reports the area overhead of the SDSIOS with the different benchmark circuits and an AES core with 128-bit key, which are synthesized employing Synopsys Design Compiler. Columns 2-4 present the elementary information of the circuit, including the number of logic gates, the number of flip-flops, the configuration of the scan chain (the number of the scan chains multiplied by the length of the scan chains). The sixth column denotes the number of D flip-flops in the PRPG. The area overhead is acquired by comparing the total design area of the standard-scan-inserted and SDSIOS-inserted circuits. As can be seen from Table 2, the area overhead for different circuits ranges from 0.57% to 2.53%. The percentage of area overhead decreases with the increase of circuit scale.

Table 2. Area and power overhead of proposed SDSIOS

 Circuit Name #Gates #SFFs Scan Chain Size of PRPG Seed Area Overhead Test Power S38417 22179 1636 20×82 64 2.44% 1.90% S38584 19253 1426 20×72 64 2.53% 1.82% B17 30777 1415 20×71 64 1.84% 1.26% B18 111241 3320 20×166 64 0.58% 0.50% B19 224624 6642 40×167 128 0.57% 0.49% AES Core with 128-bit key 201588 10436 10×261 128 0.69% 0.61%

Table 3. Comparison of different secure schemes

 Secure Scheme Area overhead Test Time Overhead Security Brute Force Probability Impact on Circuit Performance Impact on Test Application Logic Inserted AES Core Proposed PRPG, 2N XOR gates, N MUXes 0.69% No increase in test time High security. Each IC can have different scrambling vectors Greater than or equal to 1/2M No timing overhead on functional paths No MKR (6) Secure control circuit, key Registers modification 0.15% No increase in test time Strong protection for only crypto chips Inapplicable Adding timing on functional paths Disabling the online testing DOS (33) LFSR, shadow chain, scan chain modification 0.85% No increase in test time Vulnerable to Satisfiability-Checking- Based Attack 1/2N×L No timing overhead on functional paths No Scan Encryption (24) Input and output scan ciphers 2.92% Multiple clock cycles for pattern decryption Security relies on the protection of scan cipher key 1/2K No timing overhead on functional paths No Improved DFT (35) N-bit Cyclic shift register, scan chain modification, etc. 0.32% No increase in test time Each IC has same test password. High risk if password is leak 1/2M1+M2 No timing overhead on functional paths No

The last column of Table 2 gives the test power overhead, which represents the change of average test power when comparing the standard-scan-inserted and SDSIOS-inserted circuits. The power overhead for different circuits is varied from 0.49% to 1.90%.

The proposed SDSIOS does not insert additional logic on the functional paths. So no timing overhead is incurred in the functional mode.

### D. Comparing With Other Secure Scan techniques

The proposed scheme is compared with several representative secure scan techniques published in recent years. The characteristics of these techniques are demonstrated in Table 3. The third column gives quantitative comparison on area overhead taking AES core with 128-bit key for example. In sixth column the Brute Force Probability means the probability of guessing the key or scrambling vector by brute force. As described in the table, the proposed SDSIOS has outstanding attributes in security, overhead, and impact on circuit.

## V. CONCLUSIONS

In this paper, we propose a novel scan design scheme, which scrambles the inputs and outputs of scan chains with PRPG and circuit self. The proposed secure technique can prevent noninvasive attacks by restricting unauthorized users to access the scan chain. The proposed strategy provides high security for IC design while incurring low area overhead, test power overhead, and no impact on testability, which has been validated on several big benchmarks.

### ACKNOWLEDGMENTS

This work was supported by the Open Research Fund of Hunan Provincial Key Laboratory of Network Investigational Technology under Grant No. 2018WLZC002, and the Natural Science Foundation of Hunan Province under Grant No. 2020JJ5604 and 2020JJ4622.

### REFERENCES

1
Yin B., Wei X., April 2019, Communication-Efficient Data Aggregation Tree Construction for Complex Queries in IoT Applications, IEEE Internet of Things Journal, Vol. 6, No. 2, pp. 3352-3363
2
Wang J., Gao Y., Yin X., 2018, An Enhanced PEGASIS Algorithm with Mobile Sink Support for Wireless Sensor Networks, Wirel. Commun. Mob. Comput., Vol. 2018, No. Article ID 9472075
3
Zhang J., Shen C., Su H., Arafin M. T., Qu G., 2021, Voltage Overscaling- based Lightweight Authentication for IoT Security, IEEE Transactions on Computers
4
Shi J., Lu Y., Zhang J., Oct 2020, Approximation Attacks on Strong PUFs, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Vol. 39, No. 10, pp. 2138-2151
5
Wang L.-T., Wu C.-W., Wen X., 2006, VLSI Test Principles and Architectures Design for Testability, Morgan Kaufmann: San Mateo
6
Yang B., Wu K., Karri R., Oct 2006, Secure scan: A design-for-test architecture for crypto chips, IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., Vol. 25, No. 10, pp. 2287-2293
7
Yang B., Wu K., Karri R., Oct 2004, Scan based side channel attack on dedicated hardware implementations of data encryption standard, in Proc. IEEE Int. Test Conf. Charlotte NC, Vol. usa, pp. 339-344
8
Azriel L., Ginosar R., Mendelson A., 2016, Exploiting the scan side channel for reverse engineering of a VLSI device, CCIT Tech. Rep. Dept. Elect. Eng. Technion Israel Inst. Technol., Vol. \#897
9
Hely D., 2004, Scan design and secure chip [secure IC testing], in Proc. IOLTS, Vol. 4, pp. 219-224
10
Yu F., Shen H., Zhang Z., 2021, A new multi-scroll Chua’s circuit with composite hyperbolic tangent-cubic nonlinearity: Complex dynamics, Hardware implementation and Image encryption application, Integration-the VLSI Journal, Vol. 81, pp. 71-83
11
Nara R., Togawa N., Yanagisawa M., Ohtsuki T., January 2010, Scan-based attack against elliptic curve cryptosystems, in Proc. Asia South Pacific Design Autom. Conf. Taipei Taiwan, pp. 407-412
12
Kodera H., Yanagisawa M., Togawa N., Dec 2012, Scan-based attack against DES cryptosystems using scan signatures, in Proc. IEEE Asia Pacific Conf. Circuits Syst. Kaohsiung Taiwan, pp. 599-602
13
Rolt J. D., Natale G. D., Flottes M., Rouzeyre B., Oct 2013, A novel differential scan attack on advanced DFT structures, ACM Trans. Des. Automat. El., Vol. 18, No. 4, pp. 1-22
14
Ali S. S., Sinanoglu O., Saeed S. M., Karri R., May 2014, New scan attacks against state-of-the-art countermeasures and DFT, in Proc. IEEE Int. Workshop Hardware-Oriented Security Trust Arlington Virginia USA, pp. 142-147
15
Ali S. S., Sinanoglu O., Karri R., May 2014, Test-mode-only scan attack using the boundary scan chain, in P roc. Eur. Test Symp. Paderborn, Vol. germany, pp. 39-44
16
Ali S. S., Saeed S. M., Sinanoglu O., Karri R., May 2015, Novel test-mode only scan attack and countermeasure for compression-based scan architectures, IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., Vol. 34, No. 5, pp. 808-821
17
Wang W.Z., Wang J.C., Wang W., Liu P., Cai S., 2019, A Secure DFT Architecture Protecting Crypto Chips Against Scan-Based Attacks, IEEE Access, Vol. 7, pp. 22206-22213
18
Cui A., Luo Y., Qu H. Li and G., Jan 2017, Why current secure scan designs fail and how to fix them, Integration the VLSI journal, Vol. 56, pp. 105-114
19
Inoue M., Yoneda T., Hasegawa M., 2009, Partial scan approach for secret information protection, in Proc of IEEE European Test Symposium, pp. 143-148
20
Fujiwara H., Fujiwara K., Tamamoto H., 2011, Secure scan design using shift register equivalents against differential behavior attack, in Proc of IEEE Asia and South Pacific Design Automation Conference (ASPDAC), pp. 818-823
21
Xi Chen , Omid Aramoon , Gang Qu , 2018, Balancing Testability and Security by Configurable Partial Scan Design, in Proc of IEEE International Test Conference in Asia, pp. 145-150
22
Silva M. D., Flottes M.-L., Natale G. D., Rouzeyre B., Prinetto P., Restifo M., 2017, Scan chain encryption for the test, diagnosis and debug of secure circuits, in Proc of 22nd IEEE European Test Symposium, pp. 177-182
23
Vaghani D., Ahlawat S., Tudu J., May 2018, On Securing Scan Design Through Test Vector Encryption, in Proc. Int. Symp. Circuits Syst. Florence, pp. 466-470
24
Silva M.D., Flottes M. - L., Natale G.D., Rouzeyre B., Mar 2019, Preventing Scan Attacks on Secure Circuits Through Scan Chain Encryption, IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., Vol. 38, No. 3, pp. 538-550
25
Lee J., Tehranipoor M., Patel C., Plusquellic J., Oct - Dec 2007, Securing designs against scan-based side-channel attacks, IEEE Trans. Depend. Secure, Vol. 4, No. 4, pp. 325-336
26
Atobe Y., Shi Y., Yanagisawa M., Togawa N., Dec 2013, Secure scan design with dynamically configurable connection, in Proc. 19th IEEE Pacific Rim Int. Symp. Dependable Computing (PRDC) Vancouver Canada, pp. 256-262
27
Cui A., Luo Y., Li H., Qu G., Jan 2017, Why current secure scan designs fail and how to fix them, Integration, the VLSI journal, Vol. 56, pp. 105-114
28
Sengar G., Mukhopadhyay D., Chowdhury D. R., Nov 2007, Secured flipped scan-chain model for crypto-architecture, IEEE Trans. on Computeraided design of integrated circuits and systems, Vol. 26, No. 11, pp. 2080-2084
29
Banik S., Choudhury A., 2013, Improved scan-chain based attacks and related countermeasures, INDOCRYPT 2013 LNCS Springer Heidelberg, Vol. 8250, pp. 78-97
30
Banik S., Chattopadhyay A., Chowdhury A., Dec 2014, Cryptanalysis of the double-feedback XOR-chain scheme proposed in Indocrypt 2013, in 15th International Conference on Cryptology in India, Vol. new delhi india, pp. 179-196
31
Cui A., Luo Y., Chang C.-H., Feb 2017, Static and dynamic obfuscations of scan data against scan-based side-channel attacks, IEEE Trans. inf. Forensics Security, Vol. 12, No. 2, pp. 363-376
32
Cui A., Chang C. - H., Zhou W., Zheng Y., 2019, A New PUF Based Lock and Key Solution for Secure In-field Testing of Cryptographic Chips, IEEE Trans. Emerg. Top. Com.
33
Wang X., Zhang D., He M., Su D., Tehranipoor M., Sept 2018, Secure Scan and Test Using Obfuscation Throughout Supply Chain, IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., Vol. 37, No. 9, pp. 1867-1880
34
Cui A., Li M., Qu G., Li H., 2020, A Guaranteed Secure Scan Design based on Test Data Obfuscation by Cryptographic Hash, IEEE Trans. Comput.-Aided Design Integr. Circuits Syst. published online
35
Wang W., Wang X., Wang J., Xiong N. N., Cai S., Liu P., 2020, Ensuring Cryptography Chips Security by Preventing Scan-Based Side- Channel Attacks With Improved DFT Architecture, IEEE Transactions on Systems Man Cybernetics-Systems published online
36
Cook Stephen A., Jan 1971, The Complexity of Theorem-Proving Procedures, in Proc. 3rd ACM Symposium on the Theory of Computing New York, pp. 151-158
37
Vizel Y., Weissenbacher G., Malik S., Nov 2015, Boolean Satisfiability Solvers and Their Applications in Model Checking, Proceedings of the IEEE, Vol. 103, No. 11, pp. 2021-2035
38
Wang J., Gao Y., Liu W., 2019, An intelligent data gathering schema with data fusion supported for mobile sink in wireless sensor networks, International Journal of Distributed Sensor Networks, Vol. 15, No. 3, pp. 1-9
39
Li W., Chen Z., Gao X., 2019, Multi-Model Framework for Indoor Localization under Mobile Edge Computing Environment, IEEE Internet Things J., Vol. 6, pp. 4844-4853
40
Wang J., Gao Y., Liu W., Wu W., Lim S.-J., 2019, An Asynchronous Clustering and Mobile Data Gathering Schema based on Timer Mechanism in Wireless Sensor Networks, CMC Comput. Mater. Contin, Vol. 58, pp. 711-725
41
Zhang J., Qu G., 2020, Physical Unclonable Function-based Key-Sharing via Machine Learning for IoT Security, IEEE Transactions on Industrial Electronics, Vol. 67, No. 8, pp. 7025-7033

## Author

##### Weizheng Wang

received the Ph.D. degree in computer application technology from Hunan University in 2011. He is an associate professor in Changsha University of Science and Technology.

His research interests include hardware security and design for testability.

##### Yan Peng

is a graduate student at College of Computer and Communi-cation Engineering, Changsha University of Science and Technology.

His research interests include design for testability and hardware security.

##### Zuoting Ning

received the Ph.D. degree of computer science from Hunan University in 2017, He is a lecturer in Hunan Police Academy.

His research inerests include machine learning and network security.

##### Peng Liu

received the Ph.D. degree in computer application technology from Hunan University.

He is currently a Lecturer with the School of Computers, Guangdong Univer-sity of Technology.

His research interests include digital circuit testing and memristor-based circuit design and test.

##### Shuo Cai

received the Ph.D. degree in computer application technology from Hunan University in 2015.

He is currently an Associate Professor in Changsha University of Science and Technology.

His research interests include circuit reliability analysis and fault-tolerant computing.