Mobile QR Code QR CODE

  1. (School of Mathematics and Statistics, Hunan First Normal University, Changsha 410138, China.)
  2. (School of Computer and Communication Engineering, Changsha University of Science & Technology, Changsha 410114, China)
  3. (College of Information Science and Engineering, Hunan Women’s University, Changsha 410004, China)

Cryptographic chips, DFT, scan-based attack, scan obfuscation


In recent years, while some new Internet technologies such as wireless sensor networks [1-3], big data [4,5], Internet of Things [6,7] and wireless communication [8,9] have brought convenience to human life, they also expose various secure issues. For instance, personal information can be stolen by hackers for criminal activities and private electronic products can be maliciously controlled. Therefore, more and more people pay attention to personal privacy protection. At the same time, many researchers protect personal information from the underlying hardware [10].

With the expansion of application scenarios and market, the demand for semiconductor chips has grown substantially [11]. This also puts forward higher requirements for the integration and quality of the chip. Therefore, researchers have proposed the design for testability that implants the scan chain to IP cores at the design stage in order to improve the quality of chips, which makes manufacturing test and in-field testing easier. However, while providing controllability and observability, the scan design also provide convenience for attackers. An attacker can steal sensitive information inside the chip by the scan chain to take illegal control of the chip. The scan-based attack is an attack that probes the internal logic without removing the circuit package. This attack doesn’t rely on any expensive equipment, so the attacker can execute the attack at a very low cost.

The purpose of attacking the chip is to obtain confidential information in the chip. The objectives of the attack are as follows: 1) steal the key of the cryptographic chip]; 2) perform reverse analysis to extract the internal structure and function of the chip; 3) the attacker damages and controls the chip by shifting illegal data.

There are two main types of the scan-based side-channel attack: 1) the mode switching attacks; 2) the test-mode-only attack. The main process of recovering the key from the cryptographic chips through the scan chain is as follows: first, the attacker enters some known plaintexts, then the CUT will output some intermediate encryption results to the scan flip-flops (SFFs); the attacker gets some sensitive information by shifting these encryption results; finally, the attacker recovers the key by analyzing sensitive information.

Researchers have proposed many security measures to target this type of attacks. [12] proposed to protect the scan chain dynamically by adopting state-dependent scan flip-flop, but the design reduces the fault coverage of the test. The scan obfuscation structure was first proposed in [13], however, the structure induces routing overhead. The security of the scan architecture was improved by dividing the scan chain into smaller subchains evenly in [14]. This idea was also adopted by the authors in [15], who first divided a scan chain into several subchains, then used a controller to control the connection order of the subchains. However, Cui et al. [16] demonstrated that this design has security vulnerabilities and is vulnerable to the signature attack [17]. A partially secure scan architecture was proposed in [18], but this design makes it difficult for testers to observe and control the internal state of the CUT. To address this problem, Chen et al. [19] proposed a more advanced architecture that improves security mainly by removing the SFF containing sensitive information. Yang et al. [20] divided the CUT operation into secure mode and insecure mode. In secure mode, the encryption module can’t enter the insecure mode to start the test, but it can operate normally. In insecure mode, the chips can be tested but can’t move the key into the register. Hely et al. [21] protected the test mode by inserting a test controller into CUT. Although this countermeasure successfully prevents the mode-switching attack, they are vulnerable to the test-only mode attack. [22] introduces a dynamic scan chain reconfiguration technique that allows the recombination of scan chain connections during the testing process. This dynamic reconfiguration prevents attackers from deducing sensitive information based on observed scan chain connections. In [23], scan patterns/responses are decrypted/encrypted with highly efficient and secure block cipher at each scan port. Recently, secure schemes [24] based on physical unclonable function (PUF) [25-28] are widely researched.

In this paper, a lightweight scan design against the scan-based side-channel attack is proposed which provides high security and low overhead in order to protect the cryptographic chip from illegal attacks. In this approach, we introduce some logic gates, the LFSR and two counters to improve the security of the design. The scan input key determines whether the scheme can be executed properly during the test mode. If the user enters the incorrect scan input key, the scan design can’t perform the normal test. The two counters are mainly utilized to control the whole implementation flow of scan design. The rest of this paper is as follows. Section II describes the proposed scan architecture in detail. Experimental results and theoretical analysis are presented in Section III. Finally, the paper is summarized in Section IV.


1. Basic Idea of Proposed Secure Scan Design

The proposed secure scan architecture is shown in Fig. 1. Upon power-on, the whole circuitry is initialized to 0. Once the circuit is switched to the test mode (i.e., SE is set high), the user should shift the scan input key, In this scheme, the private key is not stored in the hardware, It is determined by the connection style (Q or $\overline{Q}$) between the scan chain and the LFSR. The SFFs associated with the key are randomly distributed in the scan chain. If the scan input key entered by the user is exactly correct, the LFSR which is controlled by the key can keep zero state and the scan chain is able to perform the scan operation normally. Otherwise, at the K$^{\mathrm{th}}$ cycle, the wrong scan input key will perturb the LFSR. If at least one LFSR cell receive 1 at the K$^{\mathrm{th}}$ cycle, some interference values will be generated in the LFSR from this moment on. Finally, these values are fed back to the scan chain. If the feedback value is 1, the scan chain will be obfuscated and can only perform the abnormal test. Therefore, the attacker can only observe the obfuscated data from the output port. Therefore, the secure scan design proposed in this paper is highly secure and has no impact on the testability of the chip. The secure scan architecture proposed in the next subsection will be discussed in detail.

Fig. 1. Proposed secure scan scheme.}

2. Proposed Scan Scheme

Fig. 1 presents a security scan scheme, which is made up of some logic gates, LFSR and the Controller, with multiple scan chains as an example.

The data flip-flops in the circuit are replaced by the SFFs. In this paper, there are N rows and M columns of the SFFs in the scan chain. We select P SFFs from the scan chain as key storage cells. It is assumed that these P cells are randomly distributed from column 1 to column K ($1\leq K\leq M$). Some XOR gates are randomly inserted between the SFFs. one input of XOR gates is connected to the Q or $\overline{Q}$ of previous SFF, the other input of which comes from the output of the D flip-flop in the LFSR. The LFSR is composed of some XOR gates and D flip-flops whose clock signal is controlled by the output Clk_sr of the Controller. The controller is formed by two counters and some logic gates. When the chip is switched to test mode, the counters start counting from 0. The output of the selected SFFs does not affect the LFSR for the first K-1 cycles because the output Clk_sr of the OR gate G3 locks the LFSR. In the K$^{\mathrm{th}}$ cycle, Clk_sr activates the LFSR and Ct also activates the selected SFFs. At this moment, if scan input key entered by the user is incorrect, the outputs of the selected SFFs interfere with the LFSR. Ct turns low and the effect of the selected SFFs on the LFSR is masked after the (K+1)$^{\mathrm{th}}$ cycle, as shown in Fig. 2. One input of OR gate G3 in the Controller is connected to the system clock CLK. The output $\overline{Cout_{1}}$ of counter Counter1 is not only connected to the other input of OR gate G3, but also controls AND gate G1. The other input of G1 is controlled by the scan enable signal SE, and the enable signal EN$_{1}$ of Counter1 is driven by the output of AND gate G1. The XOR gate A$_{\mathrm{p}}$ is randomly inserted between the D flip-flops, one of its inputs comes from the output of the previous D flip-flop, the other input is connected to the output of the AND gate controlled by the Ct signal and output of the SFF together, the output of the XOR gate A$_{\mathrm{n}}$ is connected to the input port of the following D flip-flop. The signal Ct comes from the output $\overline{Cout_{2}}$ of counter Counter2. $\overline{Cout_{2}}$ and SE jointly control AND gate G2, and the output of G2 drives the enable signal EN$_{2}$ of Counter2. The clock signals of counters Counter1 and Counter2 are connected to the system clock CLK. As shown in Fig. 1, the XOR gate B$_{\mathrm{L}}$ ($L\geq 1$) is inserted in the external feedback path of the LFSR, one input of the remaining XOR gates {B$_{1}$......B$_{\mathrm{L-1}}$} comes from the output of the D flip-flop and the other input is connected to the output of the following XOR gate except for the last XOR gate in the external feedback path. The XOR gate B$_{\mathrm{L}}$ is not randomly implanted but inserted according to the exponent of the characteristic polynomial:

Suppose $G(x)=x^{4}+x^{3}+x^{1}+1,$ then a XOR gate will be inserted in the external feedback path of the first and the third D flip-flop.

Upon the system power on, the entire circuit is initialized to 0. First, SE are set to 1, so the circuit enters the test mode. The outputs of counters Counter1 and Counter2 enable signals EN$_{1}$ and EN$_{2}$, so both counters start counting from 0 and the user starts entering the scan input key, while the output of counter Counter1 causes the output Clk_sr of OR gate G3 to remain 1 for the first K-1 cycles and the output of counter2 causes Ct to remain 1 for the first k cycles. Counter Counter1 reaches its maximum value and the output Clk_sr of OR gate G3 is 0 at the K$^{\mathrm{th}}$ cycle, at the same time, Counter1 is disabled. At the (K+1)$^{\mathrm{th}}$ cycle counter Counter2 reaches its maximum value and signal Ct is 0, at this time, Counter2 is disabled. In the first K-1 cycles, LFSR will be locked by signal Clk_sr and the value stored in the D flip-flop in LFSR will be 0. Therefore, the output of the AND gate will not disturb the value in the D flip-flop in LFSR. At the K$^{\mathrm{th}}$ cycle, the value stored in the D flip-flop from the LFSR starts to shift dynamically, however, Ct is still 1 at this time, then the output of the AND gate will be driven by the output of the SFF. If the entered scan input key is exactly correct, the low output of the selected SFFs causes the output of AND gate to be 0. Therefore, the selected SFFs can’t affect the LFSR and this architecture can perform normal test. Otherwise, the output of some AND gates will be 1. It is assumed that the output Q of $SFF_{N,M-1}$ are 1, the output of the XOR gate A$_{\mathrm{p}}$ will be 1. The value 1 will be stored in D$_{\mathrm{p}}$ flip-flop at this moment. Then the output 1 of D$_{\mathrm{p}}$ is fed back to the XOR gates between the SFFs. The feedback value 1 will cause that $SFF_{N,M}$ receives the opposite value of the output of the previous SFF. At the (K+1)$^{\mathrm{th}}$ cycle, the scan input key is completely shifted into the SFFs. Then, SE are set to 0, this scheme performs the encryption operation and the cryptographic key is returned to the SFFs. Finally, SE are set to 1, the cryptographic key is shifted out from the scan-out port.

The preceding analysis indicates that if the scan input key exists some error, the output of the SFFs will affect the values stored in the LFSR at the K$^{\mathrm{th}}$ cycle. These values affect the XOR gates between the SFFs at the corresponding time. Therefore, this architecture can perform the normal scan operation only if users enter the correct scan input key, otherwise, the illegal users can only observe some obfuscation values from the scan-out port.

Fig. 2. The structure of the controller.}

3. Timing Analysis of Proposed Scheme

To describe more visually the operation flow of this design, Fig. 3 illustrates the timing analysis of the main signals in the proposed scheme. When the system is powered on and RST is 1, the whole circuitry is initialized to 0. When RST and SE are switched to 0, the circuitry enters the function mode. The counters are disabled since the outputs of two counters are 0 in functional mode. Therefore the additional circuitry does not work in the functional mode. When SE is 1, the circuitry enters the test mode, both counters start counting and the user starts shifting the scan input key. Clk_sr remains 1 for the first K-1 cycles. Clk_sr is consistent with the system clock signal CLK until the K$^{\mathrm{th}}$ cycle. Ct remains 1 for the first K cycles. Counter2 reaches its maximum value until the (K+1)$^{\mathrm{th}}$ cycle, at which point Ct remains 0. As long as the user enters the incorrect scan input key, the wrong key stored in the selected SFFs are loaded into the LFSR in the K$^{\mathrm{th}}$ cycle. At the meantime, these values are fed back to the scan chain. Therefore, it is impossible for illegal users to crack the internal logic of the chip.

Fig. 3. Timing analysis of proposed scheme.}


We will evaluate our proposed scheme in terms of testability, security and performance overhead in this section.

1. Testability Analysis

In the proposed secure scan design, the insertion of some logic gates, counters and the LFSR does not affect the testability of the original circuitry. If some undetectable faults occur in this scheme, we can introduce BIST to test the inserted circuitry, so as to ensure a high fault coverage. The normal scan operation can be performed during the test as long as the engineer enters the correct scan input key.

2. Security Analysis

1) Brute force attack: In this scheme, the success rate of the brute force attack is associated with the scan input key. If the attacker does not enter correct key, thereby these values will affect the LFSR. The values in the LFSR influence the scan chain indirectly. Assuming that there are 10 D flip-flops in the LFSR, the LFSR can generate 1023 sets of responses. For an attacker, the probability of guessing the L-bit key is (1/2)$^{L}$. When the length L of the scan input key is 64, the probability of guessing the correct scan input key is only 5.4e$^{-20}$. Therefore it is also difficult for an attacker to crack the scan input key.

2) Test mode only attack: Test mode only attack requires the attacker to load the pre-computed plaintexts, then all-0 or special test key are utilized to shift out the intermediate state in the scan chain to identify the SFFs. Due to the existence of some randomly inserted XOR gates between the SFFs, it is impossible to identify the SFFs through special test key. Therefore, the proposed scheme has good security against test mode only attack.

3. Overhead Analysis

To analyze the overhead, this paper use tsmc90nm technology to verify several benchmark circuits which includes AES-Pipelined, AES-Iterative, Vga-Lcd. We employed Synopsys Design Compiler and Synopsys DFT Compiler to synthesize the IP cores with the scan chain inserted and the IP cores with protection circuits inserted. As shown in Table 1, the first column represents three benchmark circuits, the second column shows the number of timing cells in each circuitry. Scan and Secure indicate the IP cores with multi-scan chains inserted and protection circuitry added, respectively. Table 2 presents the area and power overhead of the added protection circuitry and the percentage of the area and power overhead. The LFSR with the fixed size of 16 D flip-flops and the two counters with the size of 5 bits are implemented in this experiment respectively.

Table 3 compares proposed scheme with other schemes which include MKR [20], Mode reset [21], DFFs [22] and Scan Chain Encryption [23]. Compared to other secure schemes, the proposed secure scan design has a lower area overhead and improves security without affecting the functionality of the original circuitry. MKR [20] uses a secure test controller to manage the circuit, which has the following advantages: no test preparation time and high security. However, it can’t test the secret key registers. Mode reset [21] causes high overhead and is vulnerable to the test mode only attack. The hardware overhead of DFFs [22] is more desirable, but which is vulnerable to bit-role identification attack. Scan chain encryption [23] has a high hardware overhead and is vulnerable to memory attack.

From the above analysis, it can be seen that this design has high security and low overhead without affecting the testability of the chip.

Table 1. Synthesis results for the scan design and the secure design

Circuit Name


Area (µm2)

Power (µW)























Table 2. The percentage of area and power overhead

Circuit Name

Area overhead (µm2)


Power overhead (µW)

















Table 3. Comparison of different secure solutions


Area overhead(%)


Impact on testability

Impact on test time


Probability of brute attack






k clock cycles before testing

MKR [20]




Limited by inability to test secret-key registers


Mode reset [21]

$\approx 10$

Test mode only attack




DFFs [22]


Bit-role identification attack

$C_{K_{b}}^{S_{L}*\# SC}*2^{{k_{b}}}$


Multiple clock cycles before testing

Scan Chain Encryption [23]


Memory attack



Multiple clocks for key decryption

Notes: k means the length of scan input key.


In this paper, a lightweight scan architecture against the scan-based side-channel attack is proposed to protect the IP cores without sacrificing the testability. If the attackers enter the wrong scan input key, they can only acquire some obfuscation values from the scan-out port. Therefore, it is very difficult for them to decipher this architecture. Finally, the proposed scheme is verified on AES-Pipelined, AES-Iterative, Vga-Lcd and compared with other security countermeasures. The experimental results indicate that this design has a very low hardware overhead and this scheme is known to be highly security and testability from theoretical analysis.


This work was supported in part by the Scientific Research Fund of Hunan Provincial Education Department under Grant no. 22A0686, and in part by the Natural Science Foundation of Hunan Province under Grant no. 2023JJ30316.


J. Wang, W. Chen, L. Wang et al., “Data secure storage mechanism of sensor networks based on blockchain,” Computers, Materials & Continua, vol. 65, no. 3, pp. 2365-2384, 2020.URL
J. Wang, Y. Gao, C. Zhou et al., “Optimal coverage multi-path scheduling scheme with multiple mobile sinks for wsns,” Computers, Materials & Continua, vol. 62, no. 2, pp. 695-711, 2020.DOI
J. Wang, Y. Gao, W. Liu, W. Wu and S. J. Lim, “An asynchronous clustering and mobile data gathering schema based on timer mechanism in wireless sensor networks,” Computers, Materials & Continua, vol. 58, no. 3, pp. 711-725, 2019.URL
J. Wang, Y. Yang, T. Wang et al., “Big data service architecture: a survey,” Journal of Internet Technology, vol. 21, no. 2, pp. 393-405, 2020.URL
J. Wang, Y. Yang, J. Zhang, X. Yu, O. Alfarraj et al., “A data-aware remote procedure call method for big data systems,” Computer Systems Science and Engineering, vol. 35, no. 6, pp. 523-532, 2020.URL
B. Yin and X. Wei, “Communication-Efficient data aggregation tree construction for complex queries in IoT applications,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 3352-3363, 2019.DOI
J. Zhang and G. Qu, “Physical Unclonable Function-Based Key Sharing via Machine Learning for IoT Security,” in IEEE Transactions on Industrial Electronics, vol. 67, no. 8, pp. 7025-7033, Aug. 2020.DOI
F. Yu, L. Liu, L. Xiao, K. Li and S. Cai, “A robust and fixed-time zeroing neural dynamics for computing time-variant nonlinear equation using a novel nonlinear activation function,” Neuro-computing, vol. 350, pp. 108-116, 2019.DOI
F. Yu, L. Gao, L. Liu, S. Qian, S. Cai et al., “A 1V, 0.53ns, 59μW current comparator using standard 0.18μm CMOS technology,” Wireless Personal Communications, vol. 111, pp. 843-851, 2020.DOI
W. Z. Wang, Y. Chen, S. Cai and Y. Peng, “Preventing scan-based side-channel attacks by scan obfuscating with a configurable shift register,” Security and Communication Networks, vol. 2021, no. 5222670, pp. 1-9, 2021.DOI
Shuo Cai, Yan Wen, Caicai Xie et al., “Low-power and high-speed SRAM cells for double-node-upset recovery,” Integration, Vol. 91, pp. 1-9, 2023.DOI
Y. Atobe, Y. Shi, M. Yanagisawa, and N. Togawa, “Dynamically changeable secure scan architecture against scan-based side channel attack,” in Proc. Int. SoC Design Conf. (ISOCC), Nov. 2012, pp. 155-158.DOI
D. Hely, M. Flottes, F. Bancel et al., “Scan design and secure chip,” in Proc. Int. Line Test. Symp. (IOLTS), 2004, pp. 219-224.URL
J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, “Securing designs against scan-based side-channel attacks,” IEEE Trans. Dependable Secure Comput., vol. 4, no. 4, pp. 325-336, Oct. 2007.DOI
Y. Atobe, Y. Shi, M. Yanagisawa et al., “Secure scan design with dynamically configurable connection,” in Proc. IEEE 19th Pacific Rim Int. Symp. Dependable Comput., Dec. 2013, pp. 256-262.DOI
A. Cui, Y . Luo, H. Li, and G. Qu, “Why current secure scan designs fail and how to fix them?” Integration, vol. 56, pp. 105-114, Jan. 2017.DOI
R. Nara, K. Satoh, M. Yanagisawa et al., “Scan-based side-channel attack against RSA cryptosystems using scan signatures,” IEICE Trans. Fundam. Electron., Commun. Comput. Sci., vol. E93A, no. 12, pp. 2481-2489, 2010.DOI
M. Inoue, T. Y oneda, M. Hasegawa et al., “Partial scan approach for secret information protection,” in Proc. 14th IEEE Eur . Test Symp., May 2009, pp. 143-148.DOI
X. Chen, Z. Lu, G. Qu, and A. Cui, “Partial scan design against scan-based side channel attacks,” in Proc. 17th IEEE Int. Conf. Trust, Secur . Privacy Comput. Commun., Aug. 2018, pp. 1484-1489.DOI
B. Yang, K. Wu, and R. Karri, “Secure scan: A Design-for-Test architecture for crypto chips,” IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., vol. 25, no. 10, pp. 2287-2293, Oct. 2006.DOI
D. Hely, F. Bancel, M. L. Flottes et al., “Securing scan control in crypto chips,” Journal of Electronic Testing Theory & Applications, vol. 23, no. 5, pp. 457-464, 2007.DOI
J. Lee, M. Tebranipoor, and J. Plusquellic, “A low-cost solution for protecting IPs against scan-based side-channel attacks,” in Proc. IEEE VLSI Test Symp. (VTS), Oct. 2006, p. 6-pp.DOI
M. Da Silva, M. l. Flottes, G. Di Natale et al., “Scan chain encryption for the test, diagnosis and debug of secure circuits,” in 2017 22nd IEEE European Test Symposium, Limassol, Cyprus, pp. 1-6, 2017.DOI
A. Cui, C. H. Chang, W. Zhou and Y. Zheng, “A new PUF based lock and key solution for secure in-field testing of cryptographic chips,” IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 2, pp. 1095-1105, 2021.DOI
J. Zhang, L. Ding, Z. Chen et al., “DA PUF: dual-state analog PUF,” in Proceedings of the 59th ACM/IEEE Design Automation Conference (DAC '22), New York, NY, USA, pp. 73-78, 2022.DOI
J. Shi, Y. Lu and J. Zhang, “Approximation Attacks on Strong PUFs,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 10, pp. 2138-2151, Oct. 2020.DOI
J. Zhang, C. Shen, H. Su et al., “Voltage over-scaling-based lightweight authentication for IoT security,” IEEE Transactions on Computers, vol.71, no. 2, pp. 323-336, 2021.DOI
Z. Chen, W. Lee, Q. Hong et al., “A Lightweight and Machine-Learning-Resistant PUF Using Obfuscation-Feedback-Shift-Register,” IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 69, no. 11, pp. 4543-4547, 2022.DOI
Xiangqi Wang

Xiangqi Wang received the Ph.D. degree in Computational Mathe-matics from Hunan Normal University, Changsha, China in 2016. Since 2017, she has been an Assistant Professor with Hunan First Normal University, China. She was a visiting scholar at Peking University. Her current research interests include parallel computing, artificial intelligence security.

Xingxing Gong

Xingxing Gong is a graduate student at College of Computer and Communication Engineering, Chang- sha University of Science & Technology. His research interests include design for testability and hardware security.

Xianmin Pan

Xianmin Pan received the Master's degree in Electronic Technology from Zhongnan University of Economics and Law, Wuhan, China, in 2004. He is currently a Professor with the College of Information Science and Engineering, Hunan Women's University, Changsha, China. His research interests include artificial intelligence, data security.

Weizheng Wang

Weizheng Wang received the B.S. degree in applied mathematics and the Ph.D. degree in computer application technology from Hunan University, Changsha, China, in 2005 and 2011, respectively. He is currently an Associate Professor with the School of Computer and Communication Engineering, Changsha University of Science & Technology, Changsha. His research interests include hardware security, artificial intelligence Security