Security vulnerability analysis of design-for-test exploits for asset protection in SoCs
Title | Security vulnerability analysis of design-for-test exploits for asset protection in SoCs |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Contreras, G. K., Nahiyan, A., Bhunia, S., Forte, D., Tehranipoor, M. |
Conference Name | 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC) |
ISBN Number | 978-1-5090-1558-0 |
Keywords | asset protection, automated security vulnerability analysis framework, availability policies, Collaboration, confidentiality, control finite state machines, Controllability, cryptography, design for testability, design-for-test exploits, Discrete Fourier transforms, Encryption, encryption algorithms, information leakage vulnerabilities, integrity, internal modules, IP networks, Logic gates, memory read-write functions, policy-based governance, pubcrawl, secret keys, secure microprocessors, Security Policies Analysis, SoC integration, system-on-chip, system-on-chips, test structures |
Abstract | SoCs implementing security modules should be both testable and secure. Oversights in a design's test structure could expose internal modules creating security vulnerabilities during test. In this paper, for the first time, we propose a novel automated security vulnerability analysis framework to identify violations of confidentiality, integrity, and availability policies caused by test structures and designer oversights during SoC integration. Results demonstrate existing information leakage vulnerabilities in implementations of various encryption algorithms and secure microprocessors. These can be exploited to obtain secret keys, control finite state machines, or gain unauthorized access to memory read/write functions. |
URL | https://ieeexplore.ieee.org/document/7858392/ |
DOI | 10.1109/ASPDAC.2017.7858392 |
Citation Key | contreras_security_2017 |
- integrity
- test structures
- system-on-chips
- system-on-chip
- SoC integration
- Security Policies Analysis
- secure microprocessors
- secret keys
- pubcrawl
- policy-based governance
- memory read-write functions
- Logic gates
- IP networks
- internal modules
- asset protection
- information leakage vulnerabilities
- encryption algorithms
- encryption
- Discrete Fourier transforms
- design-for-test exploits
- design for testability
- Cryptography
- Controllability
- control finite state machines
- confidentiality
- collaboration
- availability policies
- automated security vulnerability analysis framework