Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Software/Hardware Hybrid In-Field Testing for System-on-Chip

Saleh Mulhem, Christian Ewert, Andrija Neskovic, Amrit Sharma Poudel, Christoph Hübner, Mladen Berekovic, Rainer Buchty

TL;DR

This paper tackles insecure in-field BIST by presenting a secure software/hardware hybrid powered by a device-specific KMAC signature engine and CPU-coordinated test scheduling. It integrates a golden reference via a graph-based SoC model, enabling both on-chip and remote testing without exposing internal DUT details. The approach achieves high fault coverage with zero signature aliasing and reduces the need for heavy dedicated hardware, demonstrated on a RISC-V based SoC with practical FPGA overhead and ISCAS-85 benchmarks. The work advances secure in-field SoC testing by combining cryptographic ORA with SBIST, offering robust obfuscation against signature-analysis attacks while preserving DUT availability.

Abstract

Modern Systems-on-Chip (SoCs) incorporate built-in self-test (BIST) modules deeply integrated into the device's intellectual property (IP) blocks. Such modules handle hardware faults and defects during device operation. As such, BIST results potentially reveal the internal structure and state of the device under test (DUT) and hence open attack vectors. So-called result compaction can overcome this vulnerability by hiding the BIST chain structure but introduces the issues of aliasing and invalid signatures. Software-BIST provides a flexible solution, that can tackle these issues, but suffers from limited observability and fault coverage. In this paper, we hence introduce a low-overhead software/hardware hybrid approach that overcomes the mentioned limitations. It relies on (a) keyed-hash message authentication code (KMAC) available on the SoC providing device-specific secure and valid signatures with zero aliasing and (b) the SoC processor for test scheduling hence increasing DUT availability. The proposed approach offers both on-chip- and remote-testing capabilities. We showcase a RISC-V-based SoC to demonstrate our approach, discussing system overhead and resulting compaction rates.

Secure Software/Hardware Hybrid In-Field Testing for System-on-Chip

TL;DR

This paper tackles insecure in-field BIST by presenting a secure software/hardware hybrid powered by a device-specific KMAC signature engine and CPU-coordinated test scheduling. It integrates a golden reference via a graph-based SoC model, enabling both on-chip and remote testing without exposing internal DUT details. The approach achieves high fault coverage with zero signature aliasing and reduces the need for heavy dedicated hardware, demonstrated on a RISC-V based SoC with practical FPGA overhead and ISCAS-85 benchmarks. The work advances secure in-field SoC testing by combining cryptographic ORA with SBIST, offering robust obfuscation against signature-analysis attacks while preserving DUT availability.

Abstract

Modern Systems-on-Chip (SoCs) incorporate built-in self-test (BIST) modules deeply integrated into the device's intellectual property (IP) blocks. Such modules handle hardware faults and defects during device operation. As such, BIST results potentially reveal the internal structure and state of the device under test (DUT) and hence open attack vectors. So-called result compaction can overcome this vulnerability by hiding the BIST chain structure but introduces the issues of aliasing and invalid signatures. Software-BIST provides a flexible solution, that can tackle these issues, but suffers from limited observability and fault coverage. In this paper, we hence introduce a low-overhead software/hardware hybrid approach that overcomes the mentioned limitations. It relies on (a) keyed-hash message authentication code (KMAC) available on the SoC providing device-specific secure and valid signatures with zero aliasing and (b) the SoC processor for test scheduling hence increasing DUT availability. The proposed approach offers both on-chip- and remote-testing capabilities. We showcase a RISC-V-based SoC to demonstrate our approach, discussing system overhead and resulting compaction rates.
Paper Structure (17 sections, 5 equations, 4 figures, 3 tables)

This paper contains 17 sections, 5 equations, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background & Related Work
  3. SoC In-field Test Approaches
  4. SoC Test Vulnerabilities and Countermeasures
  5. Cryptographic Primitives-based Solutions for SoC Test Vulnerabilities
  6. The Proposed Methodology
  7. Golden Reference Signature Generation
  8. KMAC-based Test Method: Setup
  9. KMAC-based Test Method: Concept
  10. Two Configurations of the Proposed Test Method
  11. On-Chip Testing
  12. Remote Testing
  13. Hash Selection & Test Security Analysis
  14. Cryptographic Hash Selection
  15. Test Security Analysis
  16. ...and 2 more sections

Figures (4)

  • Figure 1: Signature Generation based on SoC Graph Model
  • Figure 2: DUT & Test Domain Separation
  • Figure 3: The proposed SoC Hash-based Test Method
  • Figure 4: Proposed KMAC-based Test Method