Ensuring high testability without degrading security: Embedded tutorial on “test and security”

Cryptographic algorithms are used to protect sensitive information when the communication medium is not secure. Unfortunately, the hardware implementation of these cryptographic algorithms allows secret key retrieval using different forms of attacks based on the observation of key-related information: physical information (side-channel attacks), faulty behaviors (fault-based attacks), or internal states (DFT-based attacks) for instance. Dedicated design for security techniques have been proposed so far, ranging from the development of specific cell libraries to the implementation of extra functions for preventing the leakage of useful information for key identification. On the other hand, users can expect high quality product for secure applications and this expectation requires the development of test solutions for every component of the secure device. However, testing those devices faces a double dilemma: (i) how to test and, possibly, develop design-for-testability schemes providing high testability (high controllability/observability) while maintaining high security (no leakage), (ii) how to provide high security using dedicated design rules while maintaining high testability. This tutorial will address these issues presenting the security weaknesses generated by classical DFT techniques, pros and cons of security-dedicated DFT, BIST and Fault tolerance solutions, and impact of design for security techniques on testability.