AES-based BIST: self-test, test pattern generation and signature analysis M. Doulcier, M.L. Flottes and B. Rouzeyre Laboratoire d’Informatique, de Robotique et de Microélectronique de Montpellier LIRMM, Univ. Montpellier II / CNRS 161 rue Ada, 34932 Montpellier, France {doulcier, flottes, rouzeyre}@lirmm.fr Abstract Re-using embedded resources for implementing built- in self test mechanisms allows test cost reduction. In this paper we demonstrate how to implement cost- efficient built-in self test functions from the AES cryptoalgorithm hardware implementation in a secure system. Self-test of the proposed implementation is also presented. A statistical test suite and fault-simulation are used for evaluating the efficiency of the corresponding cryptocore as pseudo-random test pattern generator; an analytical approach demonstrates the low probability of aliasing when used for test response compaction. Keywords: secure systems, AES core, BIST 1. Introduction Nowadays, secure circuits are commonly used for applications such as e-banking, pay tv, cell phone... Because they hold personal data and must process secure operations, security requirements such as source/sink authentication, data integrity, confidentiality, or tamper resistance are maintained by means of several dedicated components. Confidentiality is ensured through cryptographic mechanisms generally implemented on co-processors. These mechanisms encode/decode plaintexts/cipher texts with the help of secret keys that must be preserved from compromise. Testing a secure circuit requires a specific attention since any undetected malfunction may induce a vulnerability and any extra test mechanism may induce new security vulnerabilities. For instance, generation of deterministic test patterns and design for testability such as scan design provide very high fault coverage. This mechanism minimizes the probability to deliver a supposedly secure system, but actually faulty chip, which could fail to protect the secret data. However, the scan path itself may compromise the security of the system since it provides facilities for controlling or observing sensitive data (scan based attacks have been demonstrated in [1] and [2]). Specific secure scan design methodologies such as the ones detailed in [3] and [4] can prevent abusive usage of the scan path but requires extra area and design effort. Conversely, the Built-In Self Test (BIST) approach does not require visible scan chains. When the test mode is started, scan chains are fed from on-chip test resources and scanned-out test responses are compacted into a signature. The only test output is this compacted signature or the comparison result of this signature with a pre-computed “gold” one. The BIST strategy is considered as a good alternative if it provides acceptable fault coverage and low area overhead (apart from its recurrent cost, extra area for BIST implementation may in turn be subject to faults and, consequently, must be keep as low as possible). Re-using a cryptographic core (“cryptocore”) as test pattern generator (TPG) or signature analyser (SA) for other cores in the system prevents the insertion of any other dedicated hardware. However efficiency in terms of pattern generation and response compaction must be evaluated. In this paper we investigate a BIST solution based on a common “cryptoalgorithm” classically implemented on smart cards and other secure devices. The cryptoalgorithm and its original implementation for supporting test pattern generation and response compaction are presented in section 2. The self-test of the corresponding implementation is discussed in section 3. The test sequences generated from the proposed cryptocore-based generator are evaluated in section 4. Section 5 discusses the usage of the cryptocore as signature analyser. Conclusions are given in section 6. 2. Cryptocore and implementations The “Rijndael” cryptoalgorithm developed by Vincent Rijmen and Joan Daemen was officially 4th IEEE International Symposium on Electronic Design, Test & Application 0-7695-3110-5/08 $25.00 © 2008 IEEE DOI 10.1109/DELTA.2008.86 314 4th IEEE International Symposium on Electronic Design, Test & Applications 0-7695-3110-5/08 $25.00 © 2008 IEEE DOI 10.1109/DELTA.2008.86 314 4th IEEE International Symposium on Electronic Design, Test & Applications 0-7695-3110-5/08 $25.00 © 2008 IEEE DOI 10.1109/DELTA.2008.86 314 4th IEEE International Symposium on Electronic Design, Test & Applications 0-7695-3110-5/08 $25.00 © 2008 IEEE DOI 10.1109/DELTA.2008.86 314