Improving encoding efficiency in test compression based on linear techniques

Muthyala Sudhakar, Sreenivaas

10 February 2015

Sequential linear decompressors are widely used to implement test compression. Bits stored on the tester (called free variables) are assigned values to encode the test vectors such that when the tester data is decompressed, it reproduces the care bits in the test cube losslessly. In order to do this, the free variable dependence of the scan cells is obtained by symbolic simulation and a system of linear equations, one equation per care bit in a test cube, is solved to obtain the tester data. Existing techniques reset the decompressor after every test cube to avoid accumulating too many free variables, to keep the computation for encoding manageable. This leads to wastage of unused free variables and reduces the efficiency in encoding. Moreover, existing techniques preload the decompressor with free variables before scan shifting, which increases test time to help encode the early scan cells. This dissertation presents new approaches that improve the efficiency of the decompression process, achieving greater test compression and reducing test costs. The contributions of this dissertation include a low cost method to retain unused free variables while encoding a test cube and reuse them while encoding other test cubes with a minor increase in computational complexity. In addition, a test scheduling mechanism is described for system on chip (SoC) architectures that implements retaining unused free variables for SoCs without any hardware overhead and with little additional control. For testing 3D-ICs, a novel daisy-chain architecture for the sequential linear decompressor is proposed for sharing unused free variables across layers with a reduced number of TSVs (through silicon via) needed to transport test data (also called test elevators) to non-bottom layers. A scan feedforward technique is proposed which improves the free variable dependence of the scan cells, thereby increasing the probability of encoding of test cubes, especially when the early scan cells have a lot of specified bits, thereby avoiding the need for preloading the decompressor. Lastly, a feedforward/feedback mechanism in the scan chains for combinational linear decompressors is proposed which improves encoding flexibility and reduces tester data without pipelining the decompressor like the conventional methods, thereby reducing the test time. / text

Test compression

Sequential linear decompressors

Encoding efficiency

Scan chains

METHODS TO MINIMIZE LINEAR DEPENDENCIES IN TWO-DIMENSIONAL SCAN DESIGNS

Kakade, Jayawant Shridhar

01 January 2008

Two-dimensional scan design is an effective BIST architecture that uses multiple scan chains in parallel to test the Circuit Under Test (CUT). Linear Finite State Machines (LFSMs) are often used as on-board Pseudo Random Pattern Generators (PRPGs) in two-dimensional scan designs. However, linear dependencies present in the LFSM generated test-bit sequences adversely affect the resultant fault coverage in two-dimensional scan designs. In this work, we present methods that improve the resultant fault coverage in two-dimensional scan designs through the minimization of linear dependencies. Currently, metric of channel separation and matrix-based metric are used in order to estimate linear dependencies in a CUT. When the underlying sub-circuit (cone) structure of a CUT is available, the matrix-based metric can be used more effectively. Fisrt, we present two methods that use matrix-based metric and minimize the overall linear dependencies in a CUT through explicitly minimizing linear dependencies in the highest number of underlying cones of the CUT. The first method minimizes linear dependencies in a CUT through the selection of an appropriate LFSM structure. On the other hand, the second method synthesizes a phase shifter for a specified LFSM structure such that the overall linear dependencies in a CUT are minimized. However, the underlying structure of a CUT is not always available and in such cases the metric of channel separation can be used more effectively. The metric of channel separation is an empirical measure of linear dependencies and an ad-hoc large channel separation is imposed between the successive scan chains of a two-dimensional scan design in order to minimize the linear dependencies. Present techniques use LFSMs with additional phase shifters (LFSM/PS) as PRPGs in order to obtain desired levels of channel separation. We demonstrate that Generalized LFSRs (GLFSRs) are a better choice as PRPGs compared to LFSM/PS and obtain desired levels of channel separations at a lower hardware cost than the LFSM/PS. Experimental results corroborate the effectiveness of the proposed methods through increased levels of the resultant fault coverage in two-dimensional scan designs.

Built-in Self Test (BIST)

Design for Test (DFT)

Linear Dependencies

Linear Finite State Machines (LFSM)

Scan Chains

VLSI Test

Securing a trusted hardware environment (Trusted Execution Environment) / Sécurisation d'un environnement matériel de confiance (Trusted Execution Environement)

Da Silva, Mathieu

26 November 2018

Ce travail de thèse a pour cadre le projet Trusted Environment Execution eVAluation (TEEVA) (projet français FUI n°20 de Janvier 2016 à Décembre 2018) qui vise à évaluer deux solutions alternatives de sécurisation des plateformes mobiles, l’une est purement logicielle, la Whitebox Crypto, alors que l’autre intègre des éléments logiciels et matériels, le Trusted Environment Execution (TEE). Le TEE s’appuie sur la technologie TrustZone d’ARM disponible sur de nombreux chipsets du marché tels que des smartphones et tablettes Android. Cette thèse se concentre sur l’architecture TEE, l’objectif étant d’analyser les menaces potentielles liées aux infrastructures de test/debug classiquement intégrées dans les circuits pour contrôler la conformité fonctionnelle après fabrication.Le test est une étape indispensable dans la production d’un circuit intégré afin d’assurer fiabilité et qualité du produit final. En raison de l’extrême complexité des circuits intégrés actuels, les procédures de test ne peuvent pas reposer sur un simple contrôle des entrées primaires avec des patterns de test, puis sur l’observation des réponses de test produites sur les sorties primaires. Les infrastructures de test doivent être intégrées dans le matériel au moment du design, implémentant les techniques de Design-for-Testability (DfT). La technique DfT la plus commune est l’insertion de chaînes de scan. Les registres sont connectés en une ou plusieurs chaîne(s), appelé chaîne(s) de scan. Ainsi, un testeur peut contrôler et observer les états internes du circuit à travers les broches dédiées. Malheureusement, cette infrastructure de test peut aussi être utilisée pour extraire des informations sensibles stockées ou traitées dans le circuit, comme par exemple des données fortement corrélées à une clé secrète. Une attaque par scan consiste à récupérer la clé secrète d’un crypto-processeur grâce à l’observation de résultats partiellement encryptés.Des expérimentations ont été conduites sur la carte électronique de démonstration avec le TEE afin d’analyser sa sécurité contre une attaque par scan. Dans la carte électronique de démonstration, une contremesure est implémentée afin de protéger les données sensibles traitées et sauvegardées dans le TEE. Les accès de test sont déconnectés, protégeant contre les attaques exploitant les infrastructures de test, au dépend des possibilités de test, diagnostic et debug après mise en service du circuit. Les résultats d’expérience ont montré que les circuits intégrés basés sur la technologie TrustZone ont besoin d’implanter une contremesure qui protège les données extraites des chaînes de scan. Outre cette simple contremesure consistant à éviter l’accès aux chaînes de scan, des contremesures plus avancées ont été développées dans la littérature pour assurer la sécurité tout en préservant l’accès au test et au debug. Nous avons analysé un état de l’art des contremesures contre les attaques par scan. De cette étude, nous avons proposé une nouvelle contremesure qui préserve l’accès aux chaînes de scan tout en les protégeant, qui s’intègre facilement dans un système, et qui ne nécessite aucun redesign du circuit après insertion des chaînes de scan tout en préservant la testabilité du circuit. Notre solution est basée sur l’encryption du canal de test, elle assure la confidentialité des communications entre le circuit et le testeur tout en empêchant son utilisation par des utilisateurs non autorisés. Plusieurs architectures ont été étudiées, ce document rapporte également les avantages et les inconvénients des solutions envisagées en terme de sécurité et de performance. / This work is part of the Trusted Environment Execution eVAluation (TEEVA) project (French project FUI n°20 from January 2016 to December 2018) that aims to evaluate two alternative solutions for secure mobile platforms: a purely software one, the Whitebox Crypto, and a TEE solution, which integrates software and hardware components. The TEE relies on the ARM TrustZone technology available on many of the chipsets for the Android smartphones and tablets market. This thesis focuses on the TEE architecture. The goal is to analyze potential threats linked to the test/debug infrastructures classically embedded in hardware systems for functional conformity checking after manufacturing.Testing is a mandatory step in the integrated circuit production because it ensures the required quality and reliability of the devices. Because of the extreme complexity of nowadays integrated circuits, test procedures cannot rely on a simple control of primary inputs with test patterns, then observation of produced test responses on primary outputs. Test facilities must be embedded in the hardware at design time, implementing the so-called Design-for-Testability (DfT) techniques. The most popular DfT technique is the scan design. Thanks to this test-driven synthesis, registers are connected in one or several chain(s), the so-called scan chain(s). A tester can then control and observe the internal states of the circuit through dedicated scan pins and components. Unfortunately, this test infrastructure can also be used to extract sensitive information stored or processed in the chip, data strongly correlated to a secret key for instance. A scan attack consists in retrieving the secret key of a crypto-processor thanks to the observation of partially encrypted results.Experiments have been conducted during the project on the demonstrator board with the target TEE in order to analyze its security against a scan-based attack. In the demonstrator board, a countermeasure is implemented to ensure the security of the assets processed and saved in the TEE. The test accesses are disconnected preventing attacks exploiting test infrastructures but disabling the test interfaces for testing, diagnosis and debug purposes. The experimental results have shown that chips based on TrustZone technology need to implement a countermeasure to protect the data extracted from the scan chains. Besides the simple countermeasure consisting to avoid scan accesses, further countermeasures have been developed in the literature to ensure security while preserving test and debug facilities. State-of-the-art countermeasures against scan-based attacks have been analyzed. From this study, we investigate a new proposal in order to preserve the scan chain access while preventing attacks, and to provide a plug-and-play countermeasure that does not require any redesign of the scanned circuit while maintaining its testability. Our solution is based on the encryption of the test communication, it provides confidentiality of the communication between the circuit and the tester and prevents usage from unauthorized users. Several architectures have been investigated, this document also reports pros and cons of envisaged solutions in terms of security and performance.

Test et Sécurité

Sécurité matérielle

Contremesures contre les attaques scan

Encryption du canal de test

TEE (Trusted Environment Execution)

Test and Security

Hardware Security

Scan Attacks Countermeasures

Scan Encryption

TEE (Trusted Environment Execution)