Test & secure ICs
We are looking at new challenges induced by new integration technologies (e.g. 3D circuits) and by applications related to security, reliability and trust. Our activities rely on an expertise in digital circuit and integrated systems testing as well as on a recognized competence in hardware cryptography.
Test of integrated 3D systems
The spreading of solutions with 3D integration technology necessitates developing innovative solutions allowing testing these complex components not only after fabrication steps but also during all the assembly (stacking) steps.
Our last research in this domain has been conducted within the framework of an European project (Catrene Program: TOETS) and direct partnership with CEA-Leti and NXP.
We propose test strategies and related architectural solutions. We mainly focus on:
- the development of a solution allowing recursive test of SiP (Systems-In-Package) during the assembly process or after deployment. (US patent [00767777; DCpatent11], Exhibition Award European Nanoelectronics 2012 – 3rd/74 represented European projects),
- the development of a Built-In-Self-Test architecture dedicated to TSVs (Through-Silicon-Vias: inter chip interconnections internes in 3D circuits) before and after stacking ([00838524; FVnewcas13], a patent is currently under deposit).
- the definition and design of test infrastructures at system level which necessitate to be adapted to deal with the broadcasting and the volume of test data. Both 2d and 3D systems are considered [00375078;DFivlsi09].
Design for test and Security
In spite of their benefit for test purpose, test infrastructures of digital circuit (e.g. scan chains) are backdoors for cryptographic circuits since they allow potential attacks. In fact, they allow the observation of internal states of the circuit, states from which an attacker can devise secret information (e.g. cryptographic keys). Here the objective is two-fold: on one hand to determine which sensitive information can leak through the most recent test infrastructures (development of new attacks) and on the other hand to propose efficient counter-measures without compromising the quality of fabrication test or on-line test [00407163;FDets09].
This topic benefits, since many years, from collaborative projects with different companies e.g. STMicroelectronics or INVIA (Project OESO/ANVAR Prosecure.)
The analysis of observable data through the most sophisticated test infrastructures (test data decompressors, unknown value masking structures, test response compactors, etc.) allowed us to propose original attacks applicable to up-to-date circuits (e.g. signature attack [00694536; DDvts12]), as well as efficient countermeasures [00365359;DDtvlsi10].
Fault tolerance for secure circuits
Secure devices are the targets of numerous types of attacks. Among them, side-channel and fault attacks have proven to be very effective (besides scan attacks.) Fault attacks consist in intentionally altering the circuit to produce an erroneous result, i.e in injecting a fault in the circuit. By comparing the right result with the faulty one, an attacker can devise secret information. Those faults, a priori transient, have to be on-line detected in order to quickly protect sensitive data.
This topic is funded by several contracts: FUIs Calisson 2007-10, 2011-15, Catrene TOETS 2009-12, ANR Liesse 2012-16.
More precisely, we focus our research on:
- the development of fault detection methods and structures at low level (current sensors, [00715117;BTmej12]), logic level (error detection, [00437252; BDchap.9ouvrageFaultDetection10]), and architectural level (roll-back after short/long transient faults [00838389;BDjetta.13]),
- the development of related CAD tools (multi-transient fault simulator).
- The development of analysis tools for detecting how a counter-measure for a particular attack may ease other attacks. In particular, we have studied the correlation between the introduction of error detection/correction codes (to cope with fault attacks) and the power consumption analysis.
- The analysis of novel methods of attacks based on the observation of the light emission of a circuit. A new kind of attack called DLEA (Differential Light Emission Analysis) [00532636;BCches10] has been set in the framework of collaboration with Thales and CNES CNES.
Hardware Security and Trust
Hardware Trojans (HT) are malicious circuit’s alterations introduced to change the circuit expected functionality at mission time. The goal of such alterations can be to introduce hidden functionality, reduce the integrated circuit’s reliability, let leak sensitive information from the device, or to prevent operation of a function (Denial-of-service). These Trojans can be designed to be always on, i.e. able to affect the infected circuit at any time, or they may require an internal or external trigger to become active. We are interested by detection of HTs by no-destructive methods
This topic is funded by several contracts: HOMERE (2012-2014) FUI AAP14 and COST Action IC - 1204 Trustworthy Manufacturing and Utilization of Secure Devices.
We focus our research on the detection of HT that can be inserted during the manufacturing steps. Our approach relies on triggering the HT by pplying adapted patterns. Those patterns are specifically generated taking into not only the circuit's netlist but also layout information
Sponsored research projects
Design of secure processors
Laser effects on ICs
3D circuits testing
Fault in secure ICs
Last update on 09/01/2019
Membres du groupe Test & Sécurisation des CIs
Georgio Di Natale
Bruno Rouzeyre (responsable)
Papa Sidy BA