EP1652217A2 - Verfahren und vorrichtung zum verwürfeln von zelleninhalt in einer integrierten schaltung - Google Patents

Verfahren und vorrichtung zum verwürfeln von zelleninhalt in einer integrierten schaltung

Info

Publication number
EP1652217A2
EP1652217A2 EP04777926A EP04777926A EP1652217A2 EP 1652217 A2 EP1652217 A2 EP 1652217A2 EP 04777926 A EP04777926 A EP 04777926A EP 04777926 A EP04777926 A EP 04777926A EP 1652217 A2 EP1652217 A2 EP 1652217A2
Authority
EP
European Patent Office
Prior art keywords
scrambling
unit
descrambling
data
sequential cell
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04777926A
Other languages
English (en)
French (fr)
Other versions
EP1652217A4 (de
Inventor
Alain Vergnes
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Atmel Corp
Original Assignee
Atmel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR0308405A external-priority patent/FR2857535A1/fr
Application filed by Atmel Corp filed Critical Atmel Corp
Publication of EP1652217A2 publication Critical patent/EP1652217A2/de
Publication of EP1652217A4 publication Critical patent/EP1652217A4/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/28Testing of electronic circuits, e.g. by signal tracer
    • G01R31/317Testing of digital circuits
    • G01R31/3181Functional testing
    • G01R31/3185Reconfiguring for testing, e.g. LSSD, partitioning
    • G01R31/318533Reconfiguring for testing, e.g. LSSD, partitioning using scanning techniques, e.g. LSSD, Boundary Scan, JTAG
    • G01R31/318555Control logic
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/28Testing of electronic circuits, e.g. by signal tracer
    • G01R31/317Testing of digital circuits
    • G01R31/3181Functional testing
    • G01R31/3185Reconfiguring for testing, e.g. LSSD, partitioning
    • G01R31/318533Reconfiguring for testing, e.g. LSSD, partitioning using scanning techniques, e.g. LSSD, Boundary Scan, JTAG
    • G01R31/318572Input/Output interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L25/00Baseband systems
    • H04L25/02Details ; arrangements for supplying electrical power along data transmission lines
    • H04L25/03Shaping networks in transmitter or receiver, e.g. adaptive shaping networks
    • H04L25/03828Arrangements for spectral shaping; Arrangements for providing signals with specified spectral properties
    • H04L25/03866Arrangements for spectral shaping; Arrangements for providing signals with specified spectral properties using scrambling

Definitions

  • the invention relates generally to sequential logic cell content and specifically to protecting register content in microcontrollers.
  • the Prior Art Integrated circuits (ICs) are typically tested for defects arising out of fabrication, and one of the tests used is a scan test.
  • One problem with ICs is protecting sensitive register content.
  • Registers may be comprised of sequential logic cells and each sequential logic cell is scannable. Scan methods are very efficient but provide an easy means of seeing the logical values of many nets or registers of the IC. Downloading the content of each register using the scan test is possible after a period of operation for the circuit.
  • scan tests are not available or they use scan methods combined with built-in scan vector generators and signature analyzer modules so that nothing can be downloaded from the pins of the ICs but defects may be found even if scan chain inputs and outputs do not appear on the top-level pin of the circuit.
  • SRAM Static RAM
  • Flash the data could be scrambled using crypt algorithms when write access is performed or unscrambled/decrypt when read.
  • FIG. 1 is schematic illustrating a prior art simplified microcontroller and scan chain system.
  • Microcontroller 100 includes microprocessor 102 coupled to memory 104.
  • Address decoder 106 receives and decodes addresses from microprocessor 102 for memory 104 and peripherals 108.
  • Address decoder 106 and peripherals 108 receive addresses on address bus 110 while address decoder 106 transmits select information on memory select 112 and peripheral select 114.
  • Data is transmitted between microprocessor 102, memory 104, and peripherals 108 on data bus 116.
  • a read or a write signal is transmitted between microprocessor 102 and memory 104 and peripherals 108 on read/write signal 117.
  • Microcontroller 100 receives clock signal 118 and reset signal 120.
  • Input 122 includes, for example, timer triggers and Universal Asynchronous Receiver/Transmitter (UART) input data while output 124 includes, for example, UART transmitter output data.
  • Peripherals 108 may be functional logic, for example UART, crypto-processing, digital signal processing (DSP), and digital filtering.
  • Scan chain system 126 connects to microcontroller 100. Dashed lines are used in the Figures to illustrate the path of signals related to scan chain system 126, while solid lines represent the path of signals following non-scan chain circuitry.
  • Microcontroller 100 receives a scan chain control signal on scan chain control 128 and data on scan chain input 130. Microcontroller 100 transmits data to scan chain system 126 on scan chain output 132. Within microcontroller 100, microprocessor 102 transmits control and data information on scan chain 134 to peripherals 108. Output from scan chain input determines whether peripherals 108 have fabrication defects.
  • Figure 2 is a schematic illustrating a more detailed, prior art example of peripheral 108 from Figure 1.
  • peripheral 108 includes address sub-decoder 200, configuration register 202, and processing logic 204. Inputs to peripheral 108 include peripheral select 114, read/write signal 117, address bus 110, clock 118 and data bus 116. Scan chain control 128 and scan chain input 130 are transmitted to peripheral 108 along scan chain 134 (not shown in Figure 2, see Figure 1).
  • address sub-decoder 200 receives signals from microprocessor 102 and address decoder 106. Address sub-decoder 200 transmits a write enable signal along enable write line 206 to selected multiplexers 208.
  • a multiplexer receives a write enable signal it selects from input available through data bus 116 and also from a sequential cell, for example a scan D flip-flop (SDFF) 210.
  • Multiplexers 208 transmit received input to their respective SDFFs 210.
  • SDFFs 210 transmit to processing logic 204 when they receive clock signals from clock 118.
  • a SDFF is a normal DFF with the D input driven by the output of a two-to-one multiplexer (not shown), the multiplexer having inputs SD and D, and a select pin SC (the two-to-one multiplexer is shown as a part of scan DFF 210, with inputs SC, SD and D).
  • the SD input is driven by either scan chain input 130 or output from a preceding scan DFF.
  • SDFF 210-1 receives data at input SD from scan chain input 130
  • SDFF 210- 2 receives data at input SD from the output of SDFF 210-1
  • Both SDFF 210 1 and 2 receive scan chain control signals (select signals) at input SC from scan chain control 130.
  • Microcontroller 100 may be operated normally, storing values in peripherals 108, and then switched to scan mode and the content of registers in peripherals 108 may be read out and analyzed.
  • SDFF 210-2 will transmit its value through scan register output 214 to processing logic 204.
  • Processing logic 204 transfers data from scan register output 214 directly to scan chain output 132 without altering the value.
  • Control signals transfer data from SDFF 210-1 to SDFF 210-2 and then out to scan chain output 132.
  • sensitive data loaded into registers may be read out using scan methodology.
  • a system and method of protecting sequential cell, or register content, in systems employing scan chain methodology is needed.
  • the system should protect sensitive data loaded into registers while allowing scan chain testing for functionality.
  • the system and method described here provides a way to scramble the value of the register without affecting the functionality of the associated logic.
  • a combinatorial network of logic cells is placed in front of the register and acts as a scrambling function not specified in any user datasheet because there is no user functionality associated.
  • the reverse combinatorial function is placed after the register. Therefore, even if register location is known through the scan register chain and its content after regular operation is downloaded, it is more difficult to ascertain the functional meaning of the value for the current application.
  • the invention reduces the ability to download the content of any sequential cell
  • Figure 1 is a schematic illustrating a prior art simplified microcontroller.
  • Figure 2 is a schematic illustrating a more detailed prior art example of a peripheral from Figure 1.
  • Figure 3 is a schematic illustrating the invention implemented with a peripheral from
  • Figure 1 is a schematic illustrating one embodiment of the invention using a predetermined scrambling function.
  • Figure 5 is a schematic illustrating one embodiment of the invention using a random scrambling function.
  • Figure 6 is a schematic illustrating one embodiment of the invention using a random scrambling function.
  • Figure 7 is a flow diagram illustrating a method of implementing the invention. DETAILED DESCRIPTION OF THE INVENTION The following description the invention is not intended to limit the scope of the invention to these embodiments, but rather to enable any person skilled in the art to make and use the invention.
  • the invention may use combinatorial networks to scramble memory cells making this method more convenient for pre-characterized DFFs, or SDFFs, (for example those DFFs within a register) while making sensitive material within the register more secure.
  • the invention allows scrambling and unscrambling of the content of a register in one clock cycle, in the case of a combinatorial network.
  • a sequential algorithm in front and after the targeted register may replace the combinatorial networks, though the sequential algorithm may take more than 1 clock cycle to scramble and unscramble the register content.
  • Protecting content of a register may be achieved by not inserting the DFFs in the scan chain so that the DFFs will not be tested.
  • the invention allows a straightforward test design flow (full scan) without the lack of confidentiality in a scan test.
  • the invention may be used on sequential elements acting as a configuration register in order to protect their content from being easily downloaded.
  • the scan chain system allows a read-out of the register content while the registers may hold sensitive or confidential data.
  • FIG. 3 is a schematic illustrating one embodiment of the invention implemented with a configuration register in a peripheral from Figure 1.
  • address sub-decoder 200 receives peripheral select 114, read/write signal 117, and address bus 110.
  • Address sub- decoder is connected to configuration register 202 by enable write line 206.
  • Configuration register 202 is connected to processing logic by descrambling unit 310.
  • Scrambling unit 300 is coupled to data bus 116 and configuration register 202.
  • Scrambling unit 300 is configured to receive data, or scrambling unit input, from data bus 116 and to scramble the input in either a predetermined, random, or pseudo-random method.
  • the scrambled data is transmitted to configuration register 202. If normal operations are halted and the register content read out by scan chain system 126, only scrambled data will be transmitted through scan register output 214 and scan chain output 132, protecting register content.
  • Descrambling unit 310 is coupled to configuration register 202 and is configured to receive the scrambled data from configuration register 202. Descrambling unit 310 is configured to descramble the scrambled data in the reverse manner that scrambling unit 300 scrambled the data.
  • the values output from descrambling unit 310 should be identical to the values input from data bus 116.
  • scrambling unit 300 and descrambling unit 310 are shown without a direct connection between them, one skilled in the art will recognize that they may receive/share a random or pseudo-randomly generated value.
  • a scrambling function works as follows. A first combinatorial network, scrambling unit 300, uses function FI and a second combinatorial network, descrambling unit 310, uses function F2. If X is an n-bit (n being an integer) binary coded input from data bus 116, then F1(X) is the resulting output value of the first combinatorial network.
  • FIG. 4 is a schematic illustrating one embodiment of the invention using a predetermined scrambling function.
  • Scrambling register 300 includes inverter 400 and XOR 410.
  • inverter 400 and XOR 410 The mathematical function of inverter 400 and XOR 410 is "+1 modulo 4.” If inputs D[0] and D[l] to scrambling unit 300 are "1" and "1,” respectively, then "11 +1 modulo 4" is equal to "00,” is the scrambling unit output of scrambling unit 300.
  • One skilled in the art will recognize that many different functions may be used to scramble and descramble the data, for example "+1 modulo N,” N being any integer.
  • Processing logic 204 should receive the initial input value of "11,” so inverter 420 and XNOR 430 of descrambling unit 310 produce the mathematical function "-1 modulo 4.”
  • a descrambling unit input of "00” becomes “00-1 modulo 4,” which is equal to "11.”
  • scrambling unit 300 produces a scrambling unit output that is loaded into configuration register 202 and transmitted to descrambling unit 310, which then produces a descrambled output, all within a single clock cycle.
  • FIG. 4 is a schematic illustrating one embodiment of the invention using a random scrambling function.
  • Scrambling unit 300 comprises, for example two-bit adder 500.
  • Coupled to scrambling unit 300 is a number generator, either random or pseudo-random, for example number generator 505.
  • Number generator 505 outputs a value to storage unit 510 and scrambling unit 300.
  • Scrambling unit 300 receives the output from number generator 505 and adder 500 adds that number to a two-bit value received from data bus 116. The resulting sum is then transmitted to configuration register 202. For example, if number generator 505 produces the binary value "01,” and scrambling unit 300 receives "11" at its D[0] and D[l] inputs, then the resulting sum is "00.” "00" is the binary value transmitted to configuration register 202.
  • Storage unit 510 saves the value output from number generator 505 so that whenever new data is written from data bus 116, a signal from write enable line 206 instructs storage unit 510 to output the new value, otherwise storage unit 510 outputs the last value used in scrambling unit 300.
  • Descrambling unit 310 receives from storage unit the binary value transmitted from number generator 505 to storage unit 510 during a given clock cycle. Continuing with the above example, configuration register 202, after receiving the value "00" from scrambling unit 300, transfers the value "00" to descrambling unit 310.
  • Descrambling unit 310 comprises two-bit subtracter 520, therefore descrambling unit 310 subtracts the value "01" from “00.”
  • the value "01” was generated by number generator 505 and stored in storage unit 510 during the same clock cycle that descrambling unit 310 receives the value "00.”
  • the result is "11,” which is the original value output from data bus 116 at the beginning of the clock cycle.
  • storage unit 510 comprises multiplexer 530 and DFF 540.
  • the content of configuration register 202 changes whenever it is being written to by data bus 116. In the next embodiment, the content of configuration register 202 changes every clock cycle, regardless of whether or not it is being written to.
  • Figure 6 is a schematic illustrating one embodiment of the invention using a random scrambling function.
  • data bus 116 transfers data to multiplexer 600.
  • Multiplexer 600 receives a write-enable signal from enable write line 206 and transmits the data received from data bus 116 to scrambling unit 300.
  • Scrambling unit 300 receives a random or pseudo-random number from number generator 505 and adds that number to the data received from multiplexer 600 with adder 500.
  • the number is a two-bit binary number.
  • the resulting scrambled number is transmitted to configuration register 610.
  • Configuration register 610 loads one bit of each of the two-bit scrambled number into one of each of SDFF.
  • DFF 630 also receives the random or pseudo-random number from number generator 505 and in the same clock cycle during which DFF 630 received the number, DFF 630 transmits the number to descrambling unit 310.
  • Descrambling unit 310 receives the random or pseudo-random number from DFF 630 and it receives the scrambled content from SDFFs 620.
  • Descrambling unit subtracts the random or pseudo-random number from the scrambled number using subtracter 525.
  • Descrambling unit 310 outputs the descrambled value to processing logic 204 and to multiplexer 600.
  • multiplexer 600 receives only descrambled output from descrambling unit 310. With no write-enable signal from enable write line 206, multiplexer 600 selects the descrambled output and transmits it to scrambling unit 300. Scrambling unit 300 receives a random or pseudo-random number from number generator 505 and the descrambled output, adds them and loads them into SDFFs 620. The effect of this is to rescramble with a new number, each clock cycle, the descrambled output from descrambling unit 310.
  • number generator 505 could be another configuration register, a configurable register that is not part of scan chain system 126, the output of a finite state machine status flag, interrupt flag, or any other random or determinable value generator. Sensitive or confidential material loaded into configuration register 610 is more difficult to recover due to a variable and continuous scrambling function.
  • Figure 7 is a flow diagram illustrating a method of scrambling sequential cell content in an integrated circuit. In block 700, scramble the data. In block 710, load the scrambled data into a sequential cell. In block 720, unload the scrambled data from the sequential cell. In block 730, descramble the data.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Logic Circuits (AREA)
  • Storage Device Security (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)
EP04777926A 2003-07-09 2004-07-08 Verfahren und vorrichtung zum verwürfeln von zelleninhalt in einer integrierten schaltung Withdrawn EP1652217A4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0308405A FR2857535A1 (fr) 2003-07-09 2003-07-09 Procede et systeme pour brouiller le contenu d'une cellule dans un circuit integre.
US10/861,683 US20050033961A1 (en) 2003-07-09 2004-06-04 Method and apparatus for scrambling cell content in an integrated circuit
PCT/US2004/022146 WO2005008729A2 (en) 2003-07-09 2004-07-08 Method and apparatus for scrambling cell content in an integrated circuit

Publications (2)

Publication Number Publication Date
EP1652217A2 true EP1652217A2 (de) 2006-05-03
EP1652217A4 EP1652217A4 (de) 2009-05-13

Family

ID=34081982

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04777926A Withdrawn EP1652217A4 (de) 2003-07-09 2004-07-08 Verfahren und vorrichtung zum verwürfeln von zelleninhalt in einer integrierten schaltung

Country Status (2)

Country Link
EP (1) EP1652217A4 (de)
WO (1) WO2005008729A2 (de)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4465901A (en) * 1979-06-04 1984-08-14 Best Robert M Crypto microprocessor that executes enciphered programs

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5442628A (en) * 1993-11-15 1995-08-15 Motorola, Inc. Local area network data processing system containing a quad elastic buffer and layer management (ELM) integrated circuit and method of switching
US5745479A (en) * 1995-02-24 1998-04-28 3Com Corporation Error detection in a wireless LAN environment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4465901A (en) * 1979-06-04 1984-08-14 Best Robert M Crypto microprocessor that executes enciphered programs

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
KUHN M: "The TrustNo 1 Cryptoprocessor Concept" THE TRUSTNO 1 CRYPTOPROCESSOR CONCEPT, 30 April 1997 (1997-04-30), XP002265827 *
LIE D ET AL: "ARCHITECTURAL SUPPORT FOR COPY AND TAMPER RESISTANT SOFTWARE" ASPLOS. PROCEEDINGS. INTERNATIONAL CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS, NEW YORK, NY, US, vol. 34, no. 5, 12 November 2000 (2000-11-12), pages 168-177, XP001018164 *
MENEZES, VANSTONE, OORSCHOT: "Handbook of Applied Cryptography" 1997, CRC PRESS LLC , USA , XP002351019 * page 15 - page 16 * * page 39 - page 41 * *
See also references of WO2005008729A2 *

Also Published As

Publication number Publication date
EP1652217A4 (de) 2009-05-13
WO2005008729A3 (en) 2007-03-15
WO2005008729A2 (en) 2005-01-27

Similar Documents

Publication Publication Date Title
US6931543B1 (en) Programmable logic device with decryption algorithm and decryption key
US6441641B1 (en) Programmable logic device with partial battery backup
US6366117B1 (en) Nonvolatile/battery-backed key in PLD
Lee et al. A low-cost solution for protecting IPs against scan-based side-channel attacks
US7117373B1 (en) Bitstream for configuring a PLD with encrypted design data
US7725788B2 (en) Method and apparatus for secure scan testing
US6981153B1 (en) Programmable logic device with method of preventing readback
Lee et al. Securing scan design using lock and key technique
EP0536943B1 (de) Datensicherheitseinrichtungen für programmierbare logische Halbleiterschaltungen
US7058177B1 (en) Partially encrypted bitstream method
Yang et al. Secure scan: A design-for-test architecture for crypto chips
EP1073021B1 (de) Informationsverarbeitungsvorrichtung, Informationsverarbeitungssystem und -karte
US7036017B2 (en) Microprocessor configuration with encryption
US6965675B1 (en) Structure and method for loading encryption keys through a test access port
US6957340B1 (en) Encryption key for multi-key encryption in programmable logic device
US7117372B1 (en) Programmable logic device with decryption and structure for preventing design relocation
US8433930B1 (en) One-time programmable memories for key storage
US7734043B1 (en) Encryption key obfuscation and storage
US7319758B2 (en) Electronic device with encryption/decryption cells
US9270274B1 (en) FPGA configuration data scrambling using input multiplexers
US20050033961A1 (en) Method and apparatus for scrambling cell content in an integrated circuit
EP1093056B1 (de) Datenprozessor mit Datenverarbeitungseinheit, die eine Ver- und eine Entschlüsselungsvorrichtung enthält
WO2005008729A2 (en) Method and apparatus for scrambling cell content in an integrated circuit
Lin et al. A VLSI implementation of the blowfish encryption/decryption algorithm
US7062659B2 (en) Apparatus for protecting code ROM data in code ROM test

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060127

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR GB IT

PUAK Availability of information related to the publication of the international search report

Free format text: ORIGINAL CODE: 0009015

A4 Supplementary search report drawn up and despatched

Effective date: 20090416

17Q First examination report despatched

Effective date: 20091014

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100225