A hardware fault in a digital logic circuit may negatively affect its function. In particular, this applies to digital logic circuits providing cryptographic functionality, since secure operation may be jeopardized by hardware faults. Therefore, it is desirable that digital logic circuits perform Built-In Self-Tests (BIST) during their life-time. Integrated circuits (IC) with BIST functionality typically incorporate on-chip logic for test generation and test response analysis.
Logic BIST (LBIST), which is used for testing digital logic circuits, typically employs a Pseudo-Random Pattern Generator (PRPG) for generating test patterns which are applied to the circuit-under-test (CUT), and a Multiple Input Signature Register (MISR) for obtaining a compacted response, the so-called signature, of the CUT to these test patterns. An incorrect MISR output indicates a fault in the CUT.
LBIST is typically used in a combination with scan design, which is a design-for-test technique providing a simple way of setting and observing each cell, or storage element, in a digital logic circuit. In scan design, all storage elements of the digital logic circuit are connected into one or more shift registers, called scan chains, by multiplexing their respective inputs to support a scan mode which allows serial loading and unloading of a scan chain's content. For each scan chain, a test pattern is loaded into the chain of storage elements, and the state of every storage element is read out. In normal operational mode, the scan chains do not affect operation of the circuit.
LBIST is commonly managed and controlled by a control unit which either resides on the CUT or on the same circuit board as the CUT. The control unit initiates LBIST by providing test parameters to the PRPG, such as an initialization value and number of test patterns to be generated, based on which the PRPG generates the test patterns which subsequently are applied to the CUT. Then, the test responses received from the CUT are compacted by the MISR into a signature which is compared to an expected signature in order to determine a test result. The test parameters and the expected signature are stored in a memory or hard-wired. Typically, LBIST is performed automatically at power-up and restart, or in response to an external trigger, e.g., if a hardware or software supervising the chip indicates a fault. In addition, LBIST may be initiated by an operator, e.g., for debugging purposes when a faulty chip is sent for repair.
In known LBIST, the same set of test patterns is used every time a test is performed. This is due to the fact that the PRPG always starts from the same initial state, which is determined by the initialization value provided during manufacturing, and accordingly generates the same set of test patterns. Furthermore, the test signature which is obtained by accumulating and compacting the test responses is compared to the same expected signature which is stored or hard-wired in the chip and provided during manufacturing. This opens a door for hardware Trojans, i.e., malicious modifications of circuit elements during the manufacturing process, which do not change the signature created by the MISR. This is possible because the test responses of the CUT are accumulated and compacted into a signature, and the probability that a faulty circuit produces the same signature as the correct circuit is non-zero. The latter is often referred to as “aliasing error”. The feasibility of such an attack was recently demonstrated for Intel's hardware random number generator used in the Ivy Bridge processor, which was considered to be cryptographically secure and which was protected by traditional LBIST (G. T. Becker, F. Regazzoni, C. Paar, and W. P. Burleson, “Stealthy Dopant-Level Hardware Trojans”, in “Cryptographic Hardware and Embedded Systems—CHES 2013”, Lecture Notes in Computer Science, Volume 8086, Springer Berlin Heidelberg, 2013, pages 197-214).