Secure Software/Hardware Hybrid In-Field Testing for System-on-Chip

TL;DR

This paper presents a secure, low-overhead hybrid testing method for System-on-Chip devices that combines hardware and software techniques to enhance security, observability, and fault coverage during in-field testing.

Contribution

It introduces a novel hybrid approach using keyed-hash signatures and processor-based test scheduling to improve security and testing capabilities of SoCs.

Findings

Demonstrates secure signatures with zero aliasing.

Achieves increased DUT availability through software scheduling.

Shows effective system overhead and compaction rates on RISC-V SoC.

Abstract

Modern Systems-on-Chip (SoCs) incorporate built-in self-test (BIST) modules deeply integrated into the device's intellectual property (IP) blocks. Such modules handle hardware faults and defects during device operation. As such, BIST results potentially reveal the internal structure and state of the device under test (DUT) and hence open attack vectors. So-called result compaction can overcome this vulnerability by hiding the BIST chain structure but introduces the issues of aliasing and invalid signatures. Software-BIST provides a flexible solution, that can tackle these issues, but suffers from limited observability and fault coverage. In this paper, we hence introduce a low-overhead software/hardware hybrid approach that overcomes the mentioned limitations. It relies on (a) keyed-hash message authentication code (KMAC) available on the SoC providing device-specific secure and valid signatures with zero aliasing and (b) the SoC processor for test scheduling hence increasing DUT availability. The proposed approach offers both on-chip- and remote-testing capabilities. We showcase a RISC-V-based SoC to demonstrate our approach, discussing system overhead and resulting compaction rates.