Testing and reliability enhancement of security primitives: Methodology and experimental validation

The test of security primitives is particularly strategic as any bias coming from the implementation or environment can wreak havoc on the security it is intended to provide. This paper presents how some security properties are tested on hardware security primitives including True Random Number Generation (TRNG), Physically Unclonable Function (PUF), and cryptographic modules. Moreover, we discuss how the sensors embedded to protect cryptographic modules against fault injection attacks should be calibrated over time to fulfill the requirement it was designed for. The testing we discuss in this paper is different from the conventional testing where we consider a fault model and generate test patterns via an ATPG to detect such faults. The test of TRNG and PUF to ensure a high level of security is mainly about the entropy assessment, which requires specific statistical tests. The security against side-channel analysis (SCA) of cryptographic primitives, like the substitution box in symmetric cryptography, is generally ensured by masking. However, the hardware implementation of masking can be damaged by glitches, which create leakages on sensitive variables. Accordingly, a test method is to search for nets of the cryptographic netlist, which are vulnerable to glitches. Finally, the Digital Sensor (DS) is an efficient primitive to detect disturbances and raise alarms in the case of fault injection attack (FIA). The dimensioning of this primitive requires a precise test to take into account the environmental variations including aging.