Proceedings of the Fifth International Conference on Computing Methodologies and Communication (ICCMC 2021)
IEEE Xplore Part Number: CFP21K25-ART
Secured Test Pattern Generators for BIST
P. Shanmukha Naga Naidu, B. Naga Sumanth, Pavan Sri Ram Koduri, M . Sri Ram Teja, Geethu Remadevi
Somanathan, Ramesh Bhakthavatchalu
Department of Electronics and Communication, Amrita Vishwa Vidyapeetham, Amritapuri, India;
e-mail: shanmukhanaganaidu@gmail.com, sumanthnaga386@gmail.com, pavansriram.psr@gmail.com,
2021 5th International Conference on Computing Methodologies and Communication (ICCMC) | 978-1-6654-0360-3/20/$31.00 ©2021 IEEE | DOI: 10.1109/ICCMC51019.2021.9418431
madirisriramteja@gmail.com geethurs@am.amrita.edu, rameshb@am.amrita.edu
Abstract— With the development in IC technology, testing the
designs is becoming more and more complex. In the design,
process testing consumes 60-80% of the time. The basic testing
principle is providing the circuit under test (CUT) with input
patterns, observing output responses, and comparing against the
desired response called the golden response. As the density of the
device are rising leads to difficulty in examining the sub-circuit of
the chip. S o, testing of design is becoming a time-consuming and
costly process. Attaching additional logic to the circuit resolves
the issue by testing itself. BIS T is a relatively a design for
testability technique to facilitate thorough testing of ICs and it
comprises the test pattern generator, circuit under test, and
output response analyzer. Quick diagnosis and very high fault
coverage can be ensured by BIS T. As complexity in the circuit is
increasing, testing urges TPGs (Test Pattern Generators) to
generate the test patterns for the CUT to sensitize the faults.
TPGs are vulnerable to malicious activities such as scan-based
side-channel attacks. S ecret data saved on the chip can be
extracted by an attacker by scanning out the test outcomes. These
threats lead to the emergence of securing TPGs. This work
demonstrates providing a secured test pattern generator for
BIS T circuits by locking the logic of TPG with a password or key
generated by the key generation circuit. Only when the key is
provided test patterns are generated. This provides versatile
protection to TPG from malicious attacks such as scan-based
side-channel attacks, Intellectual Property (IP) privacy, and IC
overproduction.
Keywords— —Hardware security, Logic locking, TPG,
BIS T, Reverse engineering, Overproduction
I. INTRODUCTION
During the technological revolution, VLSI played an
important role. On the one hand, as the complexity of design
and chip design costs increase, most design companies will
invite third parties to participate in the manufacturing
process to reduce assembly costs [5]. Assembling these
intricate chips require progressed fabrication technology.
The huge expense of setting up and keeping up such a
fabrication lab (cost of claiming a foundry is about $5 billion
is the fundamental obstruction for little design houses to
possess an in-house foundry. Be that as it may, globalization
in the Integrated Circuit business has encouraged IC
designers to re-appropriate the creation of their plans to
seaward foundries [1]. Even though this pattern essentially
reduces down the expense, simultaneously, it has likewise
opened the secondary passage for a few security weaknesses
like Intellectual Property (IP) robbery, reverse engineering,
counterfeiting, insertion of Trojans, overbuilding. The
availability of the design file to the outsider foundry staff
uncovered the IP of a plan [2]. A dishonest client in the
foundry may reverse engineer the design and guarantee the
responsibility for IP. Overproduction and selling the
overabundance ICs is another conceivable pattern of taking
over a design. These sorts of design burglaries cost the
semiconductor business a deficiency of a few billions of
orized licensed use limited to: AMRITA VISHWA VIDYAPEETHAM AMRITA SCHOOL OF ENGINEERING. Downloaded on December 08,2021 at 10:45:15 UTC from IEEE Xplore. Restrictions a
dollars, consistently. To withs tand these security dangers,
DFS - Design-for-Security has arisen to be a consolidated
part of IC design [7].
Logic encryption is a mainstream countermeasure
to confine IP robbery and unlawful overproduction by the
foundry. Utilizing logic encryption, a designer can present
some repetitive key-gates into a circuit to disguise its
usefulness from an outsider foundry [13]. The right
usefulness of an encrypted IC relies upon the use of the right
keys to the key-gates. The manufactured IC is enacted by
applying the mystery keys. These mystery keys are put away
in a carefully designed memory inside the chip [16]. 8
Inaccessibility of the right keys represses an unapproved
client from figuring out the design document and asserting
the responsibility of the design. Illicitly overproduced ICs
can't be vended in the market as these don't display the right
functionality until they are enacted with the specific keys
[3]. The goal is to change the behavior of ICs so that they
will not produce unexpected output unless they are activated
correctly using the appropriate keys. Furthermore, an
unauthorized user must not be ready to easily retrieve the
key. Works were done in hardware security to thwart the
threats that are
1. Combinational logic obfuscation: conceals the
functionality by adding additional gates (xor, xnor) called
key gates to the original design [9].
2. IC camouflaging: is a layout technique that disrupts
attackers from reverse engineering by introducing dummy
contacts or look-alike structure cells used to design logic
gates [14].
II. LITERATURE REVIEW
Reverse Engineering is the process that examines
tests, acknowledges, and assesses the functional behavior
and design of a system. It can be defined as the
manufacturing of a high-level representation of an executed
system to facilitate one’s apprehension of the system. This
manufacturing process is algorithmic and uses the approach
of generating descriptions at top levels of abstraction. In the
case of integrated circuits (IC’s), each stage comprises
recognizing sets of parts that constitute an abstract function
and then recasting them in terms of the specified abstractions
[7][9]. Designers in general use reverse engineering to
decide the system’s output functions, specifications , and
other attributes from an existing implementation. 9 In the
case of the Software industry, reverse engineering indicates
to update and reuse the specifications of the programs that
have been lost.
Overproduction: Many system-on-design
companies had to outsource their manufacturing to offshore
factories due to the restrictive costs of semiconductor
production. A mistrustful factory can produce and sell
542
 additional chips for profit. Due to this overproduction, the sim software. This can be considered as case 1.
designer might suffer a loss of revenue and also may have
security implications in the case of some designs. Over the
years, researchers presented various design obfuscation
techniques by altering the functionality to avoid unapproved
overproduction of chips [19].
Mentor Graphics Model Sim Simulator is a source-level
verification tool, which can be used for the simulation of
hardware description languages such as Verilog, System
verilog and VHDL [5]. It can be used to perform simulations
at all different levels including structural, behavioral, and
back annotated[21]. ModelSim is an easy-to-use UI, which
enables users to identify and debug errors. Once an error is
detected, it enables the user to edit, compile and re-stimulate
again using the simulator. It also supports Micro semi-FPGA
libraries [20].

III. PROPOS ED IMPLEMENTATION FLOW

The above implementation flow provides the whole

overview of the work including designing of TPGs and
modifying according to the security needed to secure.
Firstly, to provide security, DUS (design under security)
needs to be designed. In this work, the DUS is testing
pattern generators that are counter and linear feedback shift
registers (LFSR) of various bits. Usually securing TPGs is
crucial in built-in self-test (BIST) circuits to protect them
from scan-based attacks. TPGs have the vulnerability to
observability and controllability attacks by using scan
chains. So, providing security to TPGs plays a key role
while designing the chips.
The first step in the implementation flow of the work
is designing TPGs. In model sim design of the circuit is
described with Verilog as HDL language. After des igning
those are simulated and verified its functionality against
different inputs. When it comes to 12 securing these TPGs,
these designs are modified in such a way that when a precise
key is provided i.e., 001 in this work, the circuit generates
the test patterns else if the wrong key is provided it remains
in the preset state i.e., all 1’s state in case of LFSR and in
reset state i.e., all 0’s state if it is counter. But why in only
these two states? Because here is how securing TPGs is
different from securing the general circuit. If DUS generates
random outputs by providing of the wrong key then those
outputs can also be used as test patterns to test a particular
circuit which in turn will be vulnerable to observability and
controllability attacks. So, to stop the generation of random
test patterns when the wrong key is fed, the output is limited
to reset and preset states. Key generation circuit i.e., the 3-
bit counter is used to generate different keys at specific
intervals of time (ns). When the 001 state is generated by the
key generation circuit, TPGs generate the test patterns
required for the testing circuit. The remaining states of the
key generator output of DUS remain in either reset or preset
states. This above-mentioned process is performed in model
Fig. 1. Implementation Flow
Further after providing security to the design, it must
be synthesizable so that the provided security will be power-
optimized and met timing constraints without area overhead.
The process of analyzing provided security as follows.
Firstly, Vivado software requires design entry. v files and
followed by RTL analysis, synthesis, and implementation.
After the design entry is simulated and verified, RTL
(Register Transfer Level) analysis provides schematics of
the entry design consists of a flow of data between different
logic components and its interconnects by creating the high-
level representation of the design. Run synthesis of the
verified design provides utilization report which states the
number of LUTs (Look Up Tables), FF (Flip Flops), IO
(Inputs Outputs) utilized of available number. Synthesis
concludes if excess of logical components is used or not. It
is responsible for logic optimization. Final stage in security
analysis is Run Implementation providing power reports and
timing constraints such as WHS (Worst Hold Slack) and
WNS (Worst Negative Slack). This step in vivado gives
conclusion of power usage that is about static power and
dynamic power and of timing constraints which in turn
concludes delay in circuit

543

orized licensed use limited to: AMRITA VISHWA VIDYAPEETHAM AMRITA SCHOOL OF ENGINEERING. Downloaded on December 08,2021 at 10:45:15 UTC from IEEE Xplore. Restrictions a
 No of bits Static Power(mw) Dynamic
Power(mw)
IV. RESULTS AND DISCUSSIONS
4 0.09 0.4036
5 0.09 0.4071
6 0.09 0.4113
From table 1 and 2 it is concluded that the provided 7 0.09 0.4214
security is efficient without any area overhead. Number of flip
8 0.09 0.4139
flops required for each DUS is equal to sum of number flip
flops used in key generation circuit and used to implement the
Table 3: Power report of LFS R
TPG. As per table analysis the number of flip flops in DUS
satisfied with above equation of flip flops resulting in
conclusion of area issue. Number of Static Power (mw) Dynamic
bits Power (mw)
4 0.09 0.3997
Performance 4 bit 5 bit 6 bit 7 bit 8 bit 5 0.09 0.4012
no of states 15 31 63 127 255 6 0.09 0.4057
generated
7 0.09 0.4068
Number of 3 3 3 3 3
Key Bits 8 0.09 0.4094
Time to 150ns- 310ns- 630ns- 1270ns- 2550ns- Table 4:Power report of Counter
Complete all 300ns 620ns 1260 2540ns 5100ns
states ns
Table 3 and 4 provides static and dynamic power
Clock period 10ns 10ns 10ns 10ns 10ns values that are used to analyze power utilized by the circuit
Key_clk 150ns 310ns 630ns 1270ns 2550 ns during standby mode and working mode. Constrains in the
period dynamic power report are signals consuming power, logic
Flip Flops 7 8 9 10 11 power and I/O power. From the tables it can analyze that
XOR Gates 1 1 1 1 3 static power is less than dynamic power concludes leakage
LUT 4 4 5 5 7 of power is negligible in the proposed security of TPG. As
IO 10 11 12 13 14 due to the variation in the number of bits of implemented
TPGs, interconnects increase leading to increase in power
Table 1: S imulation and synthesis entries of LFS Rs consumption by I/O. In case of LFSRs there are increment
and decrement of logic components such as XOR gates
based on the length of input of LFSR, this results in the
irregularity in dynamic power values of LFSR TPG.
Performance 4 bit 5 bit 6 bit 7 bit 8 bit Considering counters there is regularity in logic components
no of states 16 32 64 128 256 variation resulting in regularity of dynamic power values.
generated
Number of 3 3 3 3 3
Key Bits
Time to No of bits WNS WHS
160ns- 320ns- 640ns- 1280ns- 2560ns-
Complete all 320ns 640ns 1280ns 2560ns 5120ns 4 6.682 0.21
states 5 6.636 0.214
Clock period 10ns 10ns 10ns 10ns 10ns 6 6.794 0.13
Key_clk 160ns 320ns 640ns 1280ns 2560ns 7 6.429 0.213
period 8 6.434 0.179
Flip Flops 7 8 9 10 11
XOR Gates 6 6 8 8 10 Table 5: Timing report of LFS R
LUT 10 11 12 13 14
IO 4 bit 5 bit 6 bit 7 bit 8 bit No of bits WNS WHS
4 7.555 0.137
Table 2: S imulation and synthesis entries of COUNTER’s 5 7.114 0.158
6 7.186 0.15
7 6.549 0.153
8 6.335 0.135

Table 6: Timing report of Counter

544

orized licensed use limited to: AMRITA VISHWA VIDYAPEETHAM AMRITA SCHOOL OF ENGINEERING. Downloaded on December 08,2021 at 10:45:15 UTC from IEEE Xplore. Restrictions a
 Fig 2: RTL schematics of 8 bit LFS R

Fig 3: .RTL schematics of 8 bit counter

After run implementation, timing constraints reports
gives a detailed analysis of design. This timing analysis
includes verifying that all paths in design met timing
requirements, analyzing setup and hold constraints, verifying
if operational frequency is within the performance limit,
verifying whether any critical path left unconstrained or not.
WNS is Worst Negative referring to setup time and WHS is
Worst Hold Slack referring to hold time where Slack = Data
Required Time - Data Arrival Time. From tabular values of
LFSRs and counters it can be seen that WNS and WHS are
positive which means that slack is positive that is data
arrival time is greater than data required time leading to
delay less circuit. So designed DUS is performing without
any delay resulting in the secured TPGs without overheads.
Securing TPGs met the timing paths of the circuit.
V. CONCLUSION AND FUTURE WORK
In this paper, we have proposed a security methodology which
secures test pattern generators(TPGS) from hardware threats.
Irrespective of adding extra design for key generation the
static power is less than dynamic power in turn avoiding
leakage during standby mode. As the key length increases
bruce force attack for finding correct key will be difficult and
would take years. The proposed strategy has also met timing
path with concluding in it.
Future work will be focused on designing the proposed
work in mentor grphics HDL Designer. More number of Test
Patterns Generators would be taken and these TPG’s would be
provided with security and analysis would be d one with
optimizing area and power consumption.
VI. REFERENCES
[1] P. S. Dilip, G. R. Somanathan, and R. Bhakthavatchalu, “Reseeding LFSR
for test pattern generation,” in Proceedings [5] of the 2019 IEEE International
Conference on Communication and Signal Processing, ICCSP 2019, 2019, pp.
921–925.
[2] T sai, F. Liu and J. Feng, "A Dominant Gate Insertion Algorithm
Implementation for Logic Locking in IP Protection," 2019 IEEE International
Conference on Electron Devices and Solid-State Circuits Circuits (EDSSC),
Xi'an, China, 2019, pp. 1-3, doi: 10.1109/EDSSC.2019.8754092.
[3] Essentials of Electronic Testing for Digital, Memory and Mixed-Signal
VLSI Circuits.

545

orized licensed use limited to: AMRITA VISHWA VIDYAPEETHAM AMRITA SCHOOL OF ENGINEERING. Downloaded on December 08,2021 at 10:45:15 UTC from IEEE Xplore. Restrictions a
 [4] A.Mehta, D. Saif and R. Rashidzadeh, "A hardware security solution 2019 9th International Symposium on Embedded Computing and System
against scanbased attacks," 2016 IEEE International Symposium on [8] Design (ISED), Kollam, India, 2019, pp. 1-4, doi:
Circuits and Systems (ISCAS), Montreal, QC, 2016, pp. 1698 -1701, doi: 10.1109/ISED48680.2019.9096234.
10.1109/ISCAS.2016.7538894.
[5] T .T hangam, G. Gayat hri and T . Madhubala, "A novel logic locking
technique for hardware security," 2017 IEEE International Conference [3] on
Electrical, Instrumentation and Communication Engineering (ICEICE), Karur,
2017, pp. 1-7, doi: 10.1109/ICEICE.2017.8192439.
[6] R.U. Rani, D. Jayanthi, N. A. Vignesh and K. Kavitha, "Key-Based
Functional Obfuscation of Integrated Circuits for a Hardware Security," 2019
2nd International Conference on Intelligent Computing, Instrumentation and
Control Technologies (ICICICT), Kannur,Kerala, India, 2019, pp. 733-737,
doi: 10.1109/ICICICT 46008.2019.8993122. 23
[7] Y. Liu, M. Zuzak, Y. Xie, A. Chakraborty and A. Srivastava, "Strong
Anti-SAT : Secure and Effective Logic Locking," 2020 21st International
Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA,
2020, pp. 199-205, doi: 10.1109/ISQED48828.2020.9136983.
[8] R. Karmakar, N. Prasad, S. Chattopadhyay, R. Kapur, and I. Sengupta, “A
new logic encryption strategy ensuring key interdependency,” in VLSID.
IEEE, 2017, pp. 429–434.
[9] “ Trends in the global ic design service market,” DIGIT IMES Research.
[Online]. Available: http://www.digitimes.com/news/a20120313RS400.
html?chid=2
[10] M. Rostami, F. Koushanfar, and R. Karri, “A primer on hardware
security: Models, methods, and metrics,” Proceedings of the IEEE, vol. 102,
no. 8, pp. 1283– 1295, 2014.
[11] J. A. Roy, F. Koushanfar, and I. L. Markov, “Epic: Ending piracy of
integrated circuits,” in DAT E, 2008, pp. 1069–1074.
[12] “ Innovation is at risk: Losses of up to $4 billion annually due t o ip
infringement,” SEMI. [Online]. Available: http://semi.org/en/ innovation-risk-
losses4-billion-annually-due-ip-infringement
[13] R. S. Chakraborty and S. Bhunia, “Harpoon: an obfuscation -based soc
design methodology for hardware protect ion,” IEEE T ran. on CAD of
Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493–1502, 2009.
[14] J. Zhang, "A Practical Logic Obfuscation T echnique for Hardware
Security," in IEEE T ransactions on Very Large Scale Integration (VLSI)
Systems, vol. 24, no. 3, pp. 1193-1197, March 2016, doi:
10.1109/T VLSI.2015.2437996.
[15] M. Doulcier, M. -. Flottes and B. Rouzeyre, "AES-Based BIST : Self-
T est, Test Pattern Generation and Signature Analysis," 4th IEEE International
Symposium on Electronic Design, T est and Applications (delta 2008), Hong
Kong, 2008, pp. 314- 321, doi: 10.1109/DELT A.2008.86.
[16] Y. Jin, "Design-for-Security vs. Design-for-Testability: A Case Study on
DFT Chain in Cryptographic Circuits," 2014 IEEE Computer Society Annual
Symposium on VLSI, T ampa, FL, 2014, pp. 19-24, doi:
10.1109/ISVLSI.2014.54.
[17] E. T an, W. Qian and Y. Li, "An improved pattern generation for Built -in
Selftest design based on boundary-scan reseeding," 2009 International
Conference on Communications, Circuits and Systems, Milpitas, CA, 2009,
pp. 1082-1086, doi: 10.1109/ICCCAS.2009.5250336.
[18] J. Rajendran, Y. Pino, O. Sinanoglu and R. Karri, "Security analysis of
logic obfuscation," DAC Design Automation Conference 2012, San
Francisco, CA, 2012, pp. 83-89, doi: 10.1145/2228360.2228377.
[19] Y. Liu, M. Zuzak, Y. Xie, A. Chakraborty and A. Srivastava, "St rong
Anti-SAT : Secure and Effective Logic Locking," 2020 21st International
Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA,
2020, pp. 199-205, doi: 10.1109/ISQED48828.2020.9136983.
[20]. S. S. S. G. Seeram, S. N. N. Polireddi, G. R. Somanathan and R.
Bhakthavatchalu, "Synthesis of Synchronous Gray Code Counters by
Combining Mentor Graphics HDL Designer and Xilinx VIVADO FPGA
Flow," 2020 International Conference on Communication and Signal
Processing (ICCSP), Chennai, India, 2020, pp. 738-742, doi:
10.1109/ICCSP48568.2020.9182333
[21]. B. N. Sumanth, B. L. Reddy, G. R. Somanathan and Ramesh, "A
Proposal for Synthesis of Synchronous Counters," 2020 4th International
Conference on Trends in Electronics and Informatics (ICOEI)(48184),
T irunelveli, India, 2020, pp. 80-84, doi: 10.1109/ICOEI48184.2020.9142898.
[22] P. S. Dilip, G. R. Somanathan and R. Bhakthavatchalu, "Comparat ive
Study of T est Pattern Generation Systems to Reduce T est Application T ime,"

546

orized licensed use limited to: AMRITA VISHWA VIDYAPEETHAM AMRITA SCHOOL OF ENGINEERING. Downloaded on December 08,2021 at 10:45:15 UTC from IEEE Xplore. Restrictions a