Recently, encryption LSIs are embedded in a variety of digital products for security and copyright protection. Most LSIs including encryption LSIs have scan paths for manufacturing tests. However, there is a risk that the secret information is leaked through scan paths. It is necessary to prevent side channel attacks to encryption LSIs. In this paper, we show all the factors for scan-based attacks to encryption LSIs. We propose a countermeasure that encryption LSIs are added to controllability and observability as possible under the condition that encryption LSI does not have all the factors which are necessary for scanbased attacks. We insert various structures of scan paths in DES chips and estimate testability and security of DES chips In addition, we propose the countermeasure against the scan-based attacks, and estimate the countermeasure from the viewpoints of testability and security. We show the trade-off between testability and security for various structures of scan path. The proposed countermeasure can achieve about 98% of high fault efficiency with preventing scan-based attack.