Scan test is a powerful test technique which can control and observe the internal states of the circuit under test through scan chains. However, it has been reported that it's possible to retrieve secret keys from cryptographic LSIs through scan chains. Therefore new secure test methods are required to satisfy both testability and security requirements. In this paper, a secure scan design is proposed to achieve adequate security requirement as a countermeasure against scan-based attacks, while still maintain high testability like normal scan testing. In our method, the internal scan chain is divided into several sub chains, and the connection order of sub chains can be dynamically changed. In addition, how to decide the connection order of those sub chains so that it can't be identified by an attacker is also proposed in this paper. The proposed method is implemented on an AES circuit to show its effectiveness, and a security analysis is also given to show how the proposed approach can be used as a countermeasure against those known scan-based attacks.