A Secure JTAG Wrapper for SoC Testing and Debugging
IEEE Std. 1149.1, also known as the Joint Test Access Group (JTAG) standard, provides excellent controllability and observability for ICs and hence is widely used in IC testing, debugging, failure analysis, or even online chip control/monitoring. Unfortunately, it has also become a backdoor for atta...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9749066/ |
| _version_ | 1818272636860366848 |
|---|---|
| author | Kuen-Jong Lee Zheng-Yao Lu Shih-Chun Yeh |
| author_facet | Kuen-Jong Lee Zheng-Yao Lu Shih-Chun Yeh |
| author_sort | Kuen-Jong Lee |
| collection | DOAJ |
| description | IEEE Std. 1149.1, also known as the Joint Test Access Group (JTAG) standard, provides excellent controllability and observability for ICs and hence is widely used in IC testing, debugging, failure analysis, or even online chip control/monitoring. Unfortunately, it has also become a backdoor for attackers to manipulate the ICs or grab confidential information from the ICs. One way to address this problem is to disable JTAG pins after manufacturing testing. However this countermeasure prohibits the in-filed testing and debugging capability. Other countermeasures such as authentication and encryption/decryption methods based on specific static keys have also been proposed. However, these approaches may suffer from side-channel or memory attacks that may figure out the specific keys. This paper presents an authentication-based secure JTAG wrapper with a dynamic feature to defend against the attacks mentioned above. We generate different keys for different test data dynamically. Therefore, only legal test data can be updated to the test data registers (TDRs) through JTAG. Furthermore, the attackers will get fake responses if they shift in illegal test data, which makes it extremely difficult to break our proposed method. We can also employ the physical unclonable function (PUF) to distinguish the legal test data for different chips. Experiments on a RISC-V CPU processor called SCR1 show that our proposed method can have an area overhead of only 0.49%. |
| first_indexed | 2024-12-12T21:45:13Z |
| format | Article |
| id | doaj.art-5dfccd6a3679468985da674a6785df8d |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-12T21:45:13Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-5dfccd6a3679468985da674a6785df8d2022-12-22T00:10:55ZengIEEEIEEE Access2169-35362022-01-0110376033761210.1109/ACCESS.2022.31647129749066A Secure JTAG Wrapper for SoC Testing and DebuggingKuen-Jong Lee0https://orcid.org/0000-0002-6690-0074Zheng-Yao Lu1Shih-Chun Yeh2https://orcid.org/0000-0001-9608-6547Department of Electrical Engineering, National Cheng Kung University, Tainan, TaiwanDepartment of Silicon Product Development, MediaTek Inc., Hsinchu, TaiwanDepartment of Electrical Engineering, National Cheng Kung University, Tainan, TaiwanIEEE Std. 1149.1, also known as the Joint Test Access Group (JTAG) standard, provides excellent controllability and observability for ICs and hence is widely used in IC testing, debugging, failure analysis, or even online chip control/monitoring. Unfortunately, it has also become a backdoor for attackers to manipulate the ICs or grab confidential information from the ICs. One way to address this problem is to disable JTAG pins after manufacturing testing. However this countermeasure prohibits the in-filed testing and debugging capability. Other countermeasures such as authentication and encryption/decryption methods based on specific static keys have also been proposed. However, these approaches may suffer from side-channel or memory attacks that may figure out the specific keys. This paper presents an authentication-based secure JTAG wrapper with a dynamic feature to defend against the attacks mentioned above. We generate different keys for different test data dynamically. Therefore, only legal test data can be updated to the test data registers (TDRs) through JTAG. Furthermore, the attackers will get fake responses if they shift in illegal test data, which makes it extremely difficult to break our proposed method. We can also employ the physical unclonable function (PUF) to distinguish the legal test data for different chips. Experiments on a RISC-V CPU processor called SCR1 show that our proposed method can have an area overhead of only 0.49%.https://ieeexplore.ieee.org/document/9749066/Hardware securityIEEE test standard securityJTAG securitymemory attacksecure JTAG wrapperphysical unclonable function (PUF) |
| spellingShingle | Kuen-Jong Lee Zheng-Yao Lu Shih-Chun Yeh A Secure JTAG Wrapper for SoC Testing and Debugging IEEE Access Hardware security IEEE test standard security JTAG security memory attack secure JTAG wrapper physical unclonable function (PUF) |
| title | A Secure JTAG Wrapper for SoC Testing and Debugging |
| title_full | A Secure JTAG Wrapper for SoC Testing and Debugging |
| title_fullStr | A Secure JTAG Wrapper for SoC Testing and Debugging |
| title_full_unstemmed | A Secure JTAG Wrapper for SoC Testing and Debugging |
| title_short | A Secure JTAG Wrapper for SoC Testing and Debugging |
| title_sort | secure jtag wrapper for soc testing and debugging |
| topic | Hardware security IEEE test standard security JTAG security memory attack secure JTAG wrapper physical unclonable function (PUF) |
| url | https://ieeexplore.ieee.org/document/9749066/ |
| work_keys_str_mv | AT kuenjonglee asecurejtagwrapperforsoctestinganddebugging AT zhengyaolu asecurejtagwrapperforsoctestinganddebugging AT shihchunyeh asecurejtagwrapperforsoctestinganddebugging AT kuenjonglee securejtagwrapperforsoctestinganddebugging AT zhengyaolu securejtagwrapperforsoctestinganddebugging AT shihchunyeh securejtagwrapperforsoctestinganddebugging |