TY - JOUR
T1 - A Secure JTAG Wrapper for SoC Testing and Debugging
AU - Lee, Kuen Jong
AU - Lu, Zheng Yao
AU - Yeh, Shih Chun
N1 - Funding Information:
This work was supported in part by Qualcomm Inc., through the Taiwan University Research Collaboration Project; and in part by the Ministry of Science and Technology of Taiwan.
Publisher Copyright:
© 2013 IEEE.
PY - 2022
Y1 - 2022
N2 - IEEE Std. 1149.1, also known as the Joint Test Access Group (JTAG) standard, provides excellent controllability and observability for ICs and hence is widely used in IC testing, debugging, failure analysis, or even online chip control/monitoring. Unfortunately, it has also become a backdoor for attackers to manipulate the ICs or grab confidential information from the ICs. One way to address this problem is to disable JTAG pins after manufacturing testing. However this countermeasure prohibits the in-filed testing and debugging capability. Other countermeasures such as authentication and encryption/decryption methods based on specific static keys have also been proposed. However, these approaches may suffer from side-channel or memory attacks that may figure out the specific keys. This paper presents an authentication-based secure JTAG wrapper with a dynamic feature to defend against the attacks mentioned above. We generate different keys for different test data dynamically. Therefore, only legal test data can be updated to the test data registers (TDRs) through JTAG. Furthermore, the attackers will get fake responses if they shift in illegal test data, which makes it extremely difficult to break our proposed method. We can also employ the physical unclonable function (PUF) to distinguish the legal test data for different chips. Experiments on a RISC-V CPU processor called SCR1 show that our proposed method can have an area overhead of only 0.49%.
AB - IEEE Std. 1149.1, also known as the Joint Test Access Group (JTAG) standard, provides excellent controllability and observability for ICs and hence is widely used in IC testing, debugging, failure analysis, or even online chip control/monitoring. Unfortunately, it has also become a backdoor for attackers to manipulate the ICs or grab confidential information from the ICs. One way to address this problem is to disable JTAG pins after manufacturing testing. However this countermeasure prohibits the in-filed testing and debugging capability. Other countermeasures such as authentication and encryption/decryption methods based on specific static keys have also been proposed. However, these approaches may suffer from side-channel or memory attacks that may figure out the specific keys. This paper presents an authentication-based secure JTAG wrapper with a dynamic feature to defend against the attacks mentioned above. We generate different keys for different test data dynamically. Therefore, only legal test data can be updated to the test data registers (TDRs) through JTAG. Furthermore, the attackers will get fake responses if they shift in illegal test data, which makes it extremely difficult to break our proposed method. We can also employ the physical unclonable function (PUF) to distinguish the legal test data for different chips. Experiments on a RISC-V CPU processor called SCR1 show that our proposed method can have an area overhead of only 0.49%.
UR - http://www.scopus.com/inward/record.url?scp=85127779166&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127779166&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2022.3164712
DO - 10.1109/ACCESS.2022.3164712
M3 - Article
AN - SCOPUS:85127779166
VL - 10
SP - 37603
EP - 37612
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
ER -