Securing IJTAG against data-integrity attacks

The IEEE Std. 1687 (IJTAG) facilitates access to on-chip instruments in complex system-on-chip designs. However, a major security vulnerability in IJTAG has yet to be addressed. IJTAG supports the integration of tapped and wrapped instruments at the IP provider with hidden test-data registers (TDRs). The instruments with hidden TDRs can manipulate the data that is shifted through them. We propose the addition of shadow test-data registers by the trusted IJTAG integrator to protect the shifted data from illegitimate manipulation by malicious third-party IPs. In addition, we use information-flow tracking to identify the modified bits during the attack and the attacking instruments in an IJTAG network. We present security proofs, simulation results and the overheads associated with these countermeasures for various benchmarks.

[1]  Matteo Sonza Reorda,et al.  A suite of IEEE 1687 benchmark networks , 2016, 2016 IEEE International Test Conference (ITC).

[2]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[3]  Vishwani D. Agrawal,et al.  Securing IEEE 1687-2014 Standard Instrumentation Access by LFSR Key , 2015, 2015 IEEE 24th Asian Test Symposium (ATS).

[4]  Alfred L. Crouch,et al.  Making it harder to unlock an LSIB: Honeytraps and misdirection in a P1687 network , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[5]  Jennifer Dworak,et al.  Echeloned IJTAG data protection , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[6]  Alfred L. Crouch,et al.  Mitigating simple power analysis attacks on LSIB key logic , 2017, 2017 IEEE North Atlantic Test Workshop (NATW).

[7]  Hans-Joachim Wunderlich,et al.  Reconfigurable Scan Networks: Modeling, Verification, and Optimal Pattern Generation , 2015, TODE.

[8]  Hans-Joachim Wunderlich,et al.  Securing Access to Reconfigurable Scan Networks , 2013, 2013 22nd Asian Test Symposium.

[9]  Ryan Kastner,et al.  Leveraging Gate-Level Properties to Identify Hardware Timing Channels , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Jennifer Dworak,et al.  Don't forget to lock your SIB: hiding instruments using P1687 , 2013, 2013 IEEE International Test Conference (ITC).

[12]  K SudeendraKumar,et al.  Securing IEEE 1687 Standard On-chip Instrumentation Access Using PUF , 2016, 2016 IEEE International Symposium on Nanoelectronic and Information Systems (iNIS).

[13]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[14]  Wei Hu,et al.  Detecting Hardware Trojans with Gate-Level Information-Flow Tracking , 2016, Computer.

[15]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.