Exploiting JTAG and Its Mitigation in IOT: A Survey

Nowadays, companies are heavily investing in the development of “Internet of Things(IoT)” products. These companies usually and obviously hunt for lucrative business models. Currently, each person owns at least 3–4 devices (such as mobiles, personal computers, Google Assistant, Alexa, etc.) that are connected to the Internet 24/7. However, in the future, there might be hundreds of devices that will be constantly online behind each person, keeping track of body health, banking transactions, status of personal devices, etc. to make one’s life more efficient and streamlined. Thus, it is very crucial that each device should be highly secure since one’s life will become dependent on these devices. However, the current security of IoT devices is mainly focused on resiliency of device. In addition, less complex node devices are easily accessible to the public resulting in higher vulnerability. JTAG is an IEEE standard that has been defined to test proper mounting of components on PCBs (printed circuit boards) and has been extensively used by PCB manufacturers to date. This JTAG interface can be used as a backdoor entry to access and exploit devices, also defined as a physical attack. This attack can be used to make products malfunction, modify data, or, in the worst case, stop working. This paper reviews previous successful JTAG exploitations of well-known devices operating online and also reviews some proposed possible solutions to see how they can affect IoT products in a broader sense.

[1]  L. Bossuet,et al.  JTAG Fault Injection Attack , 2018, IEEE Embedded Systems Letters.

[2]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[3]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[4]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[5]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[6]  R. D. Blanton,et al.  A Learning-Based Approach to Secure JTAG Against Unseen Scan-Based Attacks , 2016, 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[7]  Christopher J. Clark,et al.  Anti-tamper JTAG TAP design enables DRM to JTAG registers and P1687 on-chip instruments , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[8]  Sergey Bratus,et al.  Interrupt-oriented bugdoor programming: a minimalist approach to bugdooring embedded systems firmware , 2014, ACSAC '14.

[9]  Richard Han,et al.  Node Compromise in Sensor Networks: The Need for Secure Systems ; CU-CS-990-05 , 2005 .

[10]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[11]  Lilian Bossuet,et al.  JTAG Combined Attacks , 2015 .

[12]  Ralf-Philipp Weinmann,et al.  Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks , 2012, WOOT.

[13]  P Sathish Kumar,et al.  JTAG Architecture with Multi Level Security , 2012 .

[14]  Juho Kim,et al.  JTAG Security System Based on Credentials , 2010, J. Electron. Test..

[15]  Juan Lopez,et al.  Firmware modification attacks on programmable logic controllers , 2013, Int. J. Crit. Infrastructure Prot..

[16]  Giorgio Di Natale,et al.  Secure JTAG Implementation Using Schnorr Protocol , 2013, J. Electron. Test..

[17]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[18]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[19]  Ronald F. Buskey,et al.  Protected JTAG , 2006, 2006 International Conference on Parallel Processing Workshops (ICPPW'06).

[20]  R. D. Blanton,et al.  Detection of illegitimate access to JTAG via statistical learning in chip , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Stephen Dunlap,et al.  An evaluation of modification attacks on programmable logic controllers , 2014, Int. J. Crit. Infrastructure Prot..

[22]  Eric DeBusschere,et al.  Modern Game Console Exploitation , 2012 .

[23]  Mordechai Guri,et al.  JoKER: Trusted Detection of Kernel Rootkits in Android Devices via JTAG Interface , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.