Access Port Protection for Reconfigurable Scan Networks

Scan infrastructures based on IEEE Std. 1149.1 (JTAG), 1500 (SECT), and P1687 (IJTAG) provide a cost-effective access mechanism for test, reconfiguration, and debugging purposes. The improved accessibility of on-chip instruments, however, poses a serious threat to system safety and security. While state-of-the-art protection methods for scan architectures compliant with JTAG and SECT are very effective, most of these techniques face scalability issues in reconfigurable scan networks allowed by the upcoming IJTAG standard. This paper describes a scalable solution for multi-level access management in reconfigurable scan networks. The access to protected instruments is restricted locally at the interface to the network. The access restriction is realized by a sequence filter that allows only a precomputed set of scan-in access sequences. This approach does not require any modification of the scan architecture and causes no access time penalty. Therefore, it is well suited for core-based designs with hard macros and 3D integrated circuits. Experimental results for complex reconfigurable scan networks show that the area overhead depends primarily on the number of allowed accesses, and is marginal even if this number exceeds the count of registers in the network.

[1]  Chien-Mo James Li,et al.  A Secure Test Wrapper Design Against Internal and Boundary Scan Attacks for Embedded Cores , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Jennifer Dworak,et al.  Don't forget to lock your SIB: hiding instruments using P1687 , 2013, 2013 IEEE International Test Conference (ITC).

[3]  Jeff Rearick,et al.  A Case Study of Using IEEE P1687 (IJTAG) for High-Speed Serial I/O Characterization and Testing , 2006, 2006 IEEE International Test Conference.

[4]  Hans-Joachim Wunderlich,et al.  Modeling, verification and pattern generation for reconfigurable scan networks , 2012, 2012 IEEE International Test Conference.

[5]  Bernard Courtois,et al.  A generalized theory of fail-safe systems , 1989, [1989] The Nineteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[6]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[7]  Mark Mohammad Tehranipoor,et al.  Securing Designs against Scan-Based Side-Channel Attacks , 2007, IEEE Transactions on Dependable and Secure Computing.

[8]  Juho Kim,et al.  Debug Port Protection Mechanism for Secure Embedded Devices , 2012 .

[9]  Mark Mohammad Tehranipoor,et al.  A low-cost solution for protecting IPs against scan-based side-channel attacks , 2006, 24th IEEE VLSI Test Symposium.

[10]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[11]  Neal Stollon On-Chip Instrumentation: Design and Debug for Systems on Chip , 2010 .

[12]  Hans-Joachim Wunderlich,et al.  Securing Access to Reconfigurable Scan Networks , 2013, 2013 22nd Asian Test Symposium.

[13]  Spyros Tragoudas,et al.  Enhanced Secure Architecture for Joint Action Test Group Systems , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[14]  Bruno Allard,et al.  Review of fuse and antifuse solutions for advanced standard CMOS technologies , 2009, Microelectronics Journal.

[15]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[16]  Ben Bennetts,et al.  New Techniques for Accessing Embedded Instrumentation: IEEE P1687 (IJTAG) , 2006, Eleventh IEEE European Test Symposium (ETS'06).

[17]  Hans-Joachim Wunderlich,et al.  Scan pattern retargeting and merging with reduced access time , 2013, 2013 18th IEEE European Test Symposium (ETS).

[18]  Ronald F. Buskey,et al.  Protected JTAG , 2006, 2006 International Conference on Parallel Processing Workshops (ICPPW'06).

[19]  Adam W Ley Doing more with less - An IEEE 1149.7 embedded tutorial : Standard for reduced-pin and enhanced-functionality test access port and boundary-scan architecture , 2009, 2009 International Test Conference.

[20]  Giorgio Di Natale,et al.  Test Versus Security: Past and Present , 2014, IEEE Transactions on Emerging Topics in Computing.

[21]  M. Renovell,et al.  Scan design and secure chip [secure IC testing] , 2004, Proceedings. 10th IEEE International On-Line Testing Symposium.

[22]  Neal Stollon On-Chip Instrumentation , 2011 .

[23]  Erik Jan Marinissen,et al.  A set of benchmarks for modular testing of SOCs , 2002, Proceedings. International Test Conference.

[24]  Rafal Baranowski,et al.  Reconfigurable scan networks: formal verification, access optimization, and protection , 2014 .

[25]  Farrokh Ghani Zadegan,et al.  Access Time Analysis for IEEE P1687 , 2012, IEEE Transactions on Computers.

[26]  Christopher J. Clark,et al.  Anti-tamper JTAG TAP design enables DRM to JTAG registers and P1687 on-chip instruments , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[27]  Michel Renovell,et al.  Scan Design and Secure Chip , 2004, IOLTS.

[28]  Jeff Rearick,et al.  IJTAG (internal JTAG): a step toward a DFT standard , 2005, IEEE International Conference on Test, 2005..

[29]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[30]  Farrokh Ghani Zadegan,et al.  Accessing Embedded DfT Instruments with IEEE P1687 , 2012, 2012 IEEE 21st Asian Test Symposium.

[31]  Ramesh Karri,et al.  Security-aware SoC test access mechanisms , 2011, 29th VLSI Test Symposium.

[32]  Juho Kim,et al.  JTAG Security System Based on Credentials , 2010, J. Electron. Test..

[33]  Giorgio Di Natale,et al.  Secure JTAG Implementation Using Schnorr Protocol , 2013, J. Electron. Test..

[34]  Miron Abramovici,et al.  In-System Silicon Validation and Debug , 2008, IEEE Design & Test of Computers.