Journal of Electronic Testing

, Volume 30, Issue 6, pp 711–723 | Cite as

Access Port Protection for Reconfigurable Scan Networks

  • Rafal Baranowski
  • Michael A. Kochte
  • Hans-Joachim Wunderlich
Article
First Online:
Received:
Accepted:

Abstract

Scan infrastructures based on IEEE Std. 1149.1 (JTAG), 1500 (SECT), and P1687 (IJTAG) provide a cost-effective access mechanism for test, reconfiguration, and debugging purposes. The improved accessibility of on-chip instruments, however, poses a serious threat to system safety and security. While state-of-the-art protection methods for scan architectures compliant with JTAG and SECT are very effective, most of these techniques face scalability issues in reconfigurable scan networks allowed by the upcoming IJTAG standard. This paper describes a scalable solution for multi-level access management in reconfigurable scan networks. The access to protected instruments is restricted locally at the interface to the network. The access restriction is realized by a sequence filter that allows only a precomputed set of scan-in access sequences. This approach does not require any modification of the scan architecture and causes no access time penalty. Therefore, it is well suited for core-based designs with hard macros and 3D integrated circuits. Experimental results for complex reconfigurable scan networks show that the area overhead depends primarily on the number of allowed accesses, and is marginal even if this number exceeds the count of registers in the network.

Keywords

Debug and diagnosis Reconfigurable scan network IJTAG IEEE P1687 Secure DFT Hardware security 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Abramovici M (2008) In-system silicon validation and debug. IEEE Design & Test Comput 25(3):216–223CrossRefGoogle Scholar
  2. 2.
    Agarwal K (2011) Secure scan design. Us Patent App. 7:966– 535Google Scholar
  3. 3.
    Baranowski R (2014) Reconfigurable scan networks: formal verification, access optimization and protection. University of Stuttgart, PhD thesis. http://elib.uni-stuttgart.de/opus/volltexte/2014/8982 Google Scholar
  4. 4.
    Baranowski R, Kochte MA, Wunderlich HJ (2012) Modeling, verification and pattern generation for reconfigurable scan networks. In: Proceedings of IEEE International Test Conference (ITC), paper 8.2Google Scholar
  5. 5.
    Baranowski R, Kochte MA, Wunderlich HJ (2013) Scan pattern retargeting and merging with reduced access time. In: Proceedings of IEEE European Test Symposium (ETS), pp 39–45Google Scholar
  6. 6.
    Baranowski R, Kochte MA, Wunderlich HJ (2013) Securing access to reconfigurable scan networks. In: Proceedings of IEEE Asian Test Symposium (ATS), pp 295–300Google Scholar
  7. 7.
    Buskey R, Frosik B (2006) Protected JTAG. In: Proceedings of IEEE International Conference on Parallel Processing Workshops (ICCPW), pp 405–414Google Scholar
  8. 8.
    Chiu GM, Li JM (2012) A secure test wrapper design against internal and boundary scan attacks for embedded cores. IEEE Trans on Very Large Scale Integration (VLSI) Systems 20 (1):126–134CrossRefGoogle Scholar
  9. 9.
    Clark C (2010) Anti-Tamper JTAG TAP design enables DRM to JTAG registers and P1687 On-Chip instruments. In: Proceedings of IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 19–24Google Scholar
  10. 10.
    Da Rolt J, Das A, Di Natale G, Flottes ML, Rouzeyre B, Verbauwhede I (2014) Test versus security: past and present. To appear in: IEEE Trans on Emerging Topics in ComputingGoogle Scholar
  11. 11.
    Das A, Rolt J, Ghosh S, Seys S, Dupuis S, Natale G, Flottes ML, Rouzeyre B, Verbauwhede I (2013) Secure JTAG implementation using schnorr protocol. J Electron Test (JETTA) 29(2):193–209CrossRefGoogle Scholar
  12. 12.
    Dworak J, Crouch A, Potter J, Zygmontowicz A, Thornton M (2013) Don’t forget to lock your SIB: hiding instruments using P1687. In: Proceedings of IEEE International Test Conference (ITC), paper, vol 6, p 2Google Scholar
  13. 13.
    Ebrard E, Allard B, Candelier P, Waltz P (2009) Review of fuse and antifuse solutions for advanced standard CMOS technologies. Microelectron J 40(12):1755–1765CrossRefGoogle Scholar
  14. 14.
    Eklow B, Bennetts B (2006) New techniques for accessing embedded instrumentation: IEEE P1687 (IJTAG). In: Proceedings of IEEE European Test Symposium (ETS), pp 253–254Google Scholar
  15. 15.
    Ghani Zadegan F, Ingelsson U, Carlsson G, Larsson E (2012) Access time analysis for IEEE P1687. IEEE Trans Comput 61(10):1459–1472CrossRefMathSciNetGoogle Scholar
  16. 16.
    Hely D, Flottes ML, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip [Secure IC Testing]. In: Proceedings of IEEE On-Line Testing Symposium (IOLTS), pp 219–224Google Scholar
  17. 17.
    IEEE (2013) IEEE Standard for test access port and boundary-scan architecture 1149.1-2013. Test Technology Technical Committee of the IEEE Computer Society, USAGoogle Scholar
  18. 18.
    Kömmerling O, Kuhn MG (1999) Design principles for tamper-resistant smartcard processors. In: Proceedings of USENIX Workshop on Smartcard Technology. USENIX Association, WOST, pp 9–20Google Scholar
  19. 19.
    Larsson E, Ghani Zadegan F (2012) Accessing embedded DfT instruments with IEEE P1687. In: Proceedings of IEEE Asian Test Symposium (ATS), pp 71–76Google Scholar
  20. 20.
    Lee J, Tehranipoor M, Plusquellic J (2006) A low-cost solution for protecting IPs against scan-based side-channel attacks. In: Proceedings of IEEE VLSI Test Symposium (VTS), pp 94–99Google Scholar
  21. 21.
    Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans on Dependable and Secure Computing 4(4):325–336CrossRefGoogle Scholar
  22. 22.
    Ley A (2009) Doing more with less—an IEEE 1149.7 embedded tutorial: standard for reduced-pin and enhanced-functionality test access port and boundary-scan architecture. In: Proceedings of IEEE International Test Conference (ITC), paper ET3.1Google Scholar
  23. 23.
    Marinissen E, Iyengar V, Chakrabarty K (2002) A set of benchmarks for modular testing of SOCs. In: Proceedings of IEEE International Test Conference (ITC), pp 519–528Google Scholar
  24. 24.
    Nicolaidis M, Noraz S, Courtois B (1989) A generalized theory of fail-safe systems. In: International Symposium on Fault-Tolerant Computing. FTCS, Digest of Papers, pp 398–406Google Scholar
  25. 25.
    Park K, Yoo S, Kim T, Kim J (2010) JTAG security system based on credentials. J Electron Test (JETTA) 26:549–557CrossRefGoogle Scholar
  26. 26.
    Park KY, Yoo SG, Kim J (2012) Debug port protection mechanism for secure embedded devices. IEEE J Semicond Tech Sci 12(2):240–253CrossRefGoogle Scholar
  27. 27.
    Pierce L, Tragoudas S (2013) Enhanced secure architecture for joint action test group systems. IEEE Trans on Very Large Scale Integration (VLSI) Systems 21(7):1342–1345CrossRefGoogle Scholar
  28. 28.
    Rearick J, Volz A (2006) A case study of using IEEE P1687 (IJTAG) for high-speed serial I/O characterization and testing. In: Proceedings of IEEE International Test Conference (ITC), paper 10.2Google Scholar
  29. 29.
    Rearick J, Eklow B, Posse K, Crouch A, Bennetts B (2005) IJTAG (Internal JTAG): A step toward a DFT standard. In: Proceedings of IEEE International Test Conference (ITC), paper, vol 32, p 4Google Scholar
  30. 30.
    Rosenfeld K, Karri R (2010) Attacks and defenses for JTAG. IEEE Design & Test Comput 27(1):36–47CrossRefGoogle Scholar
  31. 31.
    Rosenfeld K, Karri R (2011) Security-aware SoC test access mechanisms. In: Proceedings of IEEE VLSI Test Symposium (VTS), pp 100–104Google Scholar
  32. 32.
    Sourgen L (1992) Security locks for integrated circuit US patent App. 5101121 AGoogle Scholar
  33. 33.
    Stollon N (2011) On-chip instrumentation: design and debug for systems on chip. Springer, USCrossRefGoogle Scholar
  34. 34.
    Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. SpringerGoogle Scholar
  35. 35.
    Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: Proceedings of IEEE International Test Conference (ITC), pp 339–344Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Rafal Baranowski
    • 1
  • Michael A. Kochte
    • 1
  • Hans-Joachim Wunderlich
    • 1
  1. 1.Institut für Technische Informatik, Universität Stuttgart Pfaffenwaldring 47StuttgartGermany

Personalised recommendations