Skip to main content

Access Port Protection for Reconfigurable Scan Networks

Journal of Electronic Testing volume 30pages 711–723 (2014)Cite this article

Abstract

Scan infrastructures based on IEEE Std. 1149.1 (JTAG), 1500 (SECT), and P1687 (IJTAG) provide a cost-effective access mechanism for test, reconfiguration, and debugging purposes. The improved accessibility of on-chip instruments, however, poses a serious threat to system safety and security. While state-of-the-art protection methods for scan architectures compliant with JTAG and SECT are very effective, most of these techniques face scalability issues in reconfigurable scan networks allowed by the upcoming IJTAG standard. This paper describes a scalable solution for multi-level access management in reconfigurable scan networks. The access to protected instruments is restricted locally at the interface to the network. The access restriction is realized by a sequence filter that allows only a precomputed set of scan-in access sequences. This approach does not require any modification of the scan architecture and causes no access time penalty. Therefore, it is well suited for core-based designs with hard macros and 3D integrated circuits. Experimental results for complex reconfigurable scan networks show that the area overhead depends primarily on the number of allowed accesses, and is marginal even if this number exceeds the count of registers in the network.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

USD 39.95

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Notes

  1. Nangate 45nm Open Cell Library v1.3, http://www.nangate.com

References

  1. Abramovici M (2008) In-system silicon validation and debug. IEEE Design & Test Comput 25(3):216–223

    Article  Google Scholar 

  2. Agarwal K (2011) Secure scan design. Us Patent App. 7:966– 535

    Google Scholar 

  3. Baranowski R (2014) Reconfigurable scan networks: formal verification, access optimization and protection. University of Stuttgart, PhD thesis. http://elib.uni-stuttgart.de/opus/volltexte/2014/8982

    Google Scholar 

  4. Baranowski R, Kochte MA, Wunderlich HJ (2012) Modeling, verification and pattern generation for reconfigurable scan networks. In: Proceedings of IEEE International Test Conference (ITC), paper 8.2

  5. Baranowski R, Kochte MA, Wunderlich HJ (2013) Scan pattern retargeting and merging with reduced access time. In: Proceedings of IEEE European Test Symposium (ETS), pp 39–45

  6. Baranowski R, Kochte MA, Wunderlich HJ (2013) Securing access to reconfigurable scan networks. In: Proceedings of IEEE Asian Test Symposium (ATS), pp 295–300

  7. Buskey R, Frosik B (2006) Protected JTAG. In: Proceedings of IEEE International Conference on Parallel Processing Workshops (ICCPW), pp 405–414

  8. Chiu GM, Li JM (2012) A secure test wrapper design against internal and boundary scan attacks for embedded cores. IEEE Trans on Very Large Scale Integration (VLSI) Systems 20 (1):126–134

    Article  Google Scholar 

  9. Clark C (2010) Anti-Tamper JTAG TAP design enables DRM to JTAG registers and P1687 On-Chip instruments. In: Proceedings of IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 19–24

  10. Da Rolt J, Das A, Di Natale G, Flottes ML, Rouzeyre B, Verbauwhede I (2014) Test versus security: past and present. To appear in: IEEE Trans on Emerging Topics in Computing

  11. Das A, Rolt J, Ghosh S, Seys S, Dupuis S, Natale G, Flottes ML, Rouzeyre B, Verbauwhede I (2013) Secure JTAG implementation using schnorr protocol. J Electron Test (JETTA) 29(2):193–209

    Article  Google Scholar 

  12. Dworak J, Crouch A, Potter J, Zygmontowicz A, Thornton M (2013) Don’t forget to lock your SIB: hiding instruments using P1687. In: Proceedings of IEEE International Test Conference (ITC), paper, vol 6, p 2

  13. Ebrard E, Allard B, Candelier P, Waltz P (2009) Review of fuse and antifuse solutions for advanced standard CMOS technologies. Microelectron J 40(12):1755–1765

    Article  Google Scholar 

  14. Eklow B, Bennetts B (2006) New techniques for accessing embedded instrumentation: IEEE P1687 (IJTAG). In: Proceedings of IEEE European Test Symposium (ETS), pp 253–254

  15. Ghani Zadegan F, Ingelsson U, Carlsson G, Larsson E (2012) Access time analysis for IEEE P1687. IEEE Trans Comput 61(10):1459–1472

    Article  MathSciNet  Google Scholar 

  16. Hely D, Flottes ML, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip [Secure IC Testing]. In: Proceedings of IEEE On-Line Testing Symposium (IOLTS), pp 219–224

  17. IEEE (2013) IEEE Standard for test access port and boundary-scan architecture 1149.1-2013. Test Technology Technical Committee of the IEEE Computer Society, USA

  18. Kömmerling O, Kuhn MG (1999) Design principles for tamper-resistant smartcard processors. In: Proceedings of USENIX Workshop on Smartcard Technology. USENIX Association, WOST, pp 9–20

  19. Larsson E, Ghani Zadegan F (2012) Accessing embedded DfT instruments with IEEE P1687. In: Proceedings of IEEE Asian Test Symposium (ATS), pp 71–76

  20. Lee J, Tehranipoor M, Plusquellic J (2006) A low-cost solution for protecting IPs against scan-based side-channel attacks. In: Proceedings of IEEE VLSI Test Symposium (VTS), pp 94–99

  21. Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans on Dependable and Secure Computing 4(4):325–336

    Article  Google Scholar 

  22. Ley A (2009) Doing more with less—an IEEE 1149.7 embedded tutorial: standard for reduced-pin and enhanced-functionality test access port and boundary-scan architecture. In: Proceedings of IEEE International Test Conference (ITC), paper ET3.1

  23. Marinissen E, Iyengar V, Chakrabarty K (2002) A set of benchmarks for modular testing of SOCs. In: Proceedings of IEEE International Test Conference (ITC), pp 519–528

  24. Nicolaidis M, Noraz S, Courtois B (1989) A generalized theory of fail-safe systems. In: International Symposium on Fault-Tolerant Computing. FTCS, Digest of Papers, pp 398–406

  25. Park K, Yoo S, Kim T, Kim J (2010) JTAG security system based on credentials. J Electron Test (JETTA) 26:549–557

    Article  Google Scholar 

  26. Park KY, Yoo SG, Kim J (2012) Debug port protection mechanism for secure embedded devices. IEEE J Semicond Tech Sci 12(2):240–253

    Article  Google Scholar 

  27. Pierce L, Tragoudas S (2013) Enhanced secure architecture for joint action test group systems. IEEE Trans on Very Large Scale Integration (VLSI) Systems 21(7):1342–1345

    Article  Google Scholar 

  28. Rearick J, Volz A (2006) A case study of using IEEE P1687 (IJTAG) for high-speed serial I/O characterization and testing. In: Proceedings of IEEE International Test Conference (ITC), paper 10.2

  29. Rearick J, Eklow B, Posse K, Crouch A, Bennetts B (2005) IJTAG (Internal JTAG): A step toward a DFT standard. In: Proceedings of IEEE International Test Conference (ITC), paper, vol 32, p 4

  30. Rosenfeld K, Karri R (2010) Attacks and defenses for JTAG. IEEE Design & Test Comput 27(1):36–47

    Article  Google Scholar 

  31. Rosenfeld K, Karri R (2011) Security-aware SoC test access mechanisms. In: Proceedings of IEEE VLSI Test Symposium (VTS), pp 100–104

  32. Sourgen L (1992) Security locks for integrated circuit US patent App. 5101121 A

  33. Stollon N (2011) On-chip instrumentation: design and debug for systems on chip. Springer, US

    Book  Google Scholar 

  34. Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer

  35. Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: Proceedings of IEEE International Test Conference (ITC), pp 339–344

Download references

Author information

Authors and Affiliations

  1. Institut für Technische Informatik, Universität Stuttgart Pfaffenwaldring 47, 70569, Stuttgart, Germany

    Rafal Baranowski, Michael A. Kochte & Hans-Joachim Wunderlich

Authors
  1. Rafal Baranowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael A. Kochte
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hans-Joachim Wunderlich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafal Baranowski.

Additional information

Responsible Editor: J.-L. Huang

This manuscript is an extended version of the paper [6] presented at the 22nd IEEE Asian Test Symposium, Nov. 2013.

This work was supported by the German Research Foundation (DFG) under grants WU 245/13-1 (RM-BIST) and WU 245/17-1 (ACCESS).

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Baranowski, R., Kochte, M.A. & Wunderlich, HJ. Access Port Protection for Reconfigurable Scan Networks. J Electron Test 30, 711–723 (2014). https://doi.org/10.1007/s10836-014-5484-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10836-014-5484-2

Keywords

  • Debug and diagnosis
  • Reconfigurable scan network
  • IJTAG
  • IEEE P1687
  • Secure DFT
  • Hardware security