Security Against Data-Sniffing and Alteration Attacks in IJTAG

The IEEE Std. 1687 (IJTAG) facilitates access to on-chip instruments in complex system-on-chip designs. However, a major security vulnerability in IJTAG has yet to be addressed. IJTAG supports the integration of tapped and wrapped instruments at the IP provider with hidden test-data registers (TDRs). The instruments with hidden TDRs can alter and steal the data that is shifted through them. These attacks are called data-alteration and data-sniffing attacks, respectively. We propose the addition of shadow TDRs (STDRs) and information-flow tracking logic to protect the shifted in test data from illegitimate alteration and leakage by malicious third-party IPs. We present two security architectures for IJTAG. The first architecture secures the IJTAG against data alteration and incurs no timing overhead. However, it does not secure IJTAG against data-sniffing attacks (DS). The second architecture is an upgrade to the first architecture where we repurpose the use of the STDRs and information-tracking logic to secure the IJTAG against both data-alteration and DS. However, it incurs timing overhead. We present security proofs, simulation results, and the overheads associated with these countermeasures for various benchmarks. We also discuss the tradeoffs in security and overhead between the two proposed architectures.

Automated summary

The study introduces two security architectures for protecting IJTAG, one providing protection against data alteration but not against data-sniffing attacks, and the other addressing both data alteration and data-sniffing attacks at the cost of timing overhead.