Skip to main content
Log in

JTAG Security System Based on Credentials

  • Published:
Journal of Electronic Testing Aims and scope Submit manuscript

Abstract

JTAG (Joint Test Access Group) is a powerful tool for the embedded system development environments. The features of JTAG, however, can be exploited by malicious users as a backdoor for launching attacks, an approach which now constitutes a major threat in the domain of device hacking. To deny unauthenticated users access to the features of JTAG port, this paper proposes a novel JTAG security mechanism. The proposed solution uses authentication based on credentials to achieve improved security and usability over existing solutions. Our approach is easily applicable to all standard JTAG environments because its structure is designed to be independent from the application environment. Further, the approach has lower implementation cost than encryption/decryption-based solutions since only hash and XOR calculations are employed in its authentication protocol. The security of the proposed mechanism has been verified through analysis against all forms of expected attacks, and its functionality is demonstrated with a real-life implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Ashkenazi A, Akselrod D (2007) Platform independent overall security architecture in multi-processor system-on-chip integrated circuits for use in mobile phones and handheld devices. Comput Electr Eng 33(5–6):407–424. doi:10.1016/j.compeleceng.2007.05.003

    Article  Google Scholar 

  2. Breeuwsma MF (2006) Forensic imaging of embedded systems using JTAG (boundary-scan). Int J Digit Forensics Incident Response 3(1):32–42. doi:10.1016/j.diin.2006.01.003

    Google Scholar 

  3. Buskey RF, Frosik BB (Sep. 2006) Protected JTAG. International Conference Workshops on parallel Processing (ICPP), Montreal, Canada, pp 405–414, doi:10.1109/ICPPW.2006.65

  4. Comulkiewicz M, Nikodem M, Tomczak T (May 2006) Low-cost and universal secure scan a design-for-test architecture for crypto chips. International Conference on Dependability of Computer Systems (DEPCOS-RELCOMEX), Szklarska Poreba, Poland, pp 282–288, doi:10.1109/DEPCOS-RELCOMEX.2006.36

  5. Hely D, Bancel F, Flottes ML, Rouzeyre B (2007) Securing scan control in crypto chips. J Electron Test: Theory Appl 23(5):457–464. doi:10.1007/s10836-007-5000-z

    Article  Google Scholar 

  6. Ihor V, Eduard H, Young SK, Bohdan K (Aug. 2008) Fast Digital TRNG Based on Metastable Ring Oscillator. Cryptographic Hardware and Embedded Systems(CHES), Washington, D.C, USA, pp 164–180, doi:10.1007/978-3-540-85053-3_11

  7. Institute of Electrical and Electronic Engineers. Standard test access port and boundary-scan architecture. IEEE.Std. 1149.1–2001

  8. Jack B (2006) Exploiting embedded systems. Black Hat 2006, Las Vegas, USA, Available at http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Jack.pdf, Accessed 22 Sep 2009

  9. Kapur R (Oct. 2004) Security vs. test quality: are they mutually exclusive?. International Test Conference (ITC), Charlotte, USA, pp1414, doi:10.1109/TEST.2004.1387422

  10. Kocher P, Lee R, McGraw G, Raghunathan A, Ravi S (June 2004) Security as a new dimension in embedded system design. Design Automation Conference (DAC), San Diego, USA, pp 753–760, doi:10.1145/996566.996771

  11. Kurt R, Ramesh K (2010) Attacks and defenses for JTAG. IEEE Des Test Comput 17(1):36–47. doi:10.1109/MDT.2010.9

    Google Scholar 

  12. Lee J, Tehranipoor M, Patel C, Plusquellic J (Oct. 2005) Securing scan design using lock & key technique. International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT), Monterey, USA, pp 51–62, doi:10.1109/DFTVS.2005.58

  13. Moyer WC, Fitzsimmons ME (Sept. 2007) Integrated circuit security and method therefor. United States Patent, Patent No. US7266848B2

  14. Novak F, Biasizzo A (2006) Security extension for IEEE std 1149.1. J Electron Test: Theory Appl 22(3):301–303. doi:10.1007/s10836-006-7720-x

    Article  Google Scholar 

  15. OMTP Hardware Working Group (March 2006) OMTP hardware requirements and defragmentation. Trusted Environment OMTP TR0. Open Mobile Terminal Platform

  16. Quynh D (Feb. 2009) Recommendation for Applications Using Approved Hash Algorithms. NIST Special Publication 800-107

  17. Yang B, Wu K, Karri R (2006) Secure scan: a design-for-test architecture for crypto chips. IEEE Trans Comput Aided Des Integr Circuits Syst 25(10):2287–2293. doi:10.1109/TCAD.2005.862745

    Article  Google Scholar 

Download references

Acknowledgment

This research has been conducted as a part of the industry-academic cooperation project between Samsung Electronics and Sogang University. We thank Samsung Electronics Modem R&D team for their support with the research grant.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Juho Kim.

Additional information

Responsible Editor: E. J. Marinissen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Park, K., Yoo, S.G., Kim, T. et al. JTAG Security System Based on Credentials. J Electron Test 26, 549–557 (2010). https://doi.org/10.1007/s10836-010-5170-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10836-010-5170-y

Keywords

Navigation