Secure design-for-debug for Systems-on-Chip

Jerry Backer; David Hely; Ramesh Karri

doi:10.1109/TEST.2015.7342418

Secure design-for-debug for Systems-on-Chip

Jerry Backer, David Hely, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

Original language	English (US)
Title of host publication	International Test Conference 2015, ITC 2015 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781467365789
DOIs	https://doi.org/10.1109/TEST.2015.7342418
State	Published - Nov 30 2015
Event	46th IEEE International Test Conference, ITC 2015 - Anaheim, United States Duration: Oct 6 2015 → Oct 8 2015

Publication series

Name	Proceedings - International Test Conference
Volume	2015-November
ISSN (Print)	1089-3539

Other

Other	46th IEEE International Test Conference, ITC 2015
Country	United States
City	Anaheim
Period	10/6/15 → 10/8/15

ASJC Scopus subject areas

Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1109/TEST.2015.7342418

Fingerprint Dive into the research topics of 'Secure design-for-debug for Systems-on-Chip'. Together they form a unique fingerprint.

Cite this

Backer, J., Hely, D., & Karri, R. (2015). Secure design-for-debug for Systems-on-Chip. In International Test Conference 2015, ITC 2015 - Proceedings [7342418] (Proceedings - International Test Conference; Vol. 2015-November). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TEST.2015.7342418

Secure design-for-debug for Systems-on-Chip. / Backer, Jerry; Hely, David; Karri, Ramesh.

International Test Conference 2015, ITC 2015 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2015. 7342418 (Proceedings - International Test Conference; Vol. 2015-November).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Backer, J, Hely, D & Karri, R 2015, Secure design-for-debug for Systems-on-Chip. in International Test Conference 2015, ITC 2015 - Proceedings., 7342418, Proceedings - International Test Conference, vol. 2015-November, Institute of Electrical and Electronics Engineers Inc., 46th IEEE International Test Conference, ITC 2015, Anaheim, United States, 10/6/15. https://doi.org/10.1109/TEST.2015.7342418

@inproceedings{fc6981f79f9a4050b7d4004f17570970,

title = "Secure design-for-debug for Systems-on-Chip",

abstract = "This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.",

author = "Jerry Backer and David Hely and Ramesh Karri",

year = "2015",

month = nov,

day = "30",

doi = "10.1109/TEST.2015.7342418",

language = "English (US)",

series = "Proceedings - International Test Conference",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "International Test Conference 2015, ITC 2015 - Proceedings",

note = "46th IEEE International Test Conference, ITC 2015 ; Conference date: 06-10-2015 Through 08-10-2015",

}

TY - GEN

T1 - Secure design-for-debug for Systems-on-Chip

AU - Backer, Jerry

AU - Hely, David

AU - Karri, Ramesh

PY - 2015/11/30

Y1 - 2015/11/30

N2 - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

AB - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

UR - http://www.scopus.com/inward/record.url?scp=84958654446&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958654446&partnerID=8YFLogxK

U2 - 10.1109/TEST.2015.7342418

DO - 10.1109/TEST.2015.7342418

M3 - Conference contribution

AN - SCOPUS:84958654446

T3 - Proceedings - International Test Conference

BT - International Test Conference 2015, ITC 2015 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 46th IEEE International Test Conference, ITC 2015

Y2 - 6 October 2015 through 8 October 2015

ER -