TY - GEN
T1 - Secure design-for-debug for Systems-on-Chip
AU - Backer, Jerry
AU - Hely, David
AU - Karri, Ramesh
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/11/30
Y1 - 2015/11/30
N2 - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.
AB - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.
UR - http://www.scopus.com/inward/record.url?scp=84958654446&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958654446&partnerID=8YFLogxK
U2 - 10.1109/TEST.2015.7342418
DO - 10.1109/TEST.2015.7342418
M3 - Conference contribution
AN - SCOPUS:84958654446
T3 - Proceedings - International Test Conference
BT - International Test Conference 2015, ITC 2015 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 46th IEEE International Test Conference, ITC 2015
Y2 - 6 October 2015 through 8 October 2015
ER -