Security Against Data-Sniffing and Alteration Attacks in IJTAG

The IEEE Std. 1687 (IJTAG) facilitates access to on-chip instruments in complex system-on-chip designs. However, a major security vulnerability in IJTAG has yet to be addressed. IJTAG supports the integration of tapped and wrapped instruments at the IP provider with hidden test-data registers (TDRs). The instruments with hidden TDRs can alter and steal the data that is shifted through them. These attacks are called “data-alteration” and “data-sniffing” attacks, respectively. We propose the addition of shadow test-data registers and information-flow tracking logic to protect the shifted in test data from illegitimate alteration and leakage by malicious third-party IPs. We present two security architectures for IJTAG. The first architecture secures the IJTAG against data alteration and incurs no timing overhead. However, it does not secure IJTAG against data-sniffing attacks. The second architecture is an upgrade to the first architecture where we re-purpose the use of the shadow test-data registers and information-tracking logic to secure the IJTAG against both data-alteration and data-sniffing attacks. However, it incurs timing overhead. We present security proofs, simulation results, and the overheads associated with these countermeasures for various benchmarks. We also discuss the trade-offs in security and overhead between the two proposed architectures.