This paper describes an anti-tamper JTAG Tap design which uses SHA256 secure hash and a true random number generator (TRNG) to create a low gate overhead challenge/response based access system for IC test and on-chip internals. The system may be used to enable 1149.1 TAP instructions or may control access to an IEEE P1687 on-chip instrument. The TAP owner (manufacturer of the IC) may then use DRM (Digital Rights Management) based JTAG software to manage which end users have access to the TAP or TAP accessible areas of the IC. IEEE 1149.1/JTAG was intended to enable access to pins and on-chip infrastructure IP (sometimes referred to as 'instruments') to make life easier for test engineers and reduce costs. Unfortunately, JTAG can also be used by the 'evil-doers' and makes their life easier when hacking electronic products. IEEE 1149.1/JTAG has been for used in hacking or snooping hardware platforms with the intent to reverse engineer the design. This reverse engineering may be for the purpose of cloning an electronic product or for the purpose of making compatible peripherals. Neither of these is in the best interest of the OEM. IEEE 1149.1/JTAG may also be used for installing Trojan software programs or Trojan FPGA designs enabling the capturing of user passwords and other system details. Consider how easy it is to re-program FPGAs and update embedded systems today via JTAG. Then consider the ramifications if a critical embedded system such as a downed UAV - Unmanned Aerial Vehicle - had its FPGAs or firmware reprogrammed by an insurgent. If they can capture a UAV or 'drone' video feed, it certainly isn't that farfetched to consider it.
展开▼
