Secure design-for-debug for Systems-on-Chip

Jerry Backer, David Hely, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

Original languageEnglish (US)
Title of host publicationInternational Test Conference 2015, ITC 2015 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Volume2015-November
ISBN (Print)9781467365789
DOIs
StatePublished - Nov 30 2015
Event46th IEEE International Test Conference, ITC 2015 - Anaheim, United States
Duration: Oct 6 2015Oct 8 2015

Other

Other46th IEEE International Test Conference, ITC 2015
CountryUnited States
CityAnaheim
Period10/6/1510/8/15

Fingerprint

Debugging
Firmware
Instrumentation
Authentication
Calibration
Data storage equipment
Confidentiality
System-on-chip
Design
Tracing
Costs
Maintenance
Filter
Binary
Verify
Internal
Configuration

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Applied Mathematics

Cite this

Backer, J., Hely, D., & Karri, R. (2015). Secure design-for-debug for Systems-on-Chip. In International Test Conference 2015, ITC 2015 - Proceedings (Vol. 2015-November). [7342418] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TEST.2015.7342418

Secure design-for-debug for Systems-on-Chip. / Backer, Jerry; Hely, David; Karri, Ramesh.

International Test Conference 2015, ITC 2015 - Proceedings. Vol. 2015-November Institute of Electrical and Electronics Engineers Inc., 2015. 7342418.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Backer, J, Hely, D & Karri, R 2015, Secure design-for-debug for Systems-on-Chip. in International Test Conference 2015, ITC 2015 - Proceedings. vol. 2015-November, 7342418, Institute of Electrical and Electronics Engineers Inc., 46th IEEE International Test Conference, ITC 2015, Anaheim, United States, 10/6/15. https://doi.org/10.1109/TEST.2015.7342418
Backer J, Hely D, Karri R. Secure design-for-debug for Systems-on-Chip. In International Test Conference 2015, ITC 2015 - Proceedings. Vol. 2015-November. Institute of Electrical and Electronics Engineers Inc. 2015. 7342418 https://doi.org/10.1109/TEST.2015.7342418
Backer, Jerry ; Hely, David ; Karri, Ramesh. / Secure design-for-debug for Systems-on-Chip. International Test Conference 2015, ITC 2015 - Proceedings. Vol. 2015-November Institute of Electrical and Electronics Engineers Inc., 2015.
@inproceedings{fc6981f79f9a4050b7d4004f17570970,
title = "Secure design-for-debug for Systems-on-Chip",
abstract = "This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6{\%} area and power costs, and do not impact firmware execution during debug.",
author = "Jerry Backer and David Hely and Ramesh Karri",
year = "2015",
month = "11",
day = "30",
doi = "10.1109/TEST.2015.7342418",
language = "English (US)",
isbn = "9781467365789",
volume = "2015-November",
booktitle = "International Test Conference 2015, ITC 2015 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Secure design-for-debug for Systems-on-Chip

AU - Backer, Jerry

AU - Hely, David

AU - Karri, Ramesh

PY - 2015/11/30

Y1 - 2015/11/30

N2 - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

AB - This work tackles the conflict between security and debugging of modern Systems-on-Chip (SoC). On one hand, security objectives require confidentiality of assets such as cryptographic keys, configuration and calibration data, and proprietary firmware. On the other hand, debugging instrumentation enables tracing of internal SoC signals that expose these assets via a debug port or debug memory. Mechanisms proposed to tackle this conflict either disable debugging before the SoC is released, or provide binary (all-or-nothing) access to the debugging instrumentation based on an authentication mechanism. The first approach is not practical because the debugging instrumentation is needed for in-field maintenance. The second approach does not protect against a rogue insider in a debugging team. We enhance the debugging instrumentation with security features to ensure that assets are only exposed to their owners during debug. The features first tag each asset with a unique ID of its owner, authenticate each debugger to verify access privileges, and filter the assets to determine which ones to expose given the debugger privileges. The proposed features incur 6% area and power costs, and do not impact firmware execution during debug.

UR - http://www.scopus.com/inward/record.url?scp=84958654446&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958654446&partnerID=8YFLogxK

U2 - 10.1109/TEST.2015.7342418

DO - 10.1109/TEST.2015.7342418

M3 - Conference contribution

SN - 9781467365789

VL - 2015-November

BT - International Test Conference 2015, ITC 2015 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -