| The JTAG of SoC provides an effective and efficient solution for system testing and in-field configuration. However, there are some problems with potential security hazards. Besides, the available security protective measures now are not applicable to Cryptographic SoC due to the little consideration of security and flexibility. Therefore, to address this, a Cryptographic SoC-oriented secure JTAG scheme is developed and tested in this paper. The major work and results are as follows.A multi-layer configurable secure JTAG scheme is put forward, after an analysis on JTAG security demands and several attack types for Cryptographic SoC. During the 4 different stages in the life cycle of Cryptographic SoC, the demands for JTAG functions are different, as well as the security capability of the corresponding operators. Therefore, the multi-layer structure and different access protocols with 5 security levels and 3 sub-levels are designed. The security capability is boosted level over level for each dedicated stage in its life cycle so that the functional requirements and secure access are both satisfied. Moreover, to further improve the flexibility, the authority control is added. Operators with advanced permission can acquire the access permission to a certain level by proper temporary authorization, which makes the multi-layer scheme practical.An NSBO authentication protocol based on ECC is created to guarantee the scheme security, satisfy the security capability requirements from the multi-layer structure, and provide access control and data encryption transmission. The protocol has the ability of mutual authentication and confidential information leakage of neither side. Moreover, the protocol integrates with authenticated key agreement. Stream cypher method is adopted to make sure data encrypted transmission is secure and efficient. And a structure with two public key certificates is designed in order to make the protocol applicable to more complicated scenarios. Last but not least, the analysis is conducted to guarantee the security characteristic of the strategy.Taking into consideration all the requirements of the multi-layer configurable secure JTAG scheme, two execution plans are designed, analyzed and optimized for special hardware and cryptographic processor respectively. First of all, special instructions are defined based on JTAG norms for the plan implementation. And the prototype system of Cryptographic SoC-oriented secure JTAG scheme is composed, in which the system security storage controller is specially designed for the secure storage of method parameters. Lastly, functional verification and execution performance are tested and analyzed with the simulation and FPGA board environment.The proposd multi-layer configurable JTAG scheme has the ability to guarantee the security of JTAG interface on Cryptographic SoC chips. And it is shown to be highly flexible and convenient for each and every stage during the life cycle. Therefore, the scheme will provide valuable information for researches and also have significant implications for wide applications. |
PDF Full Text Request