Evaluating Security of New Locking SIB-based Architectures

The IEEE Std 1687 (IJT AG) provides enhanced access to the on-chip test instruments, which are included on the chip for test, post-silicon debug, in field maintenance, and diagnosis purposes. Although the on-chip instruments access provides data and features explicitly for test and debug, these features are misused by the malicious user to access sensitive data such as encryption keys, Chip-IDs, etc. Hence, it is desired to limit the access to sensitive on-chip instruments via IJT AG network. One of the various schemes proposed to mitigate the vulnerability of the IJT AG network is to use a secure access protocol, which is based on LSIB, Chip-ID, and licensed access software.In this paper, the detailed security analysis is performed on IJT AG, it is shown that the secure access protocol technique is vulnerable to differential analysis attack. It can be used to break the secure communication between the board and the licensed access software and thus, the sensitive on-chip test instruments can be accessed illegitimately. It is shown that our proposed algorithm can recover the template used for secure communication within a fraction of a second.