Independent Research Project



Embedded System Vulnerabilities
and the IEEE 1149.1 JTAG Standard

Researcher: Michael R. Tabernero
Project Director: George E. Kalb
Faculty Sponsor: Dr. Gerald M. Masson
Johns Hopkins University
Baltimore, Maryland, USA
March, 2002

Abstract

With the industry wide acceptance of the IEEE 1149.1 Test Access Port (TAP) and Boundary-Scan Architecture (a.k.a. JTAG) Standard, electronic components and the embedded systems that use them are now more accessible and testable than ever before. Beyond testing, the standard also allows for the erasure and update of flash memory to support field upgrades and services. However, with this new technology arises the possibility of new security-related vulnerabilities. As a standard, JTAG test equipment may be exploited as a more portable and less costly reverse-engineering aid in the support of unaurthorized access and modifications of deplyed hardware and software assets. Moreover, with unobstructed access to flash memory, proprietary algorithms and parameters could be extracted without any physical signs of tampering that may be used as forensic evidence of copyright violations, warantee forfeiture, or even criminal prosecution.

While acknowledging the importance and the longevity of the JTAG standard, this paper investigates the following questions:

Additionally, this paper examines past and present examples of hardware exploitation to illustrate concepts and ideas.


Download the Final Paper (36 pages)

MS Word 6.0/97 format

Return to Homepage

Page design (version 1.1-3.01.02) Copyright 2002, George E. Kalb
Distribution of Papers and Presentation materials via this webpage have been granted by the author