The Internet of Things will contain billions of “intelligent” devices. Each of them will be a potential security risk.
It is fairly common knowledge that hacking into today’s intelligent Internet devices is child’s play in most cases. The main reason is that the devices have little or no innate security designed in. When they do have some level of security, it is generally provisioned by software running on the host system, to which the devices are connected. But that only works with a device on the grid. Off of grid, the device can be completely at risk, with no security whatsoever.
Much of this is lack of security in current products exists because they were never really envisioned to be uber-connected (this can be anything from a USB dongle to a washing machine, for example). However, for years now, and depending upon the sophistication of the device, many have evolved into sophisticated, processor-based, and controlled devices – just not connected to anything. And most of those circuits have a JTAG port for testing.
Evolution
The Internet of Things will be comprised of objects that exist today, as well as new devices designed specifically for its infrastructure of tomorrow. However, it will not be a radically new iteration of what already exists, and will look and feel much like what we see and interact with today. Many devices that already are part of our everyday lives that do not have any intelligence or connectivity will be refitted with an embedded interface.1
And, it will encompass things that aren’t necessarily connected today but already have an intelligence on a larger scale. Items like kitchen and personal appliances, personal security system, wearables, vehicles, media centers, etc.), that have local, some sophisticated, processor-control electronics, will also gain an embedded interface (to make them “embedded” means simply adding the I/O and related hardware to the device – and, most likely, JTAG testing ports if they don’t already have them).
This presents an interesting conundrum, because, for testing, the JTAG port is built into a lot of devices. In fact, it is the de facto standard for many devices and, as an open standard, offers a quick and cheap embedded IP block for cost-sensitive devices. Furthermore, the boundary scan standard has been accepted and implemented by virtually all IC manufacturers, worldwide. It offers the ability to realize significant cost savings throughout the life span of the PCB.
So when it comes to IoT devices, do we reinvent the wheel and remove this security breach? Or do we redesign what was never meant to be a security risk by sealing up these security holes? It’s a tough call. Sometimes it is easier and cheaper to start from scratch, other times, to simply revise. Either way, the problem becomes exacerbated when widely accepted and implemented standards are involved.
JTAG 101
Originally, the JTAG standard (also known as boundary scan) was created for use in diagnosis and fault isolation testing for boards, systems, and devices. However, due to its cost-effectiveness and IC-level access capabilities, its use has expanded from traditional board test applications into product design, as well. It has evolved as an effective process for accessing the sub-blocks of integrated circuits, making it the ideal tool for debugging embedded systems – systems that will make up the bulk of IoT devices.
What makes this such a valuable tool for both the developer and their nefarious nemesis is that JTAG-based debugging can be called as the very first instruction after CPU reset. That means it is a can have access to the system at the boot level before anything else is set up. Moreover, this standard allows for access to flash memory so the device can be updated to support field upgrades and additional services.
It also can be used to hijack these, and other pins. The JTAG instruction for that is EXTEST (“external test”). It can perform FPGA configuration (there is a good example of this here) http://cas.et.tudelft.nl/~rene/xilinx-jtag.c, and it can be used as debug port.
The JTAG test port is a hacker’s royal flush. It is unsecured, open source and is available right from the start. What more could a hacker want? And, considering that the IoT will contain a swell of cheap embedded devices, the move to secure it should be a priority.
This is where the rubber meets the road. Such open access to flash memory, proprietary algorithms and other sensitive areas enables the extraction of keys, codes, data, even processes without any physical signs of tampering. And the attacker walks away undetected.
No matter how simple, complex or sophisticated the embedded circuit is, it can leak data via the JTAG port., “Even with the protection of silicon IP cores integrated into an SoC, that SoC could be vulnerable to leakage of sensitive information such as configuration data, cryptographic keys, secure boot codes/hashes, and ID via the JTAG test port used to test these devices,” said Craig Rawlings, senior director of business development for the Cryptography Research Division of Rambus. “The world’s largest hardware trojan is the standard JTAG test port used to test each silicon device. This is a sensitive port that should be de-activated after completion of the test procedure. Only authorized agents should have access to these test ports in the case of failure analysis or re-screening for quality or reliability assurance reasons.”
The attack
JTAG attacks can come from a variety of vectors. Fig. 1 shows a general model of the JTAG security landscape. This model provides a way to analyze the security risks associated with a JTAG deployment. A system can have multiple potential attackers.
Figure 1. A general model of the JTAG security land-scape. Courtesy of Kurt Rosenfeld and Ramesh Karri, Polytechnic Institute of New York University.
One type of attack on the JTAG landscape is called the read-out attack. Its objective is to leak some sort of secret data from the victim’s device. It may be an IoT-connected Xbox or an HVAC system. For example, the attacker may want to examine the home’s heating and cooling schedules for clues to when the dwelling may be empty so it can be burglarized. Of course, this is just a random example. In reality, the number of possible exploits is much larger.
This method uses two vectors – one upstream from the chip, the other downstream, and they are on the same JTAG chain with the victim chip between the attack chips, and all of them are powered. Essentially the attacker uses I/O drivers in the upstream attack chip (vector 1) to forcefully control the test_mode_select (TMS) and test_clock (TCK) lines (see Figure 2).
Figure 2. Typical interface lines of JTAG-compliant chips. Courtesy of Kurt Rosenfeld and Ramesh Karri, Polytechnic Institute of New York University.
The upstream attack chip uses brute force to establish itself as the JTAG bus master. It then performs a scan operation on the victim chip to locate and access any secret embedded data. The downstream attack chip collects the data as it leaked from the test_data_out (TDO) line of the victim chip. The data is then dumped from the downstream chip.
Another common attack is the sniffer approach where the attacker attempts to intercept confidential data. The attacker’s goal is to capture data being sent to a victim chip, via JTAG. This only requires a single attacker, but again, both chips must be on and the victim chip must be downstream from the attack chip on the same JTAG chain. The attacker parades a false BYPASS mode that is externally identical to true BYPASS mode, but which parses JTAG signals. This signal is then sent to the victim chip, which, seeing the signal as an original request, dumps the data and the attack chip captures a copy, via either JTAG interrogation of the attack chip in the field, or through a side channel. Such captured data, if confidential enough, can be used by the attacker to clone chips or even access financial or other confidential holdings of the victim.
The protection
Fortunately, JTAG ports can be disabled. That works for some devices but the more sophisticated chips, such as FPGAs use them as I/O (boot loaders) as well as test. So simply disabling the port by blowing the fuse isn’t the best solution.
JTAG functionality is largely device-dependent. On the low end, the JTAG port is simply embedded. It cannot be controlled so there is little one can do to secure it. On higher-end chips, such as the Freescale i.MX 6 series of processors, the JTAG port has configurable options.
This particular chip has the capability to configure JTAG in three separate modes:
Other chips have the capability to disable the port by simply setting a value to a particular pin. For example the MAXQ series of microcontrollers from Maxim simply set the SC.7 (TAP) bit to zero. This results in returning the port pins to the application. But this is not necessarily a good solution unless the application code that controls the port can prevent the re-enabling, since the port can be enabled by a software command.
Conclusion
Unfortunately, securing the port is driven by economies of scale. The high end has some options, but the low end does not. The fact that just about every embedded device or object on the IoT will have a JTAG function is a bit disconcerting. Not that they exist, but because they can be so easily compromised and offer such an un-securable security portal in most cases.
Currently, there seems to be little concern over JTAG security issues in the face of the IoT. As Rawlings stated, “The world’s largest hardware trojan is the standard JTAG test port.” That says it all, and the industry should start seriously thinking about how to secure that port.
1. For this discussion, an embedded device, or object is a thing that has input, output, and functionality (intelligence). It can also have storage and memory, both ROM and RAM, and is connected to the Internet.
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply