Abstract Modern System-on-Chip (SoC) designs integrate various embedded instruments and proprietary data to support critical operations such as testing, diagnosis, and in-field health monitoring. The IEEE Std. 1687 (IJTAG) is widely adopted to provide efficient and flexible access to these on-chip instruments. However, its reconfigurable nature exposes a significant attack surface, making it vulnerable to advanced security threats, including machine learning, differential analysis, and power analysis attacks, which can extract Chip IDs and cryptographic keys. To enhance the security of the IJTAG architecture, a secure access protocol has been proposed in the literature. In this secure access scheme, a random number generator produces a bitstream, and whenever a predefined template matches, a key bit is inserted into the bitstream; this process continues until all key bits are embedded. However, the reliance on a single static template renders the scheme predictable and susceptible to key recovery. To overcome this limitation, we propose a multi-dynamic template based secure access protocol, where multiple templates are employed for key insertion. For each comparison, the specific template is dynamically selected based on the last generated bit of the bitstream, thereby introducing randomness into the embedding process and obfuscating adversarial analysis. The experimental evaluation demonstrates that, with eight templates, the proposed protocol reduces machine learning attack accuracy from 98. 31 to 0. 0002%, increases the complexity of differential analysis by extending the key retrieval time from 3 ms to approximately 1. 67 10^10 1. 67 × 10 10 years, and renders power analysis attacks completely infeasible. In addition, the proposed scheme significantly reduces the bitstream length required for key insertion. For instance, with a 16-bit template and a 256-bit key, the required bitstream length decreases from 16. 6 million to 12. 8 thousand, while for a 24-bit template and a 256-bit key, it decreases from 4. 2 billion to 57. 2 thousand, while maintaining security. Furthermore, hardware synthesis on ITC’16 IJTAG benchmarks confirms negligible implementation cost, with area overheads of only 1. 65% and 1. 53% for the TreeFlatEx and TreeBalanced benchmarks, respectively. These results demonstrate that the proposed protocol provides scalable, resource-efficient and robust protection for IJTAG-enabled SoCs against state-of-the-art attacks.
Kumar et al. (Mon,) studied this question.