Securing Access to Reconfigurable Scan Networks

The accessibility of on-chip embedded infrastructure for test, reconfiguration, and debug poses a serious safety and security problem. Special care is required in the design and development of scan architectures based on IEEE Std. 1149.1 (JTAG), IEEE Std. 1500, and especially reconfigurable scan networks, as allowed by the upcoming IEEE P1687 (IJTAG). Traditionally, the scan infrastructure is secured after manufacturing test using fuses that disable the test access port (TAP) completely or partially. The fuse-based approach is efficient if some scan chains or instructions of the TAP controller are to be permanently blocked. However, this approach becomes costly if fine-grained access management is required, and it faces scalability issues in reconfigurable scan networks. In this paper, we propose a scalable solution for multi-level access management in reconfigurable scan networks. The access to protected registers is restricted locally at TAP-level by a sequence filter which allows only a precomputed set of scan-in access sequences. Our approach does not require any modification of the scan architecture and causes no access time penalty. Experimental results for complex reconfigurable scan networks show that the area overhead depends primarily on the number of allowed accesses, and is marginal even if this number exceeds the count of network´s registers.