Circumventing Secure JTAG

Abstract

Forensic science is the cornerstone of the modern justice system, as it allows us to analyze evidence in order to discover the truth behind a crime scene. As mobile phones became more important to our daily lives they've taken up a bigger part in forensic research as well. These devices contain digital traces telling us the story of our lives. Digital forensic research traditionally focused on recovering data, in particular data from broken or undocumented systems. While security was not the primary concern of most manufacturers, this has changed in recent times. Cryptography has become a major roadblock in forensic science, which has shifted the focus from recovery towards exploitation. Traditionally Digital forensic research focused on physical acquisition. While often tools supported logical extraction, this would leave many deleted traces inside of the memory chip intact. Instead methods such as Flasher tools, JTAG-based acquisition, In-System Programming and Chip-off were often used to make images of the physical contents of the memory chip. This would then be analyzed by data-analysts in order to extract evidence from the images. On many modern devices cryptography has ensured that these methods are no longer effective. Software exploitation techniques such as DirtyCow have proven to become much more important in digital forensic science, but more methods should be developed. JTAG is of particular interest in this regard. It is a testing system that was previously left unsecured and providing attackers with an easy way in. More recently manufacturers have started using novel ways of protecting JTAG from malicious use, but very little research exists testing these new security measures. This is a recipe for vulnerabilities. This thesis focuses on attacking Secure JTAG; Samsung's authentication module for ARM CoreSight. Several potential attacks have been highlighted that are potentially applicable to Secure JTAG. A novel model has been developed that allows an attacker to evaluate the complexity of their attacks. While models such as CVSS and DREAD exist, these focus on threat analysis rather than offensive research. Using this model two attacks were chosen: One focusing on reversing the internal JTAG boundary scan chains and the other attempting to force authentication through fault injection. In order to reverse the JTAG boundary scan chains a new set of tools had to be developed. Existing tools were often incapable of communicating with the internal scan chains or did not provide enough freedom to enable research. After their development these new tools were able to confirm that the internal scan chains were secured. The internal boundary scan chains will not be a viable attack vector until the authentication mechanism is circumvented. The second attack focused on a potential fault injection vulnerability in the Secure JTAG authentication scheme. Because Secure JTAG is a purely hardware component it provided a unique challenge. Where normally firmware is analyzed to prove the existence of a vulnerability, Secure JTAG has no such firmware available. This makes discerning between failure because the device is not vulnerable and failure because of chance nearly impossible. To increase confidence in the attack and decrease attack space this project focused on Electromagnetic Side-channel Analysis. By locating the signals produced by Secure JTAG authentication it is possible to greatly reduce the attack space, thereby increasing confidence in the attack. In the end correlating signals were located near the high-power processor of the chip, albeit not the hashing engine itself. This lowered the attack space enough for an eventual fault injection attack.