logo

On-Chip Debug and Test Interface With Improper Access Control

Stable Base
Structure: Simple
Description

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

Extended Description

A device's internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present. If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface. Sometimes, designers choose not to expose the debug pins on the motherboard. Instead, they choose to hide these pins in the intermediate layers of the board. This is primarily done to work around the lack of debug authorization inside the chip. In such a scenario (without debug authorization), when the debug interface is exposed, chip internals are accessible to an attacker.

Common Consequences 6
Scope: Confidentiality

Impact: Read Application Data

Scope: Confidentiality

Impact: Read Memory

Scope: Authorization

Impact: Execute Unauthorized Code or Commands

Scope: Integrity

Impact: Modify Memory

Scope: Integrity

Impact: Modify Application Data

Scope: Access Control

Impact: Bypass Protection Mechanism
Detection Methods 3
Dynamic Analysis with Manual Results Interpretation
Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification ("Security by obscurity") should not be considered as sufficient security.
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default.
FuzzingModerate
Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.
Potential Mitigations 1
Phase: Architecture and Design

Strategy: Separation of Privilege

If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.

Effectiveness: High
Demonstrative Examples 3
A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.

Code Example:

Bad
Other

If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board.

By issuing a "halt" command before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router's firmware. This allows the user to examine the router and potentially exploit it.

JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product.

Code Example:

Good
Other

In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.

The following example code is a snippet from the JTAG wrapper module in the RISC-V debug module of the HACK@DAC'21 Openpiton SoC [REF-1355]. To make sure that the JTAG is accessed securely, the developers have included a primary authentication mechanism based on a password.
The developers employed a Finite State Machine (FSM) to implement this authentication. When a user intends to read from or write to the JTAG module, they must input a password.
In the subsequent state of the FSM module, the entered password undergoes Hash-based Message Authentication Code (HMAC) calculation using an internal HMAC submodule. Once the HMAC for the entered password is computed by the HMAC submodule, the FSM transitions to the next state, where it compares the computed HMAC with the expected HMAC for the password.
If the computed HMAC matches the expected HMAC, the FSM grants the user permission to perform read or write operations on the JTAG module. [REF-1352]

Code Example:

Bad
Verilog
verilog

if(exp_hash == pass_hash) begin**

verilog
verilog

pass_check = 1'b0;** end state_d = Idle; end else begin ``` state_d = PassChkValid; end end ...

However, in the given vulnerable part of the code, the JTAG module has not defined a limitation for several continuous wrong password attempts. This omission poses a significant security risk, allowing attackers to carry out brute-force attacks without restrictions.
Without a limitation on wrong password attempts, an attacker can repeatedly guess different passwords until they gain unauthorized access to the JTAG module. This leads to various malicious activities, such as unauthorized read from or write to debug module interface.
To mitigate the mentioned vulnerability, developers need to implement a restriction on the number of consecutive incorrect password attempts allowed by the JTAG module, which can achieve by incorporating a mechanism that temporarily locks the module after a certain number of failed attempts.[REF-1353][REF-1354]
Code Example:
Good
Verilog
verilog


(miss_pass_check_cnt_q != 2'b11)**  )
begin
```
state_d = Write;
pass_mode = 1'b1;
end
...
end
...
PassChkValid: begin
if(hashValid) begin
if(exp_hash == pass_hash) begin
pass_check = 1'b1;
end else begin
pass_check = 1'b0;


verilog
The example code below is taken from the JTAG access control mechanism of the HACK@DAC'21 buggy OpenPiton SoC [REF-1364]. Access to JTAG allows users to access sensitive information in the system. Hence, access to JTAG is controlled using cryptographic authentication of the users. In this example (see the vulnerable code source), the password checker uses HMAC-SHA256 for authentication. It takes a 512-bit secret message from the user, hashes it using HMAC, and compares its output with the expected output to determine the authenticity of the user.
Code Example:
Bad
Verilog
...


logic [31-1:0] data_d,  data_q;
...


logic [512-1:0] pass_data;
...


verilog


pass_data = { {60{8'h00}}, data_d};**
state_d = PassChk;
pass_mode = 1'b0;
...
end
...
The vulnerable code shows an incorrect implementation of the HMAC authentication where it only uses the least significant 32 bits of the secret message for the authentication (the remaining 480 bits are hard coded as zeros). As a result, the system is susceptible to brute-force attacks on the access control mechanism of JTAG, where the attacker only needs to determine 32 bits of the secret message instead of 512 bits.
To mitigate this issue, remove the zero padding and use all 512 bits of the secret message for HMAC authentication [REF-1365].
Code Example:
Good
Verilog
...


logic [512-1:0] data_d,  data_q;
...
logic [512-1:0] pass_data;
...


verilog


pass_data = data_d;**
state_d = PassChk;
pass_mode = 1'b0;
...
end
...
  
Observed Examples 1
CVE-2019-18827chain: JTAG interface is not disabled (On-Chip Debug and Test Interface With Improper Access Control) during ROM code execution, introducing a race condition (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')) to extract encryption keys
  
References 10
Attacks and Defenses for JTAG
Kurt Rosenfeld and Ramesh Karri
02-2010
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671
ID: REF-1037
Exploiting JTAG and Its Mitigation in IOT: A Survey
Gopal Vishwakarma and Wonjun Lee
03-12-2018
https://www.mdpi.com/1999-5903/10/12/121/pdf(2023-04-07)
ID: REF-1043
JTAG Explained (finally!): Why "IoT", Software Security Engineers, and Manufacturers Should Care
Gopal Vishwakarma and Wonjun Lee
https://www.mdpi.com/1999-5903/10/12/121/pdf(2023-04-07)
ID: REF-1084
Design for Testability & Design for Debug
Bob Molyneaux, Mark McDermott, and Anil Sabbavarapu
https://web.archive.org/web/20180412225956/http://users.ece.utexas.edu/~mcdermot/vlsi-2/Lecture_17.pdf(2025-08-04)
ID: REF-1085
dmi_jtag.sv
Florian Zaruba
2021
https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L192:L204(2023-09-18)
ID: REF-1355
Fix CWE-1191 in dmi_jtag.sv
Florian Zaruba
2021
https://github.com/HACK-EVENT/hackatdac21/blob/58f984d492fdb0369c82ef10fcbbaa4b9850f9fb/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L200(2023-09-18)
ID: REF-1354
Fix CWE-1191 in dmi_jtag.sv
Florian Zaruba
2021
https://github.com/HACK-EVENT/hackatdac21/blob/58f984d492fdb0369c82ef10fcbbaa4b9850f9fb/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L131(2023-09-18)
ID: REF-1353
dmi_jtag.sv
Florian Zaruba
2021
https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L118:L204(2023-09-18)
ID: REF-1352
dmi_jtag.sv
2021
https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82(2023-07-15)
ID: REF-1364
fix cwe_1205 in dmi_jtag.sv
2021
https://github.com/HACK-EVENT/hackatdac21/blob/c4f4b832218b50c406dbf9f425d3b654117c1355/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L158(2023-07-22)
ID: REF-1365
 
  
    
 
 
Applicable Platforms 
 
 
 
 
 
Languages:
 
 
 Not Language-Specific : Undetermined 
 
 
Technologies:
 
 
 Not Technology-Specific : Undetermined 
 
 
 
  
 
 
Modes of Introduction 
 
 
 
 
 
  Architecture and Design  
 
  Implementation  
 
 
 
  
Related Attack Patterns 
        
 
 
Related Weaknesses 
 
 
 
 
  ChildOf:
 Improper Access Control (CWE-284) 
 
 
 
   
Notes 
RelationshipOn-Chip Debug and Test Interface With Improper Access Control and Internal Asset Exposed to Unsafe Debug Access Level or State both involve physical debug access, but the weaknesses are different. On-Chip Debug and Test Interface With Improper Access Control is effectively about missing authorization for a debug interface, i.e. JTAG. Internal Asset Exposed to Unsafe Debug Access Level or State is about providing internal assets with the wrong debug access level, exposing the asset to untrusted debug agents.