Title |
A Study on Hacking Vulnerability for Commercial MCUs using JTAG Signal Analysis |
Authors |
이건하(Kunha Lee) ; 공원배(Wonbae Kong) ; 정혜민(Hyemin Jung) ; 전지원(Jiwon Chun) ; 김동규(Dong Kyue Kim) |
DOI |
https://doi.org/10.5573/ieie.2021.58.12.19 |
Keywords |
JTAG; Secure JTAG; MCU; ARM; Debug; Signal analysis |
Abstract |
Rapid development of IoT and communication technologies after the 4th industrial revolution, increased demand for smartphones and embedded devices. IoT devices and smartphones often use JTAG for system debugging, but some attacks exploit JTAG vulnerabilities such as forensics to obtain data in the system's internal memory. To prevent JTAG attacks, major vendors who manufacture systems suggested secure JTAG and protection mode as security methods. This paper proposes a method to analyze an authentication protocol using JTAG signal analysis and shows unauthorized users can be authenticated As a result, we could find the authentication protocol and the secret key value used for authentication in STMicro MCUs, one of the major vendors. In addition, we have shown that an unauthorized user can modify the memory protection privileges by revaluing the control register. Through this, we notify the hacking vulnerability of MCUs using a simple authentication protocol that repeatedly uses the same key and JTAG communication that does not consider communication interception. |