Detection of IJTAG attacks using LDPC-based feature reduction and machine learning

IEEE 1687 standard (IJTAG), as an extension to the IEEE 1149.1, facilitates efficient access to embedded instruments by supporting reconfigurable scan networks. Specifically, IJTAG allows each IP to be wrapped by a test data register (TDR) whose access is controlled by a segment insertion bit (SIB) or a scan-mux control bit (SCB). Because the TDRs and the SIB/SCB network are typically not public, but critical for accessing embedded instruments, they might be used for illegitimate purposes, such as dumping credential data and reverse engineering IP design. Machine learning has been proposed to detect such attacks, but the large number of instruments and parallel execution enabled by the IJTAG produce high-dimensional data, which poses a challenge to on-chip detection. In this paper, we propose to reduce the high-dimensional but sparse data using a low-density parity-check (LDPC) matrix. Experiments using a modified version of the OpenSPARC T2 to include IJTAG functionality demonstrate that the use of feature reduction eliminates 91% of the features, leading to 43% reduction in circuit size without affecting detection accuracy. Also, the on-chip detector adds moderate overhead (∼ 8%) to the IJTAG.