Abstract:
Embedded devices represents the most widespread form of computing device in the world.
Almost every consumer product manufactured in the last decades contains an embedded system,
e.g., refrigerators, smart bulbs, activity trackers, smart watches and washing machines. This
computing devices are also used in safety and security-critical systems, e.g., autonomous driving
cars, cryptographic tokens, avionics, alarm systems. Often, manufacturers do not take much
into consideration the attack surface offered by low level interfaces such as JTAG. In the last
decade, JTAG port has been used by the research community to show a number of attacks and
reverse engineering techniques. Therefore, finding and identifying the JTAG port of a device or
a de-soldered integrated circuit (IC) can be the first step required for performing a successful
attack. In this work we analyse the design of JTAG port and develop methods and algorithms
aimed at searching the JTAG port. Specifically we will cover the following arguments: i) an
introduction to the problem and related attacks; ii) a general description of the JTAG port and
his functions; iii) the analysis of the problem and the naive solution; iv) an efficient algorithm
based on 4-state GPIO; v) a randomized algorithm using the 4-states GPIO; vi) an overview
on the problem and search methods used in PCBs; vii) the conclusions and the suggestions for
a proficient use.
