IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v10y2018i12p121-d187439.html
   My bibliography  Save this article

Exploiting JTAG and Its Mitigation in IOT: A Survey

Author

Listed:
  • Gopal Vishwakarma

    (Department of Electrical and Computer Engineering, University of Texas at San Antonio, San Antonio, TX 78249, USA)

  • Wonjun Lee

    (Department of Electrical and Computer Engineering, University of Texas at San Antonio, San Antonio, TX 78249, USA)

Abstract

Nowadays, companies are heavily investing in the development of “Internet of Things(IoT)” products. These companies usually and obviously hunt for lucrative business models. Currently, each person owns at least 3–4 devices (such as mobiles, personal computers, Google Assistant, Alexa, etc.) that are connected to the Internet 24/7. However, in the future, there might be hundreds of devices that will be constantly online behind each person, keeping track of body health, banking transactions, status of personal devices, etc. to make one’s life more efficient and streamlined. Thus, it is very crucial that each device should be highly secure since one’s life will become dependent on these devices. However, the current security of IoT devices is mainly focused on resiliency of device. In addition, less complex node devices are easily accessible to the public resulting in higher vulnerability. JTAG is an IEEE standard that has been defined to test proper mounting of components on PCBs (printed circuit boards) and has been extensively used by PCB manufacturers to date. This JTAG interface can be used as a backdoor entry to access and exploit devices, also defined as a physical attack. This attack can be used to make products malfunction, modify data, or, in the worst case, stop working. This paper reviews previous successful JTAG exploitations of well-known devices operating online and also reviews some proposed possible solutions to see how they can affect IoT products in a broader sense.

Suggested Citation

  • Gopal Vishwakarma & Wonjun Lee, 2018. "Exploiting JTAG and Its Mitigation in IOT: A Survey," Future Internet, MDPI, vol. 10(12), pages 1-18, December.
  • Handle: RePEc:gam:jftint:v:10:y:2018:i:12:p:121-:d:187439
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/10/12/121/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/10/12/121/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Basnight, Zachry & Butts, Jonathan & Lopez, Juan & Dube, Thomas, 2013. "Firmware modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 76-84.
    2. Schuett, Carl & Butts, Jonathan & Dunlap, Stephen, 2014. "An evaluation of modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(1), pages 61-68.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    2. SICARD, Franck & ZAMAI, Éric & FLAUS, Jean-Marie, 2019. "An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 584-603.
    3. Yadav, Geeta & Paul, Kolin, 2021. "Architecture and security of SCADA systems: A review," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    4. Safari, Mohammad & Parvinnia, Elham & Haddad, Alireza Keshavarz, 2021. "Industrial intrusion detection based on the behavior of rotating machine," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    5. Zhu, Ruijin & Zhang, Baofeng & Mao, Junjie & Zhang, Quanxin & Tan, Yu-an, 2017. "A methodology for determining the image base of ARM-based industrial control system firmware," International Journal of Critical Infrastructure Protection, Elsevier, vol. 16(C), pages 26-35.
    6. adepu, Sridhar & Mathur, Aditya, 2021. "SafeCI: Avoiding process anomalies in critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    7. Schuett, Carl & Butts, Jonathan & Dunlap, Stephen, 2014. "An evaluation of modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(1), pages 61-68.
    8. Krotofil, Marina & Cárdenas, Alvaro & Larsen, Jason & Gollmann, Dieter, 2014. "Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(4), pages 213-232.
    9. Barry C. Ezell & R. Michael Robinson & Peter Foytik & Craig Jordan & David Flanagan, 2013. "Cyber risk to transportation, industrial control systems, and traffic signal controllers," Environment Systems and Decisions, Springer, vol. 33(4), pages 508-516, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:10:y:2018:i:12:p:121-:d:187439. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.