Security

Discuss the generic proposals for SJTAG
User avatar
Tim Pender
SJTAG Member
Posts: 19
Joined: Wed Mar 12, 2008 9:21 pm
Location: Eastman Kodak, Rochester, NY

Security

Post by Tim Pender »

Security
In some cases providing all native programming files with the product makes it vulnerble to IP thieves or malicious hackers.

Does any application data include customer proprietary data that needs to be safeguarded?
User avatar
Ian McIntosh
SJTAG Chair
Posts: 504
Joined: Mon Nov 05, 2007 11:49 pm
Location: Leonardo, UK

Post by Ian McIntosh »

I'm sure this will be an issue in some cases.

I've stated elsewhere that I do not believe that any significant IP is exposed by the netlist information for a design - the real IP is in the programming, as you suggest.

I guess part of the answer depends on the relationship between the OEM part vendor and the system integrator. If the vendor wants to be very protective, then I expect the only outcome will be that the vendor will not permit updates to those elements by third parties.

As for IP theft, that could be a tricky issue: Most device vendor tools will happily detect the devices in a chain (obviating the need for any design information for the board) and allow a readback of the configuration. Reverse engineering the resultant data may not be trivial though. While some devices have "code protect" features to stop a readback, this isn't really possible with things like Flash memory. Data encryption is obviously possible but unless the the decryption is performed purely in hardware (e.g. per the now dated Data Encryption Standard) then the means to decode the data will be some part of the board's programming making it accessible to the determined "hacker".

Perhaps oddly, genuinely "secret" data (as may be used in military products) is probably less of a concern due to the controlled environments of use.