Lab 1 - Hardware Trojan Design in AES Crypto-System

Part 1 | Part 2 | Part 3

Part 1: Set up the whole AES crypto-system

Due to the size of the crypto-system, this lab can only be performed on FPGAs with more than 250K gates. However, all the BASYS and BASYS-2 boards we have in ENGR 1 - 257 are equipped with Spartan 3E 100K. As a result, the class will distribute BASYS-2 250K FPGA board to each group so that you can practice at home or wherever.

As a reference, the following setup process is perform on a Spartan3E-Starter board. (note that the crypto-system fits better in the BASYS-2 board because the Starter board only has 4 button and 4 switches while the BASYS-2 has 4 buttons and 8 switches). Now comes the question, since the BASYS-2 board works better for the lab, why do you post the tutorial on the Starter board?

Note: Xilinx starts to migrate to the Vivado platform and tries to use Artix FPGA chips to replace the traditional Spartan FPGA chips. Therefore, in our lab, we also prepared the Basys-3 board equipped with Artix-7 chip. A new tutorial for Lab #1 on Basys-3 board can be found at BASYS-3 Guide. The updated source files can then be downloaded from Source Files.

Step 1. Install the ISE 11.1 (try to install version 11.1 but other versions should also work. Avoid the version 14 and later). You can download the ISE tool from the Xilinx website. Please use the Webpack free license during your installation.

Step 2. Open the ISE Navigator, choose the option “New Project…” to open the wizard for new project.

Step 3. Choose the project location and type in the name for your new project. For example, the name I give here is ‘alpha_demo’ under the ‘Projects’ folder.


Step 4. Choose the FPGA type for your experimentation. Note that we are using the Digilent Spartan 3E Starter Kit in this case so the chip selection will be the same as shown in the following figure. You may need to adjust the information here if you try to use other FPGA boards. ALERT: if you use other types of FPGA boards, you need to go through all steps in the tutorial again. For example, if you are using BASYS-2, you would choose Spartan 3E, XC3S250E, xxxxx, -4.



Step 5. Click "Next" until you get the project summary which looks similar to the following figure. You will add resources later.



Step 6. Adding srouce files. Click "Project"->"Add Copy of Srouce" from the Navigator panel.



Step 7. Go to 'alpha_staging' folder (you can get this folder by extracting the alpha-src.tgz.gz file. The source file can be download here). The extracted files are also available online for reviewing purpose. Select all files in the folders except the files with name "fifo_buffer", "logorom", "textram", "fontrom", "MainBasys.ucf". You will generate these files later.



Step 8. After you add selected files, an "Adding Srouce Files..." window will show up. There should be no error messages, otherwise, please ask your colleagues for help.



Step 9. You Navigator panel will show all the added files. Some missing files are marked by question mark. We need to generate these files (note that the missing files are all momery style files, ROM, RAM, FIFO, etc.).



Step 10. Right click the 'fifo_buffer' and select 'New Source...'. A new window will pop up. Select the "IP (CORE ...)" and give name 'fifo_buffer' as following.



Step 11. From the "Memories & Storage Elements" list, choose the 'Fifo Generator' for our fifo_buffer file.



Step 12. Follow the guide below (next 6 figures) to configure the require FIFO file. Use the options showed below. On the final page, click the 'Generate' button to generate all your files.



Step 13. After you generate the file, a "IP successfully created" message will be shown in the Console at the bottom of the Navigator Panel. And the fifo_buffer file will also be listed in the Design window.



Step 14. Before you generate other ROM/RAM files, please go to the alpha_staging folder again and copy "fontrom.coe" and "logorom.coe" files to your own project folder (the location of your own project folder is listed in the Step 3.



Step 15. Similar to fifo_buffer, you can generate 'fontrom' file by right click the 'fontrom' file and select "Add New Source...".



Step 16. This time, select the "Block Memory Generator" for fontrom.



Step 17. Follow the steps below to configure the fontrom.



Step 18. Similar steps for 'logorom' file.



Step 19. Also for 'textram'.



Step 20. Before going further to synthesize your whole project, please open the alphatop.v file by double click the file in the Design window. Modify the files as showed below (modify the if block to make it the same as showed in the figure). And then save the file for next step. (Ignore this step if you are using BASYS-2 board).



Step 21. UCF file. Before you can synthesize and generate bit file for the project, you need to add a UCF file for the project.

UCF file for Starter Board HERE. (The link is fixed.)

UCF file for BASYS-2 Board HERE. (The link is fixed also.)

Contact me if you are using other kinds of FPGA boards.


Step 22. You can synthesize and generate bit file for the project now. Double click the "Synthesis - XST" to run design compilation. If no errors are found, you can then double click the "Implement Design". And then "Generate Programming File".



Step 23. Now you can connect your FPGA board to your computer. For the Spartan 3E Starter Kit, you need to connect the power cable and the USB cable for programming. You also need to connect the RS232 Serial port (for RS232 communication with you computer), VGA port (for the monitor), PS/2 (for the key board). After you connect your board to your computer, you can open the iMPACT window highlighted in the following figure.



Step 24. In the iMPACT window, select the 'Boundary Scan' option. Right click in the main window to the right, choose the Initialization option. You can see three device in the main window if you connection is correct. Click cancel for all popping up dialog windows. Use Adept software from Digilent if you are using BASYS-2 Board. Also ignore the step 25 and step 26.



Step 25. Right click the xc3c500e chip and choose "Set new configuration file..." and choose the 'alphatop.bit' file from your project folder. Right click the sc3c500e chip again and select "program...".



Step 26. You should get the "Program Succeeded" information after the program process.



Step 27. Now comes to the on-board testing. The connected FPGA board should looks like this. For BASYS2 users, please check the Alpha Guide for the settings of the Alpha system.


And your monitor should show the big alpha as the welcome screen.


The four bottons on the bottom left control the opeation of the system. The East button will initialize the whole system to show the big Alpha. The South button put the system into working mode, wating for your input from the keyboard. The West button will start the encryption and the North button will transmit the encrypted data to your comuter through RS232.


Step 28. Check the results. Install a RS-232 client on your computer. Here I use the RS-232 Monitor for example (it is not free, so please try to find a free version of it or you can use the one recommended by Mr. Brandon Frazer). When you click the North button, the encrypted data will be transmitted to your computer. You can check the correctness of the data using plaintext 'hardwaresecurity' for example. With the default key 'fb7915bdf1e5c8b84bb718dd34d733a5' (in HEX), the plaintext '68617264776172657365637572697479' ('hardwaresecurity' in HEX), and all switches are off, you should get 'DDE851828ED0D5D5C1C0F75C8137815B' after '00'. The '00' means the HEX value of the 8 switches. If you take a look at the source code in the ‘alphatop.v’, it lists

wire [127:0] master_key = 128'hfb7915bdf1e5c8b84bb718dd34d733a5;
wire [127:0] key_in={(key_select_reg[7:0] ^ master_key[127:120]),master_key[119:8],(key_select_reg[7:0] & master_key[7:0])};

                which means the actual key (key_in) is a modified version of the master_key. The most significant 8 bits of the key is XORed with the 8 switches  while the least significant 8 bits of the key is ANDed with the 8 switches. When all 8 switches are switched off, the key_in= fb7915bdf1e5c8b84bb718dd34d73300. You may also check the correction of the AES encryption/decryption by using the EXE file AESDecrypt.exe and AESEncrypt.exe. These two files already take the key adjustment into consideration. For example, if you use the AESEncyrpt.exe to check your encryption/decryption results, you should run the command in the format as the following. The two hex-digit [key number] indicates the switch settings. And you will use 0 or 1 of the [hex_or_ascii] option for the hex input or ascii input as the plaintext.

> AESEncrypt.exe [hex_or_ascii] [key number]

> AESDecrypt.exe [key number]

You may also find a lot of webpages which can do AES encryption/decryption online such as But be cautious when you put the encryption/decryption key to make sure the key reflects your 8 switches settings.

From Brandon Frazer: "Here is the free Terminal Software. The download is under the “Diagnostics, Utilities, and MIBs section.” An added bonus to using this is since most people use the XBEE Zigbee wireless modules during senior design, this is the software you use to configure those as well. One note about it is that you need to have the FPGA or whatever plugged in before you open the XCTU software for it to recognize the com port. If need be, I can show anyone or the class how to use it. It only takes about 10 minutes to get familiar with it once you know how the interface works. " (I haven't tested the tool but you are welcome to test it).