Professional Documents
Culture Documents
SYSTEM
A Project
MASTER OF SCIENCE
in
by
FALL
2017
STUDY AND IMPLEMENTATION OF HARDWARE SECURITY FOR SINGLE
SYSTEM
A Project
by
Approved by:
____________________________
Date
ii
Student: Parth Rajnikant Gandhi
Muhammad Adnan Sarwar
I certify that these students have met the requirements for format contained in the
University format manual, and that this project is suitable for shelving in the Library and
iii
Abstract
of
SYSTEM
by
transaction, business deals and even meetings in different country or continent by sitting
in the comforts of his office elsewhere. As the growth of the communication increases,
The data is always stored in a hardware no matter what application is under use.
iv
In this project, we have demonstrated the method for securing the hardware using
Standard (AES). AES , also known as Rijndael , was established by the National Institute
of Standards and Technology (NIST) – USA in 2001 for protecting electronic data. AES
is used to encrypt or decrypt a block size of 128 bits using a symmetric key of 128 or 192
algorithm was modeled using Verilog hardware description language. Further, the design
was validated and synthesized. The testbench was developed for verifying the design
using Verilog HDL and Code Coverage was used to check whether the test cases
implemented were able to test the RTL thoroughly or not. Synopsys VCS and Design
Vision tool were used for the verification and synthesis of the RTL respectively.
it was implemented in C program. We have used the same test cases and ran down the C
_______________________
Date
v
ACKNOWLEDGEMENTS
The crucial and most important thing for a project to conclude successfully is
vision and support. We would like to thank Dr. Suresh Vadhva and Prof. Russ Tatro for
defining the project and providing us the guidance to conclude the project successfully.
There guidance and supervision throughout the project have been magnificent. We would
also like to thank Dr. Suresh Vadhva for supporting us unconventionally when we were
struggling during the initial phase of the project. We would also like to thank Dr. Suresh
Vadhva and Prof. Russ Tatro for reviewing our work and proofreading the report.
We would also like to extend our gratitude to Dr. Preetham Kumar, graduate
coordinator of the Electrical and Electronic Engineering Department, for his cooperation,
and support. Further, we are thankful to all faculty members of Electrical and Electronic
Engineering Department for nurturing our skills set and helping us in accomplishing our
Finally, we would like to thank our parents who were by our side us in all phases
of life whether it was good or bad. They supported, motivated and showed faith in us
vi
TABLE OF CONTENTS
Page
Acknowledgements……………………………………………………………….………vi
List of Tables……………………………………………………………………..............xi
List of Figures…………………………………………………………………………....xii
Chapter
1. INTRODUCTION ......................................................................................................... 1
vii
2.4 What is Hardware Security? ............................................................................. 6
5. SYNTHESIS ................................................................................................................ 86
x
LIST OF TABLES
Table Page
xi
LIST OF FIGURES
Figures Page
Figure 15 : Simulation Results – Showing write and read of 128 bit data ....................... 70
xiii
1
Chapter 1
Introduction
Today, we are living in the computer era where everything is getting digitized. Fund
transfer, trading of goods, information exchange so on and so forth, everything has been
digitalized. All these information are exchange through the network and stored on the
server or any other relevant storage device. These hardware/database may contain tons of
sensitive information related right from any firm’s confidential documents (such as trade
secrets) to personal documents of any individual (such as SSN). Considering the nature of
the information stored on the hardware, the need to secure them was developed.
Cryptography is the ancient technique which was used to secure the information
from going into hands of an unauthorized person. As the time progressed, the various
(operating system) of that particular device. The security provided by the software can be
degradation is a visible problem with this kind of encryption. On the other side, hardware
There are numerous techniques available for encrypting the data to protect it from
intruders such as RC4, DES, 3DES, and AES which are the few names among them.
Thus, for the demonstration of encryption in this project, we proposed to use Advance
and other hardware device. The hardware implementation of AES algorithm involves
modeling the algorithm in Verilog HDL (hardware description language), validating and
synthesizing it.
The hardware model is completely verified using a test bench in Verilog. The
validation process continues until the model is verified for an acceptable Code Coverage.
The hardware model is also validated against an C code of the algorithm. The verified
model is later synthesized to get an estimate of the number of gates, area and timing of
The rest of the report is organized into six Chapters. Chapter 2 covers an overview
chapter, different steps which are involved in the AES encryption process are introduced.
It also describes the design and modeling of the hardware implementation of the AES 128
bit encryption algorithm by explaining the modules used in the design hierarchy and their
interconnections.
Chapter 4 covers the verification of the RTL for the AES algorithm. In this chapter,
a test bench is developed which fully validates the design. The test bench fetches input
test vectors from the text file and validates its functionality. Further, Code Coverage is
ran through the test bench to ensure every block of design is checked by the test vectors.
This chapter also covers the software implementation of the AES 128 bit algorithm in
Chapter 5 covers the synthesis of the hardware model. In this chapter, the synthesis
result, including the timing and area of the netlist comes are described which is obtained
Chapter 2
security. It provides the protection to computer system against theft, as well as protecting
providing protection against damages that could happen via network accessing , data or
code injection. Information technology (IT) security is susceptible to being tricked into a
by chance.
The purpose of physical attack is to obtain sensitive and important information from
In logical attacks, attackers can access unauthorized privileges and theft. The data
perspective of the software structure of an operating system (OS) but not limited to the
operating system. These logical attacks are established with the help of malicious codes
such as worms, viruses and Trojans; which provide illegal privileges to the special types
However, data could be corrupt or unrecoverable and makes the system unusable through
a malicious program or a hacker. The read and write access to data can be secure through
software-only computer security. Security tokens may be higher protected for the
physical access needed in order to get conceded. Access is authorized only when the
token is joined and inserted by the accurate recognition number. Anyone who has a
physical approach can use dongles. Advanced technologies in hardware based security
resolve this problem by providing full evidence security for data. [2]
design. The hardware layer of embedded systems disclosed are directly to physical
7
attacks in case of a secured software layer exists there. By using physical ways these
the formation of these physical attacks is very hard to apply, particularly tamper-
Embedded system’s security services are same as other computer systems. Their aim
is to prevent acute data and resources from various types of attacks and threats. In
embedded systems there are four key security objectives that are to be contained, they are
as follows [5]:
• Availability: make sure that the coveted system’s services are to be availed at any time
they are required, in despite of the existence of attacks. In embedded system’s presence
of mechanism look for contend defense of service and energy famishment attacks, as
communicating parties. i.e., not anyone excepting the legal parties should know the
system entity.
damages, by assuring that these modifications to data can be found out. [5].
In embedded system the sensitive application fields usually need them to give
entities. Although supportive security services are directed to different design challenges
and unique characteristics of embedded systems and its particular application requisites,
established design issue. These factors provide direction to the design of security and
The restricted processing and memory space of embedded systems conceive are
impossible for their architectonics to hold on with the constantly growing complications
of security mechanisms and expanding data rates provided by the latest communication
networks. This problem is too observed in systems that required greater data rates to
process network routers, or low-end systems outfitted with deficient processing and
memory means.
Therefore, the objective is to reduce the processing efficiency gap through the
appropriate basic security primes and cryptographic algorithms can help to allow
10
system. [5]
Power expenses accomplishments are the biggest challenging design aspects that
systems. This aspect needs to be examined autonomous from further hardware constraints
implicates because it can directly influence the whole system’s life span. Although
includes a wide range of messages over and calculations that encourage greater utilization
system’s processors and throughout the major system and data encryption or decryption
stages. The usage of energy can be affected by the size expansion of the transmitted
greater volume of data after its encryption. At the end, the usage of preventing
communication must indicate the transfer of data within various periods, at this site all
of them needed further transmissions of data for verification or confirmation and major
establishment phases; this reality will greatly help in depleting the capacity of battery .
needed. This aim could be attained through several methods. The visible one contains
11
this is not apparent enough to become aware forever, and generally includes expenses in
the mode of enhancing the silicon area or greater complicated software. The second
proficient by conceding them to change their works and to select the perfect composite of
their essential building blocks, and rely upon the operator or working environment. This
act of adapting must be directed through numerous principles that become aware of the
perfect trade-off among the authorized security process and the accessible means of
energy. [5]
consuming. These latest or fresh attack flows have been significantly prompted through
the nearby physical combination of embedded systems as well as their environment that
creates them, more susceptive to meddling. Furthermore, the usage of frail protected
12
wireless communication medium through a high polarity of embedded devices and latest
communication models utilized in embedded networks that familiarizes more attacks. [5]
13
Chapter 3
3.1 Overview
National Institute of Standards and Technology in 2001 [7]. Throughout this chapter, the
Standard (AES) is explained in depth. Further, the hardware implementation of AES -128
bits using Verilog is discussed. The RTL design modeled in Verilog HDL is developed
3.2 Introduction
encoded text which are known as cipher text. For example PARTH (original data) after
cryptography. Symmetric Key cryptography is the one in which there is only one key for
encryption and decryption to get back the original data. This symmetric key cryptography
is further classified as block cipher and stream cipher. Block Cipher is the one in which
the encryption key is implemented on the block of data. AES is one of the block cipher
14
which uses the symmetric key cryptography. Stream Cipher is the one in which the
encryption key is implemented bit by bit on the data. Asymmetric key cryptography is the
one in which keys for encryption and decryption of the data is different. This means it
uses one key for encryption and another key for decryption. [8]
The Advanced Encryption Standard (AES) which is also known as Rijndael is the
Technology (NIST), USA in 2001. AES was developed by two Belgian cryptographers
namely Joan Daemen and Vincent Rijmen. Rijndael consist of multiple ciphers with
different key and block sizes. Thus AES is a subset of Rijndael consisting of specific data
and key size. The need for AES was developed because DES (Data Encryption Standard)
encryption algorithm was cracked in 1997 and hence was not considered as safe
anymore.[7] [10]
AES operates on the block size of 128 bits and allows three different key lengths
such as 128,192 and 256 bits. For this project we have used key length of 128 bits. AES
is a iterative block algorithm where the encryption is completed by repeating the process
in various rounds. The number of rounds required to complete the encryption the process
depends on the size of key. The key length of 128 bits requires 10 rounds , 192 bits key
15
will needs 12 rounds and 256 bit key will need 14 rounds. Other than the last round of
In AES, the data block and key both are represented in the form of Matrix. These
b. The number of rows of matrixes (Nb) remain constant irrespective to the data/key
c. The number of columns for the data matrix (Ns) is dependent on block size which
is 128 bits for AES and hence remains constant which is equal to 4.
d. The number of columns for the key matrix (Nk) is dependent on key sizes which
In this project we are using block and key size of 128 bits. Thus, the entire data set
can be arranged in the form of 4x4 matrix [Refer Table 1]. Each element of this matrix is
of 1 byte. This matrix is called as state array. In this state array first four bytes of data
will be store in first column, next four bytes are stored in second column and so on and so
forth.
16
B0 B4 B8 B12
B1 B5 B9 B13
B2 B6 B10 B14
B3 B7 B11 B15
In AES, each column of the state array is called word .Each word consist of four
At every round of the encryption various processes takes place on input state
Each round consists four stages, including the encryption key itself.
1. Substitute bytes
2. Shift rows
3. Mix columns
In encryption, last step of each round consist of XOR operation between four words from
the key schedule and the output state array obtain after the third step i.e. Mix
Column.[12]
18
In decryption, the third step of each round consists of XOR operation between four words
from the key schedule and the output state array obtain after the second step i.e. Inverse
substitution bytes.[12]
In encryption, the last round does not consist of the Mix columns step. While in
decryption, the last round does not consist of Inverse mix columns step.[12]
Round keys used for each round of encryption and decryption are generated from
original key through Key Expansion Unit. This key expansion unit generates a multiple
round keys for transformation of input state array during each round. Detailed working of
The overall structure of Advance Encryption Standard (AES) algorithm with all
every byte of the input state array in isolation to generate a new byte value using an
S-Box is the look up table of 16x16 elements where the entries are constructed by a
transformations:[11][12]
21
1. First step is to find the multiplicative inverse in GF(2^8) which is based on the
2. Second step is to perform bit scrambling. This is done by applying the following
transformation to each and every bit bi of the corresponding byte stored in the S-
Thus , the overall transformation after second step, which is bit scrambling, can
For decryption, similar steps are performed but in reverse order. Firstly the bit
scrambling is done and later on the multiplicative inverse of the hex value is found. Bit
The 16x16 S- Box table generated by the above algorithm can is shown in Table
Now for example if we have a hex value of 75 in input state array then it will be
replace the element at 7th row and 5th column of the S-Box.
24
The shift row transformation of state array is cyclical shift of bytes within the
For encryption, bytes are shifted towards left and it happens in the following order :
This process of shifting in during encryption is illustrated in the following figure (Fig.7).
For decryption, bytes are shifted towards right and it happens in the same order as the
This process of shifting in during decryption is illustrated in the following figure (Fig.8).
Note that the plain text or data which is coming in the AES unit is written
column-wise in State array. Thus, the first four bytes are written in the first column of the
state array, second four bytes are written in second column and so on and so forth. As a
result by shifting the rows in this way scrambles up the byte order of the input state array
36
Mix column transformation is performed on each and every column of the state
array independently with a help of a function. In this step each byte of the state array is
substituted by twice the first byte in addition with three times of the second byte plus
third byte and fourth byte. Thus, Mix Column along with Shift Row transformation
This steps involved in the Mix Column transformation for encryption can be
Similarly the Mix Column transformation for decryption can be expressed by the
following equation.[12]
38
The entire flow of the Mix column transformation looks as shown in the figure 9.
Add Round Key operation is the critical step where the encryption key comes to
picture. In this step of AES process the round key is applied to the input state with
Exclusive-Or operation. Round keys for this operation are generated by Rijndael’s key
In this step each word of input state array is XOR-ed with the corresponding word
of the round key. It is a basic bitwise operation between the two element of matrices. This
In this equation, the “round” ranges from 0 to 10 for AES 128 bit algorithm used
in this project. For the first round the round key will be same as key inserted. Later on,
the round keys will generated by the permutation and combination of the original
key.[11]
The Add Round key transformation can be illustrated by the following figure.
45
In this project we are using 128- bits of encryption key for AES algorithm. Now
this key is arranged in the form of 4x4 bytes matrix. Each word constitute of 4 bytes.
Now, the first word of the key is placed in the first column of the matrix , and so on. For
considering that each round will consume 4 words from the key scheduler. The Key
Expansion algorithm is used to generate new 128-bit key for each round from the original
128-bit encryption key through various permutation and combination [12].The entire
flow of the key scheduling process can be illustrated by the following figure.
The first four words of expansion key from the original cipher key. Thus , the
first four bytes of the key forms word 0 (W0) , the next four bytes form word 1 (W1) and
so on and so forth.[12]
Assume, the four words for the round key of the ith round as :
where i = round * Nb , Nb = 4
Thus, in order for these words to serve as the round keys, i should be multiple of
4 as evident from the equation above. Further, these words will serve as round key in the
(i/4)th round. Now, in order to determine the words for the next round we make use of the
words from previous round. This can be illustrated by the equations. [12]
From the above equation it is clear that expect the first word of the next round all
the other words can be formulate by simple XOR operation. This XOR operation will
take place between previous word of the current set and the corresponding word in the
Moving forward, the calculation of the first word for the new set involves
From the above equation, it is visible that the first word of the current set is
formulated by the XOR operation between the first word of the previous set and function
Further, the calculation of the function g( ) involves the following three steps:[12]
2. Substitute each and every byte of the word with the corresponding byte from
16x16 lookup table (i.e. S-Box). This step is similar to the step involved in
3. Perform XOR operation between the set of bytes obtain from step 2 with
rounding constants. Round constant is the word which padded by zero’s for the
Round Constant:
For the ith round, round constants can be denoted by RCON [i]. In this round
constant three of the least significant bytes have zero as the value. Thus , the round
constant word for ith round can be visualized as shown in the equation below.[12]
Note that the only non – zero byte in the round constant is RCi . RCi is the
Thus, the RCON [i] can be defined as [xi-1 0 0 0] where x is equal to 0x02
Hence, the values for RCi for the 10 rounds of encryption/ decryption process can be
i 0 1 2 3 4 5 6 7 8 9 10
xi 01 02 04 08 10 20 40 80 1b 36 6c
In the design top module we have instantiated all the sub-modules as described
earlier in this chapter. We have used bottom-up approach where we have developed all
the sub modules and thereafter integrated into the top module. We have create a module
called AES which included all the sub-modules for substitution of bytes, shifting of the
rows, mixing of the column and adding the round keys. Thereafter, we have also used a
FIFO as the storage device whose depth is 16*128 bits. The major role of FIFO is output
the data in the same as they were supplied to RTL. The entire block of RTL can be well
aes.v :
59
60
61
62
63
64
fifo.v :
65
Chapter 4
4.1 Overview
In this chapter, we have covered test infrastructure i.e. testbench for the Design
developed for AES – 128-bit encryption algorithm. The testbench has been developed
using Verilog HDL using Synopsys VCS tool. Further, we have validated the correctness
of the result for the test against C implementation of the algorithm. Moreover, to check
the strength of our test parameter, code coverage reports were generated.
4.2 Testbench
In this project, we have used Verilog HDL language to develop the test
infrastructure or testbench for verifying the design developed for AES – 128-bit
algorithm. Major components of the testbench which are been used in this project are:
3. Comparator
4. Monitor
66
In this testbench, we have generated randomized input test vector and stored into
a file called abc.txt. These test vectors are passed to design as well validation block
developed in the testbench. Thus, the data that was input to DUT is compared with data
that is given out by the design. If both these data are same i.e. if the input data which
were written into the validation block, as well as DUT, is same as data is given out by the
67
DUT after decryption then comparator won’t throw any error. Further, we have to
stimulate other inputs of the design along with generating the clock to supply the design.
Along with these randomize test cases, we also generated the manual test cases
which were stored in the file called input.txt. These cases were mainly developed to
improve coverage of test. We have used Synopsys VCS simulator for this project. In
This will compile entire DUT instantiated in the design. It will throw an error if
there are any illegal transaction or logical or syntax mistakes. After the successful
compilation of DUT and connecting the Test environment to the DUT, we can run the
simulation process. In order to run the simulation following command is been used.
In the simulation, the test parameters are passed to the DUT from the testbench
and result from DUT is compared with the input stream of 128-bit data. The simulation
result received from the VCS simulator is shown in the following figures.
Figure 15 : Simulation Results – Showing write and read of 128 bit data
71
4.3 Validation
In order to validate the encryption model, we have developed the C - model for
the AES encryption with the same specification. We did pass the same test cases in the C
- program and captured the simulation result. In this model, we had to define a static S-
box which was used for substitution of the bytes in the state array.
The GCC compiler was used to simulate the model. In order to compile the C-
main.c
74
75
aes.c
76
77
78
79
80
81
aes.h
82
Code coverage is mainly used to check whether the test cases used in the
testbench is able to pass through every line. Further, it evaluates the number of conditions
Thus, the entire report generated by the Synopsys VCS tool. In order to generate
These reports generated are in the HTML format. Thus, they can be accessed
improve coverage. Those test vectors were saved in the text file called "input.txt".
Thereafter, we ran both the set of inputs through the DUT and got the following code
coverage results.
85
Chapter 5
Synthesis
5.1 Overview
For many years, manual process was followed for logic verification by drawing
translate HDL into schematic manually also. Then synthesis tools has taken over this
objective to minimize the register transfer level code to the “gate-level netlist”. This
Synthesis starts with defining constraints for every block within the design. For
any particular block, all the constraints defined for any signal within design are
associated with the clock . In addition to this a library file also requires along with the
constraints specified. This file contains information such as temperature, volt, current and
other parameters related to the cell of the library which are used to form actual hardware.
[15]
Design compiler synthesizes the RTL code into structural level by using the
In this chapter, we illustrate how the Synopsys Design Compiler tool synthesize
To perform all the synthesis steps, A tickle (Tcl) script was devolved to
In the synthesis process the first step is to read all the components that needed to
be synthesized in hierarchical design. For DC the input design is written with the used of
hardware description language such as Verilog in the first step in synthesis. It was
necessary to consider data management design, design partitioning and HDL coding style
when writing a HDL code. These are directly affected the synthesis and the process of
optimization.
The second step is to specified the libraries. The design depends upon startup file
which is commonly called .synopsys_dc.setup for the design compiler tool keeping in
format. [15]
Library location specified by using complete path with file name. To locate the
library files, design compiler uses the search path that is defined in the search_ path.
Search path involves the current working directory. In our project search path was
defined as
89
Design compiler uses library files that begins with the leftmost directory defined
in the search_path and utilizing of first matching library that is identity’s with the use of
link library, target library, symbol library in the script. In our project “lsi_10k ” library
Target and link libraries are considered as technology libraries. These both
libraries specify the semiconductor vendors, set of cells and related information like
names of cell, names of cell pins, delay arcs, rules of design, pin loading and operating
conditions. [14]
During the use of graphical “front-end tool” and “design analyzer”, the symbol library
After specifies the libraries the RTL designs and gate-level netlist both read by
design compiler. HDL compiler is used by design compiler to read RTL designs. As
compare to HDL compiler the specialized netlist reader used the minimum memory space
Design compiler reads , analyze and elaborate the design from startup file by
following commands:
After the reading of design the design compiler needed design environment before
optimization. Design environment were defined by the following set of commands below:
The next step is setting the design constraints. To control design synthesis the
Design compiler used the rules of design and optimization for constraints. In vendor
technology library the design rules provides to make sure that product working as
91
intended and meeting the specifications. The design goals for area “maximum area”, and
timing “ clocks , input and output delays”. DC attempts to meet these goals and design
After set the design constraints the next step is to compile the design. To optimize
the design there are two basic compile strategies top-down and bottom-up strategy. Top-
down strategy compiles the designs of top-level and its sub designs together. settings of
constraints and environment are specified with respect to the top-level of design.
Moreover top-level strategy checks the dependencies of inter block automatically. [15]
92
Chapter 6
Conclusion
In the entire project, 128-bit algorithm was developed and verified for the AES
encryption standard using the Verilog HDL. To obtain accurate analysis of the reports
and functionality of the algorithm Synopsys tools such as VCS and Design Compiler tool
were used. After getting the output from RTL it was validated against the reference
The entire AES 128-bit algorithm proposed for encryption of the data was
the algorithm which was mainly byte substitution, shift rows, mix column, adding the
round keys, key expansion, and S-box. Designing a software-based algorithm to encrypt a
hardware was a difficult task. This algorithm has a good level of security as it breaks the
incoming data into several parts and applies the different combination of the key during
unit and decode the data with an appropriate key. We had to face several difficulties
while developing RTL for AES 128-bit. These challenges were like during synchronizing
98
all the units together we were losing the intermediate data, decryption issues and so on.
We observed the data streams and through various trails, we were able to eradicate the
issues successfully.
The RTL design was rigorously verified and validated using features of Verilog.
The test fixture utilizes randomized test cases generated using the $random function of
Verilog and its clock is generated using always block. The test bench was run through
Code Coverage to measure the extent of verification. The overall coverage achieved was
84.35%. A Verilog behavioral model was used to validate the design model against the
input test cases. This model is further validated against a software implementation of
Finally, we verified that the design is synthesizable using Synopsys Design Vision
tool . We generated the gate-level netlist for the RTL using LSI_10K technology library.
We generated timing, area and power reports. The results shows that the design can
operate at 50MHz frequency and zero slack was found at that frequency.
99
There are few aspects pertaining to this project that can be explored in future. The
design of the entire encryption and decryption unit can be made pipelined which may
result in better throughput and improve the timing of the design. Further, if the test
fixture was developed in System Verilog then we could have verified against functional
References
763-784, 2015
Nov-2017].
https://en.wikipedia.org/wiki/Cryptography#Modern_cryptography. [Accessed:
19-Nov-2017].
10. Artur Gielata, Pawel Russek, Kazimierz Wiatr, “AES hardware implementation in
On Signals And Electronic Systems Kraków, September 14-17, 2008, pp. 1–4
12. A. Kak, “Lecture 8: AES: The Advanced Encryption Standard,” in Lecture Notes
19-Nov-2017.
102
13. W. Stallings, “Chapter 5,” in Cryptography and network security principles and
http://beethoven.ee.ncku.edu.tw/testlab/course/VLSIdesign_course/course_96/To