This course focuses on practical learning of computer hardware security using a hands-on approach. Students will perform a set of well-designed experiments on a custom-designed hardware platform, called HaHa, to understand innards of a computer system and ethically “hack” into it at different levels. They will examine it to understand security vulnerabilities, mount attacks, and implement various countermeasures to protect against specific attacks on hardware. The attacks the course covers are diverse in nature spanning various hardware components and life-cycle stages – they include reverse-engineering, counterfeiting/cloning, side-channel, fault-injection, and physical tampering (e.g., hardware Trojan, mod-chip) attacks.
The custom-designed hardware platform is called Hardware Hacking board (HaHa). It is an experimental development board for teaching and learning on diverse aspects of hardware security. The board currently has the capacity to support over a dozen experiments (provided below) that recreate different types of hardware security fundamentals, attacks, and countermeasures used in their defense for learning all major aspects of hardware security. Some versions of the HaHa board can be fabricated using the design files publicly available through this website (as well as the Hands-on Hardware Security Book website) or can be acquired from third-party vendors.
The HaHa board and 19 experiments (including Experiment 0) designed to run on it have been developed by Prof. Swarup Bhunia with help of his students and collaborators, at the Electrical and Computer Engineering Department of University of Florida, where the Hands-on Hardware Security course is being offered each fall for past five years.
The experiments can be run on the HaHa board by connecting it to a computer and without need of any additional benchtop electrical measurement unit. Hence, this course is suitable for online learning since it does not require access to a physical lab. Note that few experiments, however, (e.g., Experiment 9) require access to a USB Oscilloscope, such as Analog Discovery 2. Instructors are welcome to choose any subset of these experiments into their offered course depending on course duration and other factors.
- GOWIN GW1N-9 (GW1N-UV9LQ144C6/I5 ver. C) FPGA
- Atmel ATxmega16A4U Microcontroller
- Software Installation Instructions for Windows
- Software Installation Instructions for Linux
- GOWIN FPGA Guide
- Xmega Microcontroller Guide
- Frequently Asked Questions (FAQs)
- Helpful Codes
- Ubuntu Helpful Codes (for running FPGA/microcontroller programming softwares)
- Gowin Pin Assignments
- Ubuntu OVA File (for software experiments)
- Password: pass123!
- Experiment 0: Learning the HaHa Platform (Suggested Duration: One Week)
- Experiment 1: Buffer Overflow (Suggested Duration: One Week)
- Experiment 2: Information Security: Encryption/Decryption (Suggested Duration: One Week)
- Experiment 3: Bus Snooping Attacks (Suggested Duration: One Week)
- Experiments 4 and 5: Hardware Trojan Attacks (Suggested Duration: Two Weeks)
- Experiment 6: Reverse Engineering Attacks (Suggested Duration: One to Two Weeks)
- Experiment 7: Hardware-Based Security Primitives (PUFs and TRNGs) (Suggested Duration: Two To Three Weeks)
- Experiment 8: Modchip Attacks (Suggested Duration: One Week)
- Experiment 9: Side Channel (Power) Attacks (Suggested Duration: Two Weeks)
- Experiment 10: Fault Injection Attacks (Suggested Duration: One Week)
- Experiment 14: Hardware Obfuscation and Logic Locking (Suggested Duration: One Week)
- Experiment 16: Oracle-Based Attacks (Suggested Duration: Two Weeks)
- Experiment 17: Scan Chain Protection (Suggested Duration: Two Weeks)
- Experiment 18: Hardware Watermarking (Suggested Duration: Two Weeks)
Developers and Contributors:
- Reiner Dizon-Paradis
- Dr. Shuo Yang
- Pravin Gaikwad
- Christopher Vega
- Miles F Mulet
- Dr. Yier Jin
- Dr. Swarup Bhunia
The development of the HaHa educational platform and the Hands-on Hardware Security experiments was supported in part by National Science Foundation (NSF) through grants 1603480 – TUES:Type1:Collaborative: An Integrative Hands-on Approach to Security Education for Undergraduate Students, and 1623310 – Collaborative: HACE Lab: An Online Hardware Security Attack and Countermeasure Evaluation Lab.
We expect the instructors, students, and practitioners using the materials provided in this page will appropriately acknowledge the developers, contributors, and sponsors.
The course materials are made available here for educational purposes and users need to follow academic fair use policy.
Video Demo of Experiment 3 (Bus Snooping Attacks)
By: Lakshmikavya Kalyanam, University of South Florida
Video Demo of Experiment 4 (Hardware Trojan Attacks I)
By: Luke Morreale and Bardia Nadimi, University of South Florida
Video Demo of Experiment 8 (Modchip Attacks)
By: Mateus Augusto Fernandes Amador and Samir Ahmed Ona, University of South Florida