# Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES

^{*}

## Abstract

**:**

## 1. Introduction

- This paper proposes the ID-based authentication scheme to mitigate the speed problem of the side-channel authentication scheme proposed in [1]. To demonstrate the advantage of the ID system for acceleration, the authentication speed and authentication accuracy are evaluated for the ID-based authentication system. We overview the technical choices for side-channel authentication schemes and compare their effectiveness based on both theoretical analysis and experiments based on field-programmable gate array (FPGA).
- This paper evaluates the error-rate of ID-based side channel authentication in a laboratory environment. The authentication accuracy is quantitatively estimated as the false acceptance rate and the false rejection rate. First, a quantitative discussion of the side-channel information is performed according to the number of distinguishable provers. The side-channel information of the provers is experimentally obtained from AES implementations on FPGA. The histograms for rejection and acceptance trials are both approximated to a normal distribution. Based on the principle that the false rejection rate and false acceptance rate are set to be equal, the parameters in the authentication can be determined. As a result, the authentication accuracy can be determined. This part of the contribution has been partially discussed by us in [4].
- In our evaluation, both a non-profiling leakage model and a profiling leakage model are considered for different scenarios. Similar to side-channel attacks, the leakage model describes the relations between the side-channel leakage and the processed data. Generally speaking, one can expect side-channel attacks to have a reduced data complexity with a more accurate leakage model. Specifically, we use a Hamming distance (HD) model as the non-profiling leakage model and the XOR (exclusive-or) model proposed in [5] as the representative of the profiling leakage model. It is expected that the profiling model will improve the authentication accuracy of the system. The experiments show that the XOR model leads to a larger mean and smaller variance for the histogram of the correlation coefficients compared to that of the HD model. The authentication accuracy and the authentication time are compared between the HD model and the XOR model.

## 2. Preliminaries

#### 2.1. n-Round AES

#### 2.2. Protocol in Side-Channel Authentication

## 3. ID-Based Side-Channel Authentication System

#### 3.1. ID-Based Side-Channel Authentication Scheme

#### 3.1.1. Comparison of Expected Authentication Speed

#### 3.1.2. Resistance against Side-Channel Attacks

#### 3.1.3. Trade-Off for the ID-Based System

## 4. Evaluation Setup of ID-Based Authentication

#### 4.1. Experimental Setup on n-Round AES

#### 4.2. Leakage Model in Authentication

#### 4.2.1. Non-Profiled Model: HD Model

#### 4.2.2. Profiling Model: XOR Model

## 5. Evaluation of the Authentication Speed

## 6. Evaluation of Authentication Accuracy

#### 6.1. Accuracy-Related Parameters

#### 6.2. Relationship Among M, n, and False Errors

#### 6.3. Formulation of n under Equal Error Rate

#### 6.4. Parameters with Different Settings

- Dataset A: n EM traces of AES-128
- Dataset B: one trace for n-rounds of AES

#### 6.5. Experimental Results

## 7. Conclusions

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## References

- Sakiyama, K.; Kasuya, M.; Machida, T.; Matsubara, A.; Kuai, Y.; Hayashi, Y.I.; Mizuki, T.; Miura, N.; Nagata, M. Physical Authentication Using Side-Channel Information. In Proceedings of the 2016 4th International Conference on Information and Communication Technology (ICoICT), Bandung, Indonesia, 25–27 May 2016. [Google Scholar]
- Brier, E.; Clavier, C.; Olivier, F. Correlation Power Analysis with a Leakage Model. In Proceedings of the Cryptographic Hardware and Embedded Systems—CHES 2004, Cambridge, MA, USA, 11–13 August 2004; pp. 16–29. [Google Scholar]
- Kocher, P.; Jaffe, J.; Jun, B. Differential Power Analysis. In Proceedings of the Advances in Cryptology—CRYPTO’ 99, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 1999; pp. 388–397. [Google Scholar]
- Kasuya, M.; Machida, T.; Sakiyama, K. New Metric for Side-Channel Information Leakage: Case Study on EM Radiation from AES Hardware. In Proceedings of the 2016 URSI Asia-Pacific Radio Science Conference (URSI AP-RASC), Seoul, South Korea, 21–25 August 2016. [Google Scholar]
- Clavier, C.; Danger, J.L.; Duc, G.; Elaabid, M.A.; Gérard, B.; Guilley, S.; Heuser, A.; Kasper, M.; Li, Y.; Lomné, V.; et al. Practical improvements of side-channel attacks on AES: Feedback from the 2nd DPA contest. J. Cryptogr. Eng.
**2014**, 4, 259–274. [Google Scholar] [CrossRef] - Terasic Inc. DE0-Nano Development and Education Board. Available online: http://www.terasic.com.tw/en (accessed on 29 March 2018).
- Tohoku University. Cryptographic Hardware Project. Available online: http://www.aoki.ecei.tohoku.ac.jp/crypto/ (accessed on 29 March 2018).
- Gandolfi, K.; Mourtel, C.; Olivier, F. Electromagnetic Analysis: Concrete Results. In Proceedings of the Cryptographic Hardware and Embedded Systems—CHES 2001, Paris, France, 14–16 May 2001; pp. 251–261. [Google Scholar]
- De Mulder, E.; Örs, S.B.; Preneel, B.; Verbauwhede, I. Differential Power and Electromagnetic Attacks on a FPGA Implementation of Elliptic Curve Cryptosystems. Comput. Electr. Eng.
**2007**, 33, 367–382. [Google Scholar] [CrossRef] - Kasuya, M.; Sakiyama, K. Improved EM Side-Channel Authentication Using Profile-Based XOR Model. In Proceedings of the International Workshop on Information Security Applications (WISA 2017), Jeju Island, Korea, 24–26 August 2017. [Google Scholar]

**Figure 2.**Two types of authentication methods proposed in [1]. (a) Challenge-S-Response method; (b) Challenge-S method.

**Figure 4.**Comparison of frameworks of the conventional (a) and proposed (b) ID-based side-channel authentication.

**Figure 7.**Relationship between the number of rounds and the number of distinguishable provers for Datasets A and B.

Straightforward Challenge-S [1] | ID-Based n-Round Challenge-S | |
---|---|---|

Side-channel information | n traces of 10-round AES-128 | 1 trace of n-round AES |

Acquisition time | $n\xb711{T}_{clk}$ | $n{T}_{clk}$ |

ID system | Not used | Used |

# of trials | q (1 acceptance and $q-1$ false trials) | 1 (Only acceptance trial) |

Data processing time | $q\xb75n\xb7{T}_{p}$ | $n\xb7{T}_{p}$ |

Total time | $n\xb711{T}_{clk}+q\xb75n\xb7{T}_{p}$ | $n{T}_{clk}+n\xb7{T}_{p}$ |

1000 Traces of AES-128 [1] | 1000-Round AES | ||
---|---|---|---|

(1000 Round Function Calls) | |||

Used Model | HD model ^{1} | HD Model | XOR Model ^{2} |

Acquisition | 43 | 0.50 | |

Data Processing | 0.34$\xb7q$ | 0.083 | 0.086 |

Total | 43 + 0.34$\xb7q$ | 0.583 | 0.586 |

^{1}Hamming distance model,

^{2}XOR (Exclusive-or) model.

**Table 3.**Experimentally obtained parameters: mean values ${\mu}_{1}$ and ${\mu}_{2}$ and constants of proportionality ${\beta}_{1}$ and ${\beta}_{2}$; $\alpha $, and h.

Dataset | Leakage Model | ${\mathbf{\mu}}_{1}$ | ${\mathbf{\mu}}_{2}$ | ${\mathbf{\beta}}_{1}$ | ${\mathbf{\beta}}_{2}$ | $\mathbf{\alpha}$ | h |
---|---|---|---|---|---|---|---|

A | HD Model | 0.57 | 0.00 | 0.98 | 1.00 | 0.20 | 0.29 |

B | HD Model | 0.541 | 0.00 | 1.05 | 1.00 | 0.19 | 0.27 |

B | XOR Model | 0.718 | 0.00 | 1.06 | 1.06 | 0.25 | 0.36 |

M | ${2}^{10}$ | ${2}^{30}$ | ${2}^{50}$ | ${2}^{70}$ |
---|---|---|---|---|

AES-128 | 206 | 684 | 1171 | - |

HD Model | 153 | 526 | 908 | 1292 |

XOR Model | 90 | 309 | 533 | 759 |

© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Li, Y.; Kasuya, M.; Sakiyama, K. Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES. *Appl. Sci.* **2018**, *8*, 1898.
https://doi.org/10.3390/app8101898

**AMA Style**

Li Y, Kasuya M, Sakiyama K. Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES. *Applied Sciences*. 2018; 8(10):1898.
https://doi.org/10.3390/app8101898

**Chicago/Turabian Style**

Li, Yang, Momoka Kasuya, and Kazuo Sakiyama. 2018. "Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES" *Applied Sciences* 8, no. 10: 1898.
https://doi.org/10.3390/app8101898