Electromagnetic Side-Channel Basics
Electromagnetic side-channel analysis is power analysis’s close cousin. Instead of measuring current on the power line, it measures the tiny electromagnetic field a chip radiates as it switches, which carries the same secret-dependent information. With a probe and patience, that radiated field can give up the keys the device was computing with.
The Leak Nobody Intends
A chip computing on secret data is not supposed to tell anyone what that data is. But the physics of switching transistors means it does, faintly, whether the designers want it to or not. Every operation that depends on a secret bit consumes slightly different power and radiates a slightly different field, and those differences correlate with the secret.
Side-channel analysis is the discipline of recovering secrets from those unintended physical signals rather than from the logical interface. Electromagnetic analysis is the variant that listens to the radiated field. It is a real, practical threat to unprotected cryptographic implementations on embedded devices, and understanding it is the first step to defending against it.
Switching Radiates
Every transistor that flips state emits a small electromagnetic pulse, the same way any changing current produces a changing field. A chip running code is millions of these flips per second, and the combined field above the package rises and falls with the activity inside. A near-field probe held over the die picks up that field as a voltage trace.
Crucially, the field varies with the data being processed, just as power consumption does. An operation on a byte with many set bits looks different from one on a byte with few, and a multiplication by a key-dependent value leaves a key-dependent signature. That data dependence is the door through which the secret leaks.
Why It Can Be Easier Than Power Analysis
Power analysis needs an electrical connection, usually a small resistor in the power line and a probe across it, which means modifying the board. Electromagnetic analysis often needs no electrical connection at all. A probe positioned just above the package picks up the field through the plastic, with no cut traces and no inserted components.
That non-invasiveness is a practical advantage. There is less to set up, less risk of disturbing the device, and nothing that betrays the measurement. For a target where adding a shunt resistor is awkward or impossible, an EM probe hovering over the chip is frequently the path of least resistance into the same information power analysis would have provided.
The Advantage of Localized Measurement
A power measurement at the supply pin sums the activity of the entire chip, so the cryptographic operation you care about is buried under the noise of everything else running. An EM probe can be positioned over a specific region of the die, isolating the block doing the cryptography and ignoring much of the rest.
That spatial selectivity can yield a cleaner signal than power measured at the supply, because you are listening to the relevant circuitry rather than the whole device. Mapping the chip surface to find where the crypto activity is loudest, then parking the probe there, is a standard part of an EM setup and a real reason it sometimes beats power analysis.
The Measurement Setup
The practical rig is a near-field EM probe, an amplifier, and a fast oscilloscope or capture board, with a trigger tied to the operation under study. The probe is small, the kind used for EMC debugging, and it is positioned over the die while the device repeats the cryptographic operation.
# capture EM traces aligned to each encryption, then analyze # probe over the die -> LNA -> scope, triggered on the AES start signal chipwhisperer: scope.adc.samples = 5000; scope.gain.db = 35 capture_traces(N=20000, trigger='aes_start') # collect many aligned traces
The setup mirrors a power-analysis rig with the shunt swapped for a field probe. You collect many traces of the same operation, aligned to a trigger, because the statistical attacks that follow need many measurements to pull a small data-dependent signal out of the noise.
From Traces to Keys
A single trace is mostly noise. The attacks that recover keys are statistical: differential and correlation power analysis, applied identically to EM traces, test hypotheses about key bytes against thousands of traces and let the correct guess emerge as a correlation peak. The same math that breaks an unprotected AES from power traces breaks it from EM traces.
# correlation analysis: the correct key byte shows a clear peak
cpa = correlation_analysis(traces, plaintexts, leakage_model='HW_sbox_out')
print("recovered key byte 0:", hex(cpa.best_guess[0]), "conf", cpa.confidence[0])recovered key byte 0: 0x2b conf 0.94 # repeated per byte, the full AES key falls out of ~15k traces
When the correct guess for each key byte produces a sharp correlation peak and the wrong guesses stay flat, the key falls out one byte at a time. An unprotected AES on a microcontroller commonly yields its key from tens of thousands of EM traces, which is minutes to hours of collection, not an academic abstraction.
Why Localization Helps the Attack
Beyond a cleaner signal, localization lets an attacker separate operations that overlap in time but happen in different parts of the chip. Listening over the crypto accelerator while ignoring the CPU core, or over one cipher round’s hardware, can isolate exactly the leakage the statistical attack needs and discard confounding activity.
This is something power analysis simply cannot do, because the supply pin carries everything at once. The ability to choose where to listen, not just when, is the EM channel’s distinctive strength, and it is why a well-positioned probe sometimes recovers a key that defeats a power-analysis attempt on the same device.
Defenses Overlap With Power Analysis
The good news is that the countermeasures are largely shared, because the root cause is the same data-dependent switching. Masking, splitting secret values into random shares so the intermediate values an attacker measures are decorrelated from the real secret, reduces both power and EM leakage. It is the strongest algorithmic defense.
Constant-time and constant-power implementations help too, by removing data-dependent branches and balancing the work so the trace varies less with the secret. None of these are EM-specific; an implementation hardened against power analysis is generally hardened against EM analysis as well, which means one investment defends both channels.
Shielding and Physical Measures
Because EM is a radiated channel, physical measures that do not apply to power analysis come into play. Shielding the package or the sensitive region, adding metal layers, and increasing the distance an attacker’s probe must work from all attenuate the field and reduce the signal available to capture.
Shielding is rarely sufficient on its own, because a determined attacker decapsulates or works closer, but it raises the effort and pairs well with algorithmic defenses. The layered view applies here as everywhere: make the signal weaker physically and the secret harder to extract algorithmically, so neither defense has to be perfect alone.
Noise and Randomization
Designs can also fight the statistical attack directly by adding noise and randomization. Random delays and dummy operations misalign the traces, forcing the attacker to realign before averaging, which raises the trace count needed. Randomizing the order of independent operations spreads the leakage across time so no single sample carries it.
These measures do not eliminate the leak, they raise its cost, sometimes from thousands of traces to millions, which can push the attack past the point of practicality for a given threat model. Combined with masking, they are part of how high-assurance smartcards and secure elements resist side-channel analysis that easily breaks an unprotected microcontroller.
When EM Analysis Is the Real Threat
Not every device needs to resist this. EM and power analysis require physical access and many measurements, so they matter most for devices an attacker can hold and repeatedly exercise: smartcards, secure elements, payment hardware, and any product where extracting a key has high value and the device is in the attacker’s hands.
For those, treating EM leakage as a real channel and choosing an implementation designed to resist it, a side-channel-resistant crypto library or a certified secure element, is the difference between theoretical and actual protection. For a low-value device an attacker would not bother to instrument, it may be out of scope, and the threat model is what tells you which case you are in.
The Takeaway for Designers
The unifying point is that a chip radiates data-dependent information into the air whether or not wires are attached, and a positioned probe can capture it more easily and more selectively than a power tap in many cases. Treating EM as a distinct, sometimes easier, channel is the correct mindset for a device that must resist a capable, physically present attacker.
The defenses, masking, constant-time and constant-power code, shielding, and noise, need to be designed in from the start, because they are hard to bolt on later. For products where a key extraction would be costly, choosing side-channel-resistant implementations up front is what turns the radiated leak from an open door into a closed one.
Where This Fits
Evaluating a device’s side-channel leakage, electromagnetic and power alike, and advising on countermeasures is part of a hardware-focused product security assessment. If you want an evaluation of what your device radiates and how hard its keys are to extract, that is the kind of work we do at Berkner Tech.