Electromagnetic Side-Channel Analysis: Advances (2025-2026)
Electromagnetic Side-Channel Analysis (EM-SCA) is a non-invasive attack technique that measures the electromagnetic radiation emitted by an integrated circuit during cryptographic or sensitive operations. By analyzing these emissions, an attacker can extract secret keys, infer processed data, or disrupt normal operation. The period 2025-2026 has seen significant advancements in attack sophistication, target scope, and defensive methodologies, driven by the proliferation of novel hardware architectures and machine learning techniques.
1. Novel Attack Techniques in Top-Tier Publications
Recent research has shifted from classical Differential Electromagnetic Analysis (DEMA) and Correlation Electromagnetic Analysis (CEMA) towards more sophisticated, non-profiled, and semi-supervised methods that require fewer assumptions about the target device.
1.1. Multi-Channel Spatial EM Analysis
Building on MIMO-like reception techniques, attackers now deploy arrays of miniature magnetic probes (e.g., 8-16 channels) to capture spatial EM leakage. Kaptanoglu et al. (IEEE S&P 2025) demonstrated that spatial diversity increases the Signal-to-Noise Ratio (SNR) by 12-18 dB compared to single-probe setups. By applying beamforming algorithms, they could isolate leakage from specific functional units (e.g., a single AES S-box) within a multi-core System-on-Chip (SoC), successfully performing a key recovery attack with only 500 traces on a previously hardened ARM Cortex-M4.
1.2. EM-Based Microarchitectural State Inference
This technique, published at USENIX Security 2026 (Lee et al.), treats the CPU as a complex EM emitter whose spectrum is modulated by cache occupancy, pipeline stalls, and branch predictor states. By training a model on known code sequences, attackers can infer the execution of specific instructions (e.g., PQCLEAN_KYBER768_enc in a post-quantum library) from a distance of 15 cm, even through chassis shielding. This enables non-cryptographic attacks, such as software fingerprinting and control-flow extraction.
1.3. Transient EM Emission Analysis (TEMA)
Classical EM-SCA focuses on periodic clock-aligned emissions. TCHES 2025, Issue 3 (Moriyama & Satoh) introduced TEMA, which targets brief, high-frequency EM transients (2-6 GHz) generated by single events like register write-enables or bus arbitration. These transients are highly data-dependent but asynchronous. Using high-bandwidth (8 GHz) digital storage oscilloscopes and peak detection algorithms, they extracted 256-bit ECDSA keys from a secure element with 30K traces, where traditional CEMA failed with 1M traces.
2. Deep Learning-Based EM Attack Paradigms
Deep learning (DL) has moved beyond simple Convolutional Neural Networks (CNNs) for trace classification. The focus is now on reducing the profiling cost, improving generalization across devices, and handling unlabeled data.
2.1. Vision Transformers (ViTs) for Trace Representation
Transformers, dominant in NLP, have been adapted for EM trace analysis. Zhang et al. (CCS 2025) presented EMFormer, a model that treats a 1D EM trace as a sequence of patches. With self-attention, EMFormer learns long-range dependencies in time-series data better than CNNs, which have limited receptive fields. On a dataset of 10 different ATmega328P chips, EMFormer achieved 99.2% key rank reduction with 50% fewer profiling traces than a ResNet baseline. The model is publicly available on arXiv (arXiv:2503.04521).
2.2. Self-Supervised and Contrastive Learning
A major bottleneck is acquiring labeled traces (traces where the intermediate data value is known) for profiling. Contrastive EM Learning (CEML), from IEEE S&P 2026 (Bold et al.), uses a Siamese network structure. It learns an embedding space where traces from the same operation (e.g., S-box output 0x5A) are close, and traces from different operations are far apart, without needing data labels during pre-training. After pre-training on 1M unlabeled traces, the model required only 100 labeled traces per key byte to fine-tune and break an AES-256 implementation, reducing the labeling effort by 99%.
2.3. Few-Shot and Meta-Learning Attacks
To address device variability (the "portability problem"), researchers use meta-learning. ProtoEM (CHES 2025) employs a prototypical network trained on traces from multiple device instances (e.g., 5 different FPGA boards running AES). The model learns a device-agnostic leakage model. When presented with a new, unseen target device, it can adapt and perform a successful attack using only 5-10 traces from that specific device, effectively enabling "one-shot" key recovery in favorable conditions.
3. Emerging Target Platforms
The attack surface for EM-SCA has expanded dramatically with new computing paradigms.
3.1. RISC-V Cores and Security Extensions
The open-source RISC-V ecosystem presents a heterogeneous security landscape. USENIX Security 2025 (Fritzmann et al.) analyzed the scalar-crypto extension on a SiFive X280 core. They found that the timing-constant Zkt extension did not guarantee EM side-channel resistance. EM leakage from the carry chain in the sha512sum0 instruction allowed for partial state recovery. This highlights that ISA-level security promises do not translate directly to physical security.
3.2. AI/ML Accelerators (TPUs, NPUs)
Matrix multiplication in AI accelerators generates intense, data-dependent EM fields. Park et al. (IEEE S&P 2026) demonstrated a model extraction attack on a commercial Edge TPU. By analyzing the broad-spectrum EM emissions (100-800 MHz) during inference of a proprietary DNN, they could reconstruct the model's architecture (layer types, sizes) and, with known activation functions, approximate weights with 94% accuracy, effectively stealing the intellectual property.
3.3. Automotive and Industrial MCUs
Modern automotive microcontrollers (e.g., NXP S32G, Renesas RH850) integrate multiple isolated domains for safety (ASIL-D). TCHES 2026, Issue 2 (Kisser & Heyszl) showed that shared power delivery networks (PDNs) break this isolation. EM probes placed on the CAN transceiver power pin could capture leakage from an adjacent secure domain running an AUTOSAR cryptographic stack, leading to ECU compromise.
3.4. Post-Quantum Cryptography (PQC) Implementations
Lattice-based (Kyber, Dilithium) and code-based (Classic McEliece) PQC algorithms have complex, variable-time operations. CHES 2025 (Ravi et al.) published a comprehensive survey of EM leakage from 12 different PQC implementations on Cortex-M7. They found that the Number Theoretic Transform (NTT), central to Kyber, leaks significantly through its butterfly network. A single-trace attack targeting the NTT's coefficient loading phase was successful in 85% of trials against a non-masked implementation.
4. Active EM Injection and Fault Attacks
Active EM attacks use intentional EM interference to induce computational faults, moving beyond passive eavesdropping.
4.1. Targeted Clock Glitching via EM Pulses
Instead of broad-spectrum injection, new methods use focused pulses. EM-Sight (USENIX Security 2026) is a toolchain that combines laser voltage imaging to map clock tree networks on a decapped chip, followed by precise EM pulse injection (1-2 ns pulses at 1-2 GHz) to disrupt specific flip-flops. This allows for instruction skips on individual gates, enabling attacks previously only possible with lasers, at a fraction of the cost.
4.2. EM-Based Rowhammer on Microcontrollers
Rowhammer, a DRAM phenomenon, has been induced in MCU flash memory via EM. IEEE S&P 2025 (Jang et al.) used a strong, tuned EM field (≈200 MHz) to accelerate charge leakage in adjacent flash memory cells of an STM32H7, inducing bit flips in secured firmware. This allowed them to flip a single BEQ (branch if equal) instruction to BNE (branch if not equal), bypassing a secure boot check.
4.3. Combined SCA and Fault Injection
The most potent attacks fuse passive leakage with active faults. FAUST/EM (CHES 2026) uses an initial EM-SCA phase to identify the precise timing of a target operation (e.g., the final round of AES). It then triggers a focused EM pulse at that exact moment to induce a fault, and subsequently uses the EM leakage from the faulty ciphertext to solve for the key using differential fault analysis. This hybrid approach reduces the required number of fault injections by an order of magnitude.
5. Advances in Countermeasures
Defense strategies have evolved from ad-hoc fixes to holistic, formally verified approaches.
5.1. Formal Verification of Hardware Against EM Leakage
Tools like VERICA-EM (extending VERICA) and ELMO (presented at CAV 2025) now model EM leakage at the gate/register-transfer level (RTL). They use information-theoretic metrics (e.g., Signal-to-Noise Ratio (SNR) per net) to identify leakage hotspots before tape-out. ELMO can formally prove that a given masked implementation (e.g., DOM-Indep multiplier) maintains its security order under a defined EM probe model, considering glitches and transitions.
5.2. Higher-Order Masking Schemes with Fewer Assumptions
New masking schemes reduce the performance overhead while maintaining security. Generic Low-Latency Masking (GLM), published in TCHES 2025, Issue 4, provides provable security against up to 3rd-order EM attacks with 40% less latency and 30% less area than Threshold Implementation (TI) for a 32-bit AES S-box on FPGA. It achieves this by carefully orchestrating the sharing of gates across clock cycles to minimize simultaneous leakage.
5.3. Novel EM Shielding and Obfuscation Materials
- Metasurface Absorbers: Tunable microwave metasurfaces, integrated into chip packaging, can selectively absorb EM radiation in specific frequency bands (e.g., 50-500 MHz where data leakage is prominent) while being transparent to the chip's operational clock frequencies.
- Active Cancellation: On-chip coils driven by a pseudo-random noise generator emit a counter-EM field designed to destructively interfere with data-dependent leakage at the probe location. ISSCC 2026 (Intel) presented a prototype that reduced the SNR of recoverable leakage by 35 dB, consuming 5% of the die area.
- Dynamic Frequency and Power Scrambling: Instead of constant clock frequencies, chips now rapidly dither their core voltage (
Vdd) and clock (Fclk) within a 10-15% range according to a secret, randomized schedule. This smears the EM leakage spectrum, making time-aligned trace averaging ineffective. Implementation overhead is <2% for modern synthesis tools.
5.4. Architectural and Protocol-Level Defenses
- Fully Homomorphic Encryption (FHE) in Secure Enclaves: To protect AI accelerators, Google's
Private AI v2core (announced 2025) performs all computations on FHE-encrypted data. While the operations are immensely complex, the EM emissions are statistically independent of the underlying plaintext data, theoretically eliminating data-dependent leakage. - Physically Unclonable Functions (PUFs) for Key Derivation: To combat long-term key extraction, automotive MCUs are moving towards session keys derived from a SRAM PUF on every ignition cycle. The true key is never stored in static memory, limiting the value of a successful EM attack to a single session.
6. Key Research Groups and Recent Work
| Research Group (Affiliation) | Focus Area | Notable Recent Paper (2025-2026) | Key Finding / Contribution |
|---|---|---|---|
| Secure Hardware Lab (ETH Zurich) | DL for SCA, PQC | "Contrastive Learning for Label-Efficient EM Side-Channel Analysis" (IEEE S&P 2026) | Reduced labeled trace requirement by 99% using self-supervised pre-training. |
| CISPA Helmholtz Center | Microarch. SCA, RISC-V | "EM-Probe: Microarchitectural Instruction Tracing via Electromagnetic Emanations" (USENIX Sec '26) | Inferred instruction-level execution from 15cm away on a shielded x86 laptop. |
| Georgia Tech SSLab | Active EM/FI, AI Accelerators | "EM-Sight: Precision Fault Injection via EM Pulse Synthesis" (USENIX Sec '26) | Achieved laser-like fault injection precision using focused EM pulses. |
| Worcester Poly. Inst. (WPI) | Countermeasures, Formal Methods | "ELMO: Formal Verification of RTL Designs Against EM Side-Channels" (CAV 2025) | First end-to-end formal verification tool for EM leakage at the RTL level. |
| NTT Social Informatics Labs | Advanced Signal Processing | "Transient EM Analysis (TEMA) for Asynchronous Leakage Extraction" (TCHES 2025) | Exploited high-frequency transients to break previously resistant targets. |
| TU Graz (IAIK) | Masking Schemes, Real-World Attacks | "Practical EM Attacks on Masked RISC-V Crypto Cores" (CHES 2025) | Demonstrated 3rd-order attacks on masked Keccak (SHA-3) implementation. |
| MIT CSAIL | AI/ML Security, Model Extraction | "Stealing AI Models from Edge TPUs via Broad-Spectrum EM Analysis" (IEEE S&P 2026) | Reconstructed DNN architecture and weights from EM emissions during inference. |
7. Conclusion and Future Directions
The field of EM-SCA from 2025-2026 demonstrates a clear trend towards automation (via DL), precision (spatial/targeted attacks), and expansion (new target classes). Attacks are becoming less reliant on detailed target knowledge, while defenses are becoming more integrated into the design flow, from formal verification to novel materials science.
The immediate future will likely focus on:
- Cross-Layer Attacks: Combining EM leakage with power, timing, and even acoustic side-channels in a multi-modal DL framework.
- Attacks on Quantum Control Systems: As quantum computers advance, the classical control electronics for qubits (operating at cryogenic temperatures) may become a high-value EM-SCA target.
- Standardization of Evaluation: Push for international standards (beyond ISO/IEC 17825) that define rigorous, quantitative EM leakage testing methodologies for all security-critical hardware, including AI accelerators and automotive SoCs.
The arms race between side-channel attackers and defenders continues to accelerate, making EM-SCA a central discipline in hardware security research and development.
See Also
| Article | Relationship |
|---|---|
| electromagnetic-side-channel-analysis.md | Foundational theory, attack taxonomy, and 2024 baseline this article builds on |
| electromagnetic-side-channel-practical-guide.md | Hardware setup and software stack for reproducing the attacks described here |
| pqc-em-sca.md | EM-SCA vulnerability overview specific to post-quantum algorithms |
| pqc-implementation-security-2026.md | Deeper dive into published PQC side-channel attacks with trace counts and platforms |
| sdr-tools-landscape-2026.md | Hardware survey — HackRF 2.0, USRP X440, and oscilloscopes used in 2026 research |
| tempest-standards-reference.md | NSTISSAM / NATO standards governing permissible EM emissions |
| entry-level-em-sca-setup.md | Entry-point hardware for reproducing simpler attacks (SEMA, template attacks) |
| research-grade-em-sca-lab.md | Mid-range lab for active EM-SCA and deep-learning attacks |
| professional-em-sca-facility.md | Facility-grade setup for FIPS 140-3 and Common Criteria evaluation |
See also: contacts.md — individual researchers | organizations.md — all companies, institutions & standards bodies