Strengths and Limitations of High-Resolution Electromagnetic Field Measurements for Side-Channel Analysis

  • Johann Heyszl
  • Dominik Merli
  • Benedikt Heinz
  • Fabrizio De Santis
  • Georg Sigl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7771)


The electromagnetic field as a side-channel of cryptographic devices has been linked to several advantages in past contributions. We provide a comprehensive study using high-resolution horizontal and vertical magnetic field probes at close distance to an integrated circuit die. We configured an FPGA device with two uncorrelated digital structures showing similar leakage behavior as symmetric cryptography implementations. We found that measurements from the frontside of the die using a horizontal probe lead to the highest signal-to-noise ratios. Further, high sampling rates are required and no trace compression should be applied. Contrary to previous contributions, we successfully demonstrate that the leakage of design parts is locally restricted and matches their placement. This proves the feasibility of localized side-channel analysis after a profiling phase, however, also means that other locations will lead to inferior results, which is an important limitation. Our analysis confirmed an advantage of measuring localized electromagnetic fields instead of current consumption due to the fact that less parasitic capacitances are involved.


EM high-resolution side-channel localization CPA SNR 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    De Mulder, E., Buysschaert, P., Ors, S., Delmotte, P., Preneel, B., Vandenbosch, G., Verbauwhede, I.: Electromagnetic analysis attack on an fpga implementation of an elliptic curve cryptosystem. In: The International Conference on Computer as a Tool, EUROCON 2005, vol. 2, pp. 1879–1882 (November 2005)Google Scholar
  4. 4.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    He, W., de la Torre, E., Riesgo, T.: An interleaved EPE-immune PA-DPL structure for resisting concentrated EM side channel attacks on FPGA implementation. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 39–53. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Kirschbaum, M., Schmidt, J.M.: Learning from electromagnetic emanations - a case study for iMDPL. In: Workshop Proceedings COSADE 2011, pp. 50–55 (2011)Google Scholar
  8. 8.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag New York, Inc., Secaucus (2007)Google Scholar
  9. 9.
    Peeters, E., Standaert, F.X., Quisquater, J.J.: Power and electromagnetic analysis: improved model, consequences and comparisons. Integr. VLSI J. 40(1), 52–60 (2007)CrossRefGoogle Scholar
  10. 10.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Real, D., Valette, F., Drissi, M.: Enhancing correlation electromagnetic attack using planar near-field cartography. In: Design, Automation Test in Europe Conference Exhibition, DATE 2009, pp. 628–633 (April 2009)Google Scholar
  12. 12.
    Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of fpgas: High spatial resolution cartography and attack on a cryptographic module. ACM Trans. Reconfigurable Technol. Syst. 2, 4:1–4:24 (2009)Google Scholar
  13. 13.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Johann Heyszl
    • 1
  • Dominik Merli
    • 1
  • Benedikt Heinz
    • 1
  • Fabrizio De Santis
    • 2
  • Georg Sigl
    • 2
  1. 1.Fraunhofer Research Institution AISECMunichGermany
  2. 2.Technische Universität MünchenMunichGermany

Personalised recommendations