This study systematically evaluates the electromagnetic (EM) side-channel vulnerability of the PRESENT lightweight cipher in IoT devices. To address the challenge of low signal-to-noise ratio in EM leakage, we propose an enhanced correlation power analysis (CPA) method that integrates intermediate-value modeling of the S-box with Pearson correlation detection within a differential energy analysis framework, significantly improving key recovery efficiency. Experimental results demonstrate that only 256 EM traces suffice to recover 8 out of 10 key bytes—substantially reducing data requirements compared to conventional approaches. Furthermore, this work presents the first systematic comparative evaluation of simple electromagnetic analysis (SEMA) and correlation electromagnetic analysis (CEMA) models for PRESENT hardware implementations, empirically confirming CEMA’s superior distinguishability. The findings conclusively reveal significant EM side-channel leakage in PRESENT, providing critical empirical evidence and methodological support for designing side-channel-resistant cryptographic modules in resource-constrained IoT environments.

Side-channel vulnerabilities pose an increasing threat to cryptographically protected devices. Consequently, it is crucial to observe information leakages through physical parameters such as power consumption and electromagnetic (EM) radiation to reduce susceptibility during interactions with cryptographic functions. EM side-channel attacks are becoming more prevalent. PRESENT is a promising lightweight cryptographic algorithm expected to be incorporated into Internet-of-Things (IoT) devices in the future. This research investigates the EM side-channel robustness of PRESENT using a correlation attack model. This work extends our previous Correlation EM Analysis (CEMA) of PRESENT with improved results. The attack targets the Substitution box (S-box) and can retrieve 8 bytes of the 10-byte encryption key with a minimum of 256 EM waveforms. This paper presents the process of EM attack modelling, encompassing both simple and correlation attacks, followed by a critical analysis.