Paper 2016/1021

Cryptographic Randomness on a CC2538: a Case Study

Yan Yan, Elisabeth Oswald, and Theo Tryfonas


Smart metering, smart parking, health, environment monitoring, and other applications drive the deployment of the so-called Internet of Things (IoT). Whilst cost and energy efficiency are the main factors that con- tribute to the popularity of commercial devices in the IoT domain, secu- rity features are increasingly desired. Security features typically guarantee authenticity of devices and/or data, as well as confidentiality of data in transit. Our study finds that whilst cryptographic algorithms for confi- dentiality and authenticity are supported in hardware on a popular class of devices, there is no adequate support for random number generation available. We show how to passively manipulate the on-board source for randomness, and thereby we can completely undermine the security pro- vided by (otherwise) strong cryptographic algorithms, with devastating results.

Available format(s)
Publication info
Published elsewhere. MINOR revision.WIFS 2016
IoTSystem on Chip (SoC)Side channel attackRandom Number Generator (RNG)DTLS
Contact author(s)
yanyansmajesty @ gmail com
2016-11-01: received
Short URL
Creative Commons Attribution


      author = {Yan Yan and Elisabeth Oswald and Theo Tryfonas},
      title = {Cryptographic Randomness on a CC2538: a Case Study},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1021},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.