Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Environments

  • Pedro Peris-Lopez
  • Julio C. Hernandez-Castro
  • Juan M. E. Tapiador
  • Enrique San Millán
  • Jan C. A. van der Lubbe
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 42)


In 2004, Settharam and Rhee tackled the design of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low-power environments (e.g. sensor networks, low-cost RFID tags). First, they explicitly fixed a set of requirements for this primitive. Then, they proposed a PRNG conforming to these requirements and using a free-running timer [9]. We analyze this primitive discovering important security faults. The proposed algorithm fails to pass even relatively non-stringent batteries of randomness such as ENT (i.e. a pseudorandom number sequence test program). We prove that their recommended PRNG has a very short period due to the flawed design of its core. The internal state can be easily revealed, compromising its backward and forward security. Additionally, the rekeying algorithm is defectively designed mainly related to the unpractical value proposed for this purpose.


Sensor networks RFID PRNG security cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    David Sexton’s battery (2005),
  2. 2.
    Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: ACM Conference on Computer and Communications Security, pp. 203–212 (2005)Google Scholar
  3. 3.
    Bernstein, D.J.: Salsa20 specifications (2005),
  4. 4.
    Klimov, A., Shamir, A.: Cryptographic applications of T-functions. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 248–261. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Marsaglia, G.: The Marsaglia Random Number CDROM Including the DIEHARD Battery of Tests of Randomness (1996),
  6. 6.
    Phan, R.C.-W., Wu, J., Ouafi, K., Stinson, D.R.: Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes (2008),
  7. 7.
    Rhee, S., Seetharam, D., Liu, S., Wang, N., Xiao, J.: i-Bean Network: An Ultra-Low Power Wireless Sensor Network. In: Proceedings of UBICOMP 2003 (2003)Google Scholar
  8. 8.
    Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST special publication 800-22 (2001),
  9. 9.
    Seetharam, D., Rhee, S.: An Efficient Pseudo Random Number Generator for Low-Power Sensor Networks. In: Proceedings of LCN 2004, pp. 560–562. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  10. 10.
    Walker, J.: Randomness Battery (1998),

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Pedro Peris-Lopez
    • 1
  • Julio C. Hernandez-Castro
    • 2
  • Juan M. E. Tapiador
    • 3
  • Enrique San Millán
    • 4
  • Jan C. A. van der Lubbe
    • 1
  1. 1.Department of Information and CommunicationDelft University of TechnologyThe Netherlands
  2. 2.School of ComputingBuckingham Building, Lion TerracePortsmouthUnited Kingdom
  3. 3.Department of Computer ScienceUniversity of York, HeslingtonYorkUnited Kingdom
  4. 4.Department of Electrical EngineeringUniversity Carlos III of MadridLeganésSpain

Personalised recommendations