A Guideline on Pseudorandom Number Generation (PRNG) in the IoT

Research output: Contribution to journalResearch articleContributedpeer-review



Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic realtime operations, and frequent lack of a user interface. In this article, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyze the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.


Original languageEnglish
Article number112
Pages (from-to)1-38
JournalACM Computing Surveys
Issue number6
Publication statusPublished - 1 Jul 2022

External IDs

Scopus 85111215903
ORCID /0000-0002-3825-2807/work/142241900


Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Subject groups, research areas, subject areas according to Destatis

ASJC Scopus subject areas

Library keywords