Skip to main content

Certifiably Biased: An In-Depth Analysis of a Common Criteria EAL4+ Certified TRNG

Hurley-Smith, Darren, Hernandez-Castro, Julio (2018) Certifiably Biased: An In-Depth Analysis of a Common Criteria EAL4+ Certified TRNG. IEEE Transactions on Information Forensics and Security, 13 (4). pp. 1031-1041. ISSN 1556-6013. E-ISSN 1556-6021. (doi:10.1109/TIFS.2017.2777342) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:67241)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of certifiablybiased.pdf]
Official URL


This paper reports the first in-depth analysis of the DESFire EV1’s EAL4+ certified TRNG and raises some difficult questions regarding the certification of non-deterministic random number generators. We start by analyzing the quality of the purportedly true random number generator (TRNG) on the DESFire EV1 card. Clear and consistent biases are identified, despite good performance in most randomness tests.

TRNG output. Further analysis shows systemic issues affecting TRNG output at the byte level, for which we have developed an accurate explanation. Our results have been acknowledged by the manufacturer, after responsible disclosure.

Item Type: Article
DOI/Identification number: 10.1109/TIFS.2017.2777342
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 08 Jun 2018 14:32 UTC
Last Modified: 16 Feb 2021 13:55 UTC
Resource URI: (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio:
  • Depositors only (login required):


Downloads per month over past year