The number of IoT (Internet of Things) applications is rapidly increasing and allows embedded devices today to be massively connected to the Internet. This raises software security questions. This paper demonstrates the usage of formal verification to increase the security of Contiki OS, a popular open-source operating system for IoT. We present a case study on deductive verification of encryption-decryption modules of Contiki (namely, AES--CCM*) using Frama-C, a software analysis platform for C code.