Courses I teach
Low-level programming in C (PB071)
Security technologies (PV204)
Secure coding (PA193)
Secure network design (PA197)
PhD seminar on ITSec (PA168)
My coding and other projects
JCAlgTest (#smartcards, JavaCard performance testing)
Myst (#smartcards, Secure multi-party on JavaCards)
JCMathLib (#smartcards, ECPoint&Bignat open library)
RSA key classifier (#crypto, Pubkey to library classificator)
JCProfiler (#smartcards, JavaCard Applet speed profile)
WSNProtectLayer (#wsn/IoT, Transparent enc&auth proxy)
EACirc (#randomness, Randomness testing battery)
APDUPlay (#smartcards, APDU logging and manipulation)
JavaPresso (#smartcards, Source code packer for JavaCard)
My astrophotography pictures (#astro)
doc. Petr Švenda Ph.D. (associate professor)
Current aim of my research
“I want to empower people running secure multiparty protocols on cryptographic smartcards.”
See full list of my publications. Read about research topics in CRoCS lab here. My older homepage is still available.
Secure hardware
I have a strong passion for cryptographic smartcards, both for the research and development topics. We recently analyzed millions RSA keys extracted from smartcards to detect biases in generated public keys (USENIXSec'16, best paper award). Our follow-up lead to discovery of the weak RSA key generation algorithm on Infineon smartcards known as ROCA vulnerability (CVE-2017-15361) received The Real-World Impact award at ACM CCS 2017. The more precise method to measure the popularity of cryptographic libraries detects the significant variation in a source of certificates submitted weekly to Certificate Transparency and shows that OpenSSL is more popular than ever in internet-wide scans (ACSAC 2017).
The compromise-resistant ECC-based signing and key generation via secure multiparty computation protocol on a grid of smartcards was showcased at DEFCON 2017 with all details published at ACM CCS 2017. I co-developed library for Bignat and ECPoint for JavaCard platform which requires no vendor proprietary API JCMathLib showcased at BlackHat 2017 and used in ACM CCS 2017 prototype. In 2006 I started and still maintain the largest open-source database of performance and algorithmic support tests of smartcards with JavaCard platform (JCAlgTest project). I was involved in the laboratory testing of the resilience of smartcards hardware against power and fault analysis, reverse engineering of JavaCard bytecode from the power trace (paper), security code review of JavaCard applets and applications development. I worked on data retention compliant logging for AN.ON anonymity service at TU Dresden (paper) and massively parallel cloud security hardware platform (paper).
Randomness and entropy extraction
We work on non-tradition randomness testing battery based on genetic programming (EACirc project) with statistical tests continually adapted to analyzed binary sequence to find defects in cryptographic functions (paper). We also aim to provide guidance which part of an analyzed function is responsible for the observed defect. We proposed lightweight yet powerful bias detection method based on boolean functions (Secrypt 2017) with detection of previously unknown biases in Java Random and C rand generators. I was involved in practical entropy extractors from hardware sources available on mobile devices, especially from the microphone and camera input (paper, paper).
Wireless Sensor Networks (WSNs)
WSNs were my main Ph.D. research topic with thesis defended in 2009 (The link key security in wireless sensor networks, thesis). We inspect security protocols for networks with the assumption of an inevitability of partial compromise. We proposed several techniques how to maintain reasonably functional and secure network ranging from the node capture resilient key establishment (paper) over key strengthening mechanism called secrecy amplification (paper) to automatic protocol generation (paper). We developed transparent security platform via virtualized radio stack for TinyOS (WSNProtectLayer project).
Teaching and thesis supervision
I teach mostly security and applied cryptography focused courses (see list on the left), commonly with programming as the important component for deeper understanding. I really value feedback and participation - don't leave for yourself what you are happy and unhappy with.
I do supervise bc. and mgr. thesis - read first the list of available topics here and projects we work on. Then ask for a personal meeting - the majority of the thesis I supervise are customized based on a discussion with you. And don't be shy to approach me with your own favorite topic.
My publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2010 - 2015
2004 - 2009
See full list of my publications.