Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
people:svenda [2017-08-03 16:12] xsvendapeople:svenda [2023-11-25 14:18] (current) xsvenda
Line 1: Line 1:
-====== RNDr. Petr Švenda, Ph.D., assistant professor ====== +~~NOTOC~~
-<columns 100% 21% 79%>+
  
-{{:people:svenda-face512shadow.jpg?170|}}\\  +<grid> 
-**Security researcher** at\\ +<col xs="5" sm="4" lg="4"> 
-[[https://crocs.fi.muni.cz/| CRoCS laboratory]] at\\ +{{:people:svenda-face512shadow.jpg?170&nolink|Petr Švenda}}
-[[https://fi.muni.cz | Faculty of Informatics]] at\\ +
-[[https://muni.cz | Masaryk University]] in\\ +
-Brno, Czech Republic.\\ +
-**Mail:** <svenda@fi.muni.cz>\\ +
-**ORCID:** [[http://orcid.org/0000-0002-9784-7624 | 0000-0002-9784-7624]]\\ +
-**Twitter:** [[https://twitter.com/rngsec|@rngsec]]\\ +
-**PGP:** [[https://pgp.mit.edu/pks/lookup?op=get&search=0x86E8F87A89CEB31C | 0x89CEB31C]]\\ +
-**Office:** FIMU A406\\+
  
 +<well><TEXT size="large" align="center">
 +{{fa>envelope}}\_[[mailto:svenda@fi.muni.cz|svenda@fi.muni.cz]]\\
 +{{fa>twitter}}\_[[https://twitter.com/rngsec|@rngsec]]\_\_\_
 +{{fa>pgp}}\_[[https://crocs.fi.muni.cz/people/svenda/pgp | PGP 0x62110517]]\\
 +{{fa>list-ul}}\_[[https://scholar.google.cz/citations?user=sAA8_ysAAAAJ&hl=en|Scholar]]\_\_\_
 +{{https://orcid.org/sites/default/files/images/orcid_16x16.png?nolink|ORCID}}\_\_[[http://orcid.org/0000-0002-9784-7624|ORCID]]\_\_\_
 +{{fa>code-fork}}\_[[https://github.com/petrs|GitHub]]\\
 +{{fa>building}}\_Office A406, FI MUNI\\
 +</TEXT></well>
  
----- 
  
 +**Courses I teach**\\
 +[[https://is.muni.cz/predmet/fi/jaro2018/PB071|Low-level programming in C]] (PB071)\\
 +[[https://is.muni.cz/predmet/fi/jaro2018/PV204|Security technologies]] (PV204)\\
 +[[https://is.muni.cz/predmet/fi/podzim2017/PA193|Secure coding]] (PA193)\\
 +[[https://is.muni.cz/predmet/fi/jaro2018/PA197|Secure network design]] (PA197)\\
 +[[https://is.muni.cz/predmet/fi/jaro2018/PA168|PhD seminar on ITSec]] (PA168)\\
  
-**My social links**\\ +**My coding and other projects**\\ 
-[[https://scholar.google.cz/citations?user=sAA8_ysAAAAJ&hl=en|Google Scholar]]\\ +[[http://jcalgtest.org|JCAlgTest]] (**#smartcards**, JavaCard performance testing)\\ 
-[[https://www.researchgate.net/profile/Petr_Svenda|ResearchGate]]\\ +[[https://github.com/OpenCryptoProject/Myst Myst]] (**#smartcards**, Secure multi-party on JavaCards)\\ 
-[[https://muni.academia.edu/PetrSvenda|Academia.edu]]\\ +[[http://opencryptojc.org/|JCMathLib]] (**#smartcards**, ECPoint&Bignat open library)\\ 
-[[https://www.muni.cz/en/people/4085-petr-svenda|MUNI portal]]\\ +[[http://crcs.cz/rsapp | RSA key classifier]] (**#crypto**, Pubkey to library classificator)\\ 
-[[https://www.linkedin.com/in/petr-svenda-58b27ab|LinkedIn]]\\ +[[https://github.com/OpenCryptoProject/JCProfiler | JCProfiler]] (**#smartcards**, JavaCard Applet speed profile)\\ 
-[[https://twitter.com/rngsec|Twitter]] @rngsec\\ +[[https://github.com/crocs-muni/WSNProtectLayer WSNProtectLayer]] (**#wsn/IoT**, Transparent enc&auth proxy)\\ 
-[[https://github.com/petrs/|GitHub ]] @petrs\\+[[https://github.com/crocs-muni/eacirc EACirc ]](**#randomness**, Randomness testing battery)\\ 
 +[[https://github.com/crocs-muni/APDUPlay APDUPlay ]] (**#smartcards**, APDU logging and manipulation)\\ 
 +[[https://github.com/petrs/JavaPresso JavaPresso ]] (**#smartcards**, Source code packer for JavaCard)\\ 
 +[[http://astrolight.cz | My astrophotography pictures]] (**#astro**)\\
  
 +</col>
 +<col xs="7" sm="8" lg="8">
  
-**Courses I teach**\\ +====== docPetr Švenda Ph.D(associate professor) ======
-[[https://is.muni.cz/predmet/fi/jaro2017/PB071|Low-level programming in C]]\\ +
-[[https://is.muni.cz/predmet/fi/jaro2017/PV204|Security technologies]]\\ +
-[[https://is.muni.cz/predmet/fi/podzim2016/PA193|Secure coding]]\\ +
-[[https://is.muni.cz/predmet/fi/jaro2017/PA197|Secure network design]]\\ +
-[[https://is.muni.cz/predmet/fi/jaro2017/PB173|Domain-specific devel C/C++]]\\+
  
-**My coding and other projects**\\ +<TEXT size="large"> 
-[[http://jcalgtest.org|JCAlgTest]] (smartcards)\\ +I'm computer security researcher, lecturer and active member of the [[https://crocs.fi.muni.cz/| Centre for Research on Cryptography and Security]] at [[https://muni.cz Masaryk University]] in Brno, Czech RepublicMy main research areas are cryptographic protocols for limited devices, analysis and use of secure hardware and randomness assesment and entropy extractionI also enjoy programming, especially in area of security-sensitive applications.  
-[[http://opencryptojc.org/|JCMathLib]] (smartcards)\\ +</TEXT>
-[[http://crcs.cz/rsapp RSA key classifier]] (crypto)\\ +
-[[https://github.com/crocs-muni/WSNProtectLayer WSNProtectLayer]] (wsn/IoT)\\ +
-[[https://github.com/crocs-muni/eacirc | EACirc ]](randomness)\\ +
-[[https://github.com/crocs-muni/APDUPlay | APDUPlay ]] (smartcards)\\ +
-[[https://enigmabridge.com/mpc.html| Secure MPC (smartcards)]]\\ +
-[[http://astrolight.cz | My astrophotography]] (astro)\\+
  
-<newcolumn>+<panel type="primary" title="Current aim of my research"> 
 +<text size="large">"I want to empower people running secure multiparty protocols on cryptographic smartcards."</text> 
 +</panel>
  
-<callout type="info">I'm computer security researcher, lecturer and active member of Centre for Research on Cryptography and Security (CRoCS). My main research areas are cryptographic protocols for limited devices, analysis and use of secure hardware and randomness assesment and entropy extraction. I also enjoy programming, especially in area of security-sensitive applications. The text below is an attempt to put my work into some context.  
-</callout> 
 See full list of [[:publications:authors:petr-svenda | my publications]]. Read about research topics in CRoCS lab [[:public:research:main | here]]. My older homepage is [[https://www.fi.muni.cz/~xsvenda/index_old.html | still available]]. See full list of [[:publications:authors:petr-svenda | my publications]]. Read about research topics in CRoCS lab [[:public:research:main | here]]. My older homepage is [[https://www.fi.muni.cz/~xsvenda/index_old.html | still available]].
  
-=== Secure hardware ===  +==== Secure hardware ==== 
-I have a strong passion for cryptographic smartcards, both for the research and development topics. I was involved in the laboratory testing of the resilience of smartcards hardware against power and fault analysis, reverse engineering of JavaCard bytecode from the power trace ({{ :people:europen2010_javacardsecurity.pdf|paper}}), security code review of JavaCard applets and applications development. I worked on data retention compliant logging for AN.ON anonymity service at TU Dresden ({{ :people:ifipss2009.pdf |paper}}) and massively parallel cloud security hardware platform ({{:public:papers:cryptohive_svenda_space2015.pdf.pdf|paper}}). We analyzed millions RSA keys extracted from smartcards to detect biases in generated public keys ({{:publications:pdf:2016-usenixsec-svenda.pdf|USENIXSec'16, best paper award}}). I started and still maintain the largest open-source database of performance and algorithmic support tests of smartcards with JavaCard platform  ([[http://jcalgtest.org |JCAlgTest project]]). I co-developed library for Bignat and ECPoint for JavaCard platform which requires no vendor proprietary API [[http://opencryptojc.org/|JCMathLib (BlackHat 2017)]] and compromise-resistant signing and key generation via secure multiparty computation protocol on a grid of smartcards ([[https://enigmabridge.com/mpc.html|DEFCON 2017]]).+I have a strong passion for cryptographic smartcards, both for the research and development topics. We recently analyzed millions RSA keys extracted from smartcards to detect biases in generated public keys ({{:publications:pdf:2016-usenixsec-svenda.pdf|USENIXSec'16, best paper award}}). Our follow-up lead to discovery of the weak RSA key generation algorithm on Infineon smartcards known as [[https://roca.crocs.fi.muni.cz/ | ROCA vulnerability (CVE-2017-15361)]] received The Real-World Impact award at [[https://acmccs.github.io/papers/ | ACM CCS 2017]]. The more precise method to measure the popularity of cryptographic libraries detects the significant variation in a source of certificates submitted weekly to Certificate Transparency and shows that OpenSSL is more popular than ever in internet-wide scans ([[https://crocs.fi.muni.cz/papers/acsac2017 |ACSAC 2017]]).   
 +  
 +The compromise-resistant ECC-based signing and key generation via secure multiparty computation protocol on a grid of smartcards was showcased at [[https://enigmabridge.com/mpc.html|DEFCON 2017]] with all details published at [[https://trojantolerance.org | ACM CCS 2017]]. I co-developed library for Bignat and ECPoint for JavaCard platform which requires no vendor proprietary API [[http://opencryptojc.org/|JCMathLib]] showcased at [[https://www.blackhat.com/us-17/briefings.html#opencrypto-unchaining-the-javacard-ecosystem | BlackHat 2017]] and used in [[https://trojantolerance.org | ACM CCS 2017]] prototype. In 2006 I started and still maintain the largest open-source database of performance and algorithmic support tests of smartcards with JavaCard platform  ([[http://jcalgtest.org |JCAlgTest project]]). 
 +I was involved in the laboratory testing of the resilience of smartcards hardware against power and fault analysis, reverse engineering of JavaCard bytecode from the power trace ({{ :people:europen2010_javacardsecurity.pdf|paper}}), security code review of JavaCard applets and applications development. I worked on data retention compliant logging for AN.ON anonymity service at TU Dresden ({{ :people:ifipss2009.pdf |paper}}) and massively parallel cloud security hardware platform ({{:public:papers:cryptohive_svenda_space2015.pdf.pdf|paper}}).  
 +</col> 
 +</grid>
  
-=== Randomness and entropy extraction ===  +==== Randomness and entropy extraction ==== 
-We work on non-tradition randomness testing battery based on genetic programming ([[https://github.com/crocs-muni/eacirc |EACirc project]]) with statistical tests continually adapted to analyzed binary sequence to find defects in cryptographic functions ({{:publications:pdf:2014-secrypt-sys.pdf|paper}}). Additionally, we aim to provide guidance which part of an analyzed function is responsible for the observed defect. I was involved in practical entropy extractors from hardware sources available on mobile devices, especially from the microphone and camera input ({{{{ :people:rng_nordsec07.pdf |paper}}, {{ :people:rngextractor_nordsec09.pdf |paper}}).  +We work on non-tradition randomness testing battery based on genetic programming ([[https://github.com/crocs-muni/eacirc |EACirc project]]) with statistical tests continually adapted to analyzed binary sequence to find defects in cryptographic functions ({{:publications:pdf:2014-secrypt-sys.pdf|paper}}). We also aim to provide guidance which part of an analyzed function is responsible for the observed defect. We proposed lightweight yet powerful bias detection method based on boolean functions ([[http://www.secrypt.icete.org/?y=2017 |Secrypt 2017]]) with detection of previously unknown biases in Java Random and C rand generators. I was involved in practical entropy extractors from hardware sources available on mobile devices, especially from the microphone and camera input ({{{{ :people:rng_nordsec07.pdf |paper}}, {{ :people:rngextractor_nordsec09.pdf |paper}}).  
  
-=== Wireless Sensor Networks (WSNs) === +==== Wireless Sensor Networks (WSNs) ====
 WSNs were my main Ph.D. research topic with thesis defended in 2009 (//The link key security in wireless sensor networks//, {{ :people:svenda_phd_thesis2009.pdf |thesis}}). We inspect security protocols for networks with the assumption of an inevitability of partial compromise. We proposed several techniques how to maintain reasonably functional and secure network ranging from the node capture resilient key establishment ({{ :people:pega_wsns08.pdf |paper}}) over key strengthening mechanism called secrecy amplification ({{:public:papers:secamplif_wistp15.pdf |paper}}) to automatic protocol generation ({{ :people:wisec09svenda.pdf |paper}}). We developed transparent security platform via virtualized radio stack for TinyOS ([[https://github.com/crocs-muni/WSNProtectLayer |WSNProtectLayer project]]). WSNs were my main Ph.D. research topic with thesis defended in 2009 (//The link key security in wireless sensor networks//, {{ :people:svenda_phd_thesis2009.pdf |thesis}}). We inspect security protocols for networks with the assumption of an inevitability of partial compromise. We proposed several techniques how to maintain reasonably functional and secure network ranging from the node capture resilient key establishment ({{ :people:pega_wsns08.pdf |paper}}) over key strengthening mechanism called secrecy amplification ({{:public:papers:secamplif_wistp15.pdf |paper}}) to automatic protocol generation ({{ :people:wisec09svenda.pdf |paper}}). We developed transparent security platform via virtualized radio stack for TinyOS ([[https://github.com/crocs-muni/WSNProtectLayer |WSNProtectLayer project]]).
 +
 +
 ---- ----
  
-=== Teaching and thesis supervision === +==== Teaching and thesis supervision ====
 I teach mostly security and applied cryptography focused courses (see list on the left), commonly with programming as the important component for deeper understanding. I really value feedback and participation - don't leave for yourself what you are happy and unhappy with.  I teach mostly security and applied cryptography focused courses (see list on the left), commonly with programming as the important component for deeper understanding. I really value feedback and participation - don't leave for yourself what you are happy and unhappy with. 
  
-I do supervise bc. and mgr. thesis - read first the list of available topics [[https://www.fi.muni.cz/research/crocs/topics.xhtml.en | here]] and projects we [[:public:research:main | work on]]. Then ask for a personal meeting - the majority of thesis I supervise are customized based on a discussion with you. And don't be shy to approach me with your own favorite topic.      +I do supervise bc. and mgr. thesis - read first the list of available topics [[https://www.fi.muni.cz/research/crocs/topics.xhtml.en | here]] and projects we [[:public:research:main | work on]]. Then ask for a personal meeting - the majority of the thesis I supervise are customized based on a discussion with you. And don't be shy to approach me with your own favorite topic.      
  
-</columns>+~~CLEARFIX~~
  
 ---- ----
 +
 ===== My publications ===== ===== My publications =====
 +
 +==== 2023 ====
 +{{section>publications:authors:petr-svenda#2023&noheader&fullpage}}
 +
 +==== 2022 ====
 +{{section>publications:authors:petr-svenda#2022&noheader&fullpage}}
 +
 +==== 2021 ====
 +{{section>publications:authors:petr-svenda#2021&noheader&fullpage}}
 +
 +==== 2020 ====
 +{{section>publications:authors:petr-svenda#2020&noheader&fullpage}}
 +
 +==== 2019 ====
 +{{section>publications:authors:petr-svenda#2019&noheader&fullpage}}
 +
 +==== 2018 ====
 +{{section>publications:authors:petr-svenda#2018&noheader&fullpage}}
 +
 +==== 2017 ====
 +{{section>publications:authors:petr-svenda#2017&noheader&fullpage}}
  
 ==== 2016 ==== ==== 2016 ====
Line 83: Line 111:
  
 See full list of [[:publications:authors:petr-svenda | my publications]]. See full list of [[:publications:authors:petr-svenda | my publications]].
- 
- 
-