| Both sides previous revision Previous revision Next revision | Previous revision |
| public:research:main [2025-09-08 08:24] – [Randomness statistical testing of TRNG and PRNG] Marek Sýs | public:research:main [2025-10-12 19:13] (current) – [Usable security] Petr Švenda |
|---|
| |
| <collapse id="randomness" collapsed="true"> | <collapse id="randomness" collapsed="true"> |
| **Last update: 23. 10. 2024** | **Last update: 08. 09. 2025** |
| |
| **Contact:** Marek Sýs <syso@mail.muni.cz> | **Contact:** Marek Sýs <syso@mail.muni.cz> |
| | |
| **Current projects:** | **Current projects:** |
| * CoolTest/BoolTest - efficient and interpretable statistical testing battery: [[https://github.com/ph4r05/polynomial-distinguishers|BoolTest Github repository]], [[https://github.com/jirigav/cooltest|CoolTest|CoolTest Github repository]] | * CoolTest/BoolTest - efficient and interpretable statistical testing battery: [[https://github.com/ph4r05/polynomial-distinguishers|BoolTest Github repository]], [[https://github.com/jirigav/cooltest|CoolTest Github repository]] |
| * Randomness Testing Tool (RTT, STS NIST, Dieharder, TestU01) - unified interface for different statistical batteries [[https://github.com/crocs-muni/randomness-testing-toolkit | Github repository]] | * Randomness Testing Tool (RTT, STS NIST, Dieharder, TestU01) - unified interface for different statistical batteries [[https://github.com/crocs-muni/randomness-testing-toolkit | Github repository]] |
| **Involved people:** | **Involved people:** |
| * [[https://is.muni.cz/auth/osoba/168968|Milan Brož]] 2019-2025 (Randomness Testing Tool) | * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (CoolTest/BoolTest - concept and improvements, NIST STS speed up, EACirc - concept, results interpretation) |
| * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (BoolTest - concept and improvements, NIST STS speed up, EACirc - concept, results interpretation) | * [[https://is.muni.cz/auth/osoba/484647|Jiří Gavenda]] 2024-now (CoolTest - concept and implementations) |
| |
| **Previous projects and resources:** | **Previous projects and resources:** |
| * EACirc - statistical battery based on evolutionary algorithms [[https://github.com/crocs-muni/eacirc-core | Github repository]], Research project [[research:eacirc:main| internal wiki pages]][[https://github.com/crocs-muni/EACirc/wiki | EACirc wiki pages]] | * EACirc - statistical battery based on evolutionary algorithms [[https://github.com/crocs-muni/eacirc-core | Github repository]], Research project [[research:eacirc:main| internal wiki pages]][[https://github.com/crocs-muni/EACirc/wiki | EACirc wiki pages]] |
| |
| **Former participants:** Petr Švenda 2008-2017 (EACirc project lead, initial implementation, Cryptostream), Dušan Klinec 2015-2022(BoolTest - polynomial representation, Cryptostream - large number of cryptoprimitives); Karel Kubíček 2014-2017 (Cryptostream - former main developer, block ciphers, TEA, metaheuristics, generator); Tamas Rozsa 2016-2020 (cryptostreams functions); Radka Cieslarová 2015-2019 (heatmap analysis of function); Michal Hajas 2015- 2019 (bytecode emulator, margins); Martin Ukrop 2012-2017 (framework model, refactoring, SHA-3 candidates testing, supporting tools); Ľubomír Obrátil 2014-2017 (BOINC&EACirc tasks automization); Jiří Novotný 2014-2016 (CUDA programming, EACirc core); Jan Švarc 2014-2015 (CUDA programming); Zdenek Říha 2013-2016 (bytecode emulator); Milan Čermák 2012-2013 (CUDA support); Ondrej Dubovec 2011-2012 (SHA-3 candidates testing); Matěj Prišťák 2011-2012 (object model and refactoring, XML support, eStream candidates testing); Tobiáš Smolka 2011-2012 (BOINC related support); | **Former participants:** Milan Brož 2019-2025 (Randomness Testing Tool), Petr Švenda 2008-2017 (EACirc project lead, initial implementation, Cryptostream), Dušan Klinec 2015-2022(BoolTest - polynomial representation, Cryptostream - large number of cryptoprimitives); Karel Kubíček 2014-2017 (Cryptostream - former main developer, block ciphers, TEA, metaheuristics, generator); Tamas Rozsa 2016-2020 (cryptostreams functions); Radka Cieslarová 2015-2019 (heatmap analysis of function); Michal Hajas 2015- 2019 (bytecode emulator, margins); Martin Ukrop 2012-2017 (framework model, refactoring, SHA-3 candidates testing, supporting tools); Ľubomír Obrátil 2014-2017 (BOINC&EACirc tasks automization); Jiří Novotný 2014-2016 (CUDA programming, EACirc core); Jan Švarc 2014-2015 (CUDA programming); Zdenek Říha 2013-2016 (bytecode emulator); Milan Čermák 2012-2013 (CUDA support); Ondrej Dubovec 2011-2012 (SHA-3 candidates testing); Matěj Prišťák 2011-2012 (object model and refactoring, XML support, eStream candidates testing); Tobiáš Smolka 2011-2012 (BOINC related support); |
| |
| ** Selected publications: ** | ** Selected publications: ** |
| ===== Side-channel analysis ===== | ===== Side-channel analysis ===== |
| |
| {{ :public:research:sca_chat_gpt_v2.png?direct&200|}} | {{ :public:research:sca_chat_gpt_v2.png?direct&180|}} |
| |
| |
| **Contact: Lukasz Chmielewski <chmiel@fi.muni.cz> ** | **Contact: Lukasz Chmielewski <chmiel@fi.muni.cz> ** |
| |
| **More information, projects and resources:** | **More information, projects, and resources:** |
| * JCAlgTest [[https://github.com/crocs-muni/JCAlgTest | GitHub repository]] - **//TBU that is just an example//** | * Attack_Kyber_ACNS2024 [[https://github.com/crocs-muni/Attack_Kyber_ACNS2024 | GitHub repository]] - an online template attack against Kyber (ML-DSA). |
| | * [[https://github.com/sca-secure-library-sca25519/sca25519 | GitHub repository]] - three implementations of X25519 in C and assembly for the Cortex-M4 with countermeasures against side-channel and fault injection attacks. |
| |
| **Involved people:** | **Involved people:** |
| * [[https://is.muni.cz/auth/person/247858|Łukasz Chmielewski]] 2022-now (side-channel and fault injection security) | * [[https://is.muni.cz/auth/person/247858|Łukasz Chmielewski]] 2022-now (side-channel and fault injection security) |
| * Milan Šorf ? | * [[https://is.muni.cz/auth/person/500362|Milan Šorf]] 2023-now (side-channel analysis and crypto-wallets security) |
| | * [[https://is.muni.cz/auth/person/492760|Veronika Hanulíková]] 2025-now (side-channel security of JavaCard and blockchain security) |
| **Past members:** xxx 2019-2022 **//TBU potentially empty//**, | * Master students: Tomáš Jaroš, Michal Masrna, and Oliver Bajus |
| | * Jan Janásek |
| | * Oliver Šimoník |
| | |
| | **Past members:** master students: Daud Naveed, Lubomír Hrbáček, and Radomír Mann. |
| | |
| ** Selected publications: ** | ** Selected publications: ** |
| ---- | ---- |
| |
| ---- | |
| |
| ---- | ===== Usable security ===== |
| |
| ---- | {{ :public:research:social.png?direct&300|}} |
| |
| ====== Archived research projects in CRoCS laboratory ====== | Our usable security projects focus on computer security and interactions of systems with end-users (true end-users as well as IT professionals using a particular system for their job). We are currently investigating factors influencing usability of reports from penetration testing, figuring out what those that use these reports can and cannot really find out from pentesting reports - and how to improve that. We also examine usability of AI-assisted pentesting report writing. |
| <callout type="info" icon="true">Click <button icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already). | |
| </callout> | |
| |
| <collapse id="archived" collapsed="true"> | We started our first significant project in the area of usable security in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code) with results available [[https://crocs.fi.muni.cz/public/papers/2020-tacr-report | here]] |
| |
| |
| ===== Social and behavioral aspects of security ===== | |
| |
| Our end-user oriented usable security projects focus on computer security and interactions of systems with end-users. We started in our first significant project in this area in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. | |
| The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. | |
| |
| We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code). Results from this project are available here: https://crocs.fi.muni.cz/public/papers/2020-tacr-report | |
| |
| |
| <button icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> |
| <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> | <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> |
| | <collapse id="social" collapsed="true"> |
| |
| |
| **Last update: 21. 1. 2021** | **Last update: 4. 10. 2025** |
| |
| **Contact:** Vašek Matyáš <matyas@fi.muni.cz>, Agáta Kružíková <kruzikova@mail.muni.cz> | **Contact:** Vashek Matyáš <matyas@fi.muni.cz> |
| |
| **Involved people:** | **Involved people:** |
| {{:public:crocs:matyas.jpg?50|}} {{:public:crocs:stavova.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}} {{:public:crocs:janca.jpg?50|}} {{:public:crocs:malinka.jpg?50|}} | * [[https://www.muni.cz/en/people/422705|Katarína Galanská]] 2021-now |
| * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now | * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now |
| * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2013-now | * [[https://is.muni.cz/auth/osoba/344|Vashek Matyáš]] 2013-now |
| |
| **Former participants:** Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Šťavová (2014-2019); Martin Ukrop (2016-2018); Lenka Knapová (2018-2020) | **Former participants:** Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Bukačová (Šťavová) (2014-2019); Martin Ukrop (2016-2024); Lenka Knapová (2018-2020) |
| |
| ** Selected publications: ** | ** Selected publications: ** |
| | * [2025] Galanska, K, Kruzikova, A., Matyas, V., Pibilota, M. M., and Just, M. From Reports to Actions: Bridging the Customer Usability Gap in Penetration Testing. IEEE ACCESS. IEEE, 2025, vol. 13, No 2025, p. 73975-73986. ISSN 2169-3536. Available from: https://doi.org/10.1109/ACCESS.2025.3561220. |
| * [2018] Stavova, V., Dedkova, L., Ukrop, M., and Matyas, V. (in press). A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 2018, 64–71. | * [2024] Kruzikova, A., Di Campi, M., Cerny, T., and Matyas, V. No Thumbs Up in Pictures! Experimental Fingerprint Forgery for Inexperienced Impostors. IEEE ACCESS, 2024, vol. 12, No 131297, p. 131297-131312. ISSN 2169-3536. Available from: https://doi.org/10.1109/ACCESS.2024.3446034. |
| * [2017] Stavova, V., Matyas, V., Just M. and Ukrop, M.:Factors Influencing the Purchase of Security Software for Mobile Devices – Case Study, Infocommunications Journal, 2017, 18–23. | * [2024] Kruzikova, A., Muzik, M., Knapova, L., Dedkova, L., Smahel, D., and Matyas, V. Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfaction. Computers & Security. 2024, vol. 138, No 103667, p. 1-11. ISSN 0167-4048. Available from: https://doi.org/10.1016/j.cose.2023.103667. |
| | * [2022] Matyas, V., Malinka, K., Kraus, L., Knapova, L., and Kruzikova, A. Even if users do not read security directives, their behavior is not so catastrophic. Communications of the ACM. New York, NY, USA: ACM, 2022, vol. 65, No 1, p. 37-40. ISSN 0001-0782. Available from: https://doi.org/10.1145/3471928. |
| | * [2022] Smahel, D., Dedkova, L., Kraus, L., Matyas, V., and Bukacova, V. Investigating Installers of Security Software in 20 Countries: Individual-and Country-Level Differences. Human Behavior and Emerging Technologies. 2022, vol. 2022, No 1230344, p. 1-12. ISSN 2578-1863. Available from: https://doi.org/10.1155/2022/1230344. |
| | * [2022] Kruzikova, A., Knapova, L., Smahel, D., Dedkova, L. and Matyas, V. Usable and secure? User perception of four authentication methods for mobile banking. Computers & Security. Oxford: Elsevier, 2022, vol. 115, No 1, p. 1-12. ISSN 0167-4048. Available from: https://doi.org/10.1016/j.cose.2022.102603. |
| | * [2020] Ukrop, M., Kraus, L., and Matyas, V. Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version). Digital Threats: Research and Practice. New York, NY, USA: Association for Computing Machinery, 2020. https://doi.org/10.1145/3419472. |
| | * [2018] Stavova, V., Dedkova, L., Ukrop, M., and Matyas, V. A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 2018, 64–71. |
| * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016. | * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016. |
| * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016. | * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016. |
| * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}} | * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}} |
| | |
| | </collapse> |
| | ---- |
| | |
| |
| |
| ---- | ---- |
| | |
| | ---- |
| | |
| | ---- |
| | |
| | ====== Archived research projects in CRoCS laboratory ====== |
| | <callout type="info" icon="true">Click <button icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already). |
| | </callout> |
| | |
| | <collapse id="archived" collapsed="true"> |
| | |
| ===== Disk encryption ===== | ===== Disk encryption ===== |
| {{ :public:research:fde.png?direct&200|}} | {{ :public:research:fde.png?direct&200|}} |