Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:research:main [2025-09-08 08:29] – [Randomness statistical testing of TRNG and PRNG] Marek Sýspublic:research:main [2025-10-12 19:13] (current) – [Usable security] Petr Švenda
Line 422: Line 422:
 ===== Side-channel analysis ===== ===== Side-channel analysis =====
  
-{{ :public:research:sca_chat_gpt_v2.png?direct&200|}}+{{ :public:research:sca_chat_gpt_v2.png?direct&180|}}
  
  
Line 435: Line 435:
 **Contact: Lukasz Chmielewski <chmiel@fi.muni.cz> ** **Contact: Lukasz Chmielewski <chmiel@fi.muni.cz> **
  
-**More information, projects and resources:** +**More information, projectsand resources:** 
-  * JCAlgTest [[https://github.com/crocs-muni/JCAlgTest | GitHub repository]] - **//TBU that is just an example//**+  * Attack_Kyber_ACNS2024 [[https://github.com/crocs-muni/Attack_Kyber_ACNS2024 | GitHub repository]] - an online template attack against Kyber (ML-DSA).  
 +  [[https://github.com/sca-secure-library-sca25519/sca25519 | GitHub repository]] -  three implementations of X25519 in C and assembly for the Cortex-M4 with countermeasures against side-channel and fault injection attacks. 
  
 **Involved people:**   **Involved people:**  
   * [[https://is.muni.cz/auth/person/247858|Łukasz Chmielewski]] 2022-now (side-channel and fault injection security)   * [[https://is.muni.cz/auth/person/247858|Łukasz Chmielewski]] 2022-now (side-channel and fault injection security)
-  * Milan Šorf ? +  * [[https://is.muni.cz/auth/person/500362|Milan Šorf]] 2023-now (side-channel analysis and crypto-wallets security)  
-   +  * [[https://is.muni.cz/auth/person/492760|Veronika Hanulíková]] 2025-now (side-channel security of JavaCard and blockchain security)  
-**Past members:** xxx 2019-2022 **//TBU potentially empty//**,   +  Master studentsTomáš Jaroš, Michal Masrna, and Oliver Bajus 
 +  Jan Janásek 
 +  Oliver Šimoník 
 + 
 +**Past members:** master students: Daud Naveed, Lubomír Hrbáčekand Radomír Mann. 
      
 ** Selected publications: ** ** Selected publications: **
Line 453: Line 458:
 ---- ----
  
----- 
  
-----+===== Usable security =====
  
-----+{{ :public:research:social.png?direct&300|}}
  
-====== Archived research projects in CRoCS laboratory ====== +Our usable security projects focus on computer security and interactions of systems with end-users (true end-users as well as IT professionals using a particular system for their job). We are currently investigating factors influencing usability of reports from penetration testing, figuring out what those that use these reports can and cannot really find out from pentesting reports - and how to improve that. We also examine usability of AI-assisted pentesting report writing.
-<callout type="info" icon="true">Click <button  icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).   +
-</callout>+
  
-<collapse id="archived" collapsed="true">+We started our first significant project in the area of usable security in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code) with results available [[https://crocs.fi.muni.cz/public/papers/2020-tacr-report | here]]
  
- 
-===== Social and behavioral aspects of security ===== 
- 
-Our end-user oriented usable security projects focus on computer security and interactions of systems with end-users. We started in our first significant project in this area in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. 
-The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. 
- 
-We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code). Results from this project are available here: https://crocs.fi.muni.cz/public/papers/2020-tacr-report 
  
  
Line 477: Line 472:
 <button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> <button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button>
 <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button>
 +<collapse id="social" collapsed="true">
  
  
-**Last update: 2112021**+**Last update: 4102025**
  
-**Contact:** Vašek Matyáš <matyas@fi.muni.cz>, Agáta Kružíková <kruzikova@mail.muni.cz>+**Contact:** Vashek Matyáš <matyas@fi.muni.cz>
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:matyas.jpg?50|}}  {{:public:crocs:stavova.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}} {{:public:crocs:janca.jpg?50|}}  {{:public:crocs:malinka.jpg?50|}} +  * [[https://www.muni.cz/en/people/422705|Katarína Galanská]] 2021-now
   * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now   * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now
-  * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2013-now+  * [[https://is.muni.cz/auth/osoba/344|Vashek Matyáš]] 2013-now
  
-**Former participants:** Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Šťavová (2014-2019); Martin Ukrop (2016-2018); Lenka Knapová (2018-2020)+**Former participants:** Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Bukačová (Šťavová(2014-2019); Martin Ukrop (2016-2024); Lenka Knapová (2018-2020)
  
 ** Selected publications: ** ** Selected publications: **
- +  * [2025] Galanska, K, Kruzikova, A., Matyas, V., Pibilota, M. M., and Just, M. From Reports to Actions: Bridging the Customer Usability Gap in Penetration Testing. IEEE ACCESS. IEEE, 2025, vol. 13, No 2025, p. 73975-73986. ISSN 2169-3536. Available from: https://doi.org/10.1109/ACCESS.2025.3561220. 
-  * [2018Stavova, V., Dedkova, L., UkropM., and Matyas, V. (in press)A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 201864–71+  * [2024Kruzikova, A., Di Campi, M., Cerny, T., and Matyas, V. No Thumbs Up in Pictures! Experimental Fingerprint Forgery for Inexperienced Impostors. IEEE ACCESS, 2024, vol. 12, No 131297, p. 131297-131312. ISSN 2169-3536. Available from: https://doi.org/10.1109/ACCESS.2024.3446034. 
-  * [2017StavovaV., Matyas, V., Just M. and UkropM.:Factors Influencing the Purchase of Security Software for Mobile Devices – Case StudyInfocommunications Journal20171823.+  * [2024] Kruzikova, A., Muzik, M., Knapova, L., Dedkova, L., SmahelD., and Matyas, V. Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfactionComputers & Security. 2024, vol. 138, No 103667, p. 1-11. ISSN 0167-4048. Available from: https://doi.org/10.1016/j.cose.2023.103667. 
 +  * [2022] Matyas, V., Malinka, K., Kraus, L., Knapova, L., and Kruzikova, A. Even if users do not read security directives, their behavior is not so catastrophic. Communications of the ACM. New York, NY, USA: ACM, 2022vol. 65, No 1, p. 37-40. ISSN 0001-0782. Available from: https://doi.org/10.1145/3471928
 +  * [2022SmahelD., Dedkova, L., Kraus, L., Matyas, V., and Bukacova, VInvestigating Installers of Security Software in 20 Countries: Individual-and Country-Level Differences. Human Behavior and Emerging Technologies. 2022vol2022, No 1230344, p. 1-12. ISSN 2578-1863. Available fromhttps://doi.org/10.1155/2022/1230344. 
 +  * [2022] Kruzikova, A., Knapova, L., Smahel, D., Dedkova, L. and Matyas, V. Usable and secure? User perception of four authentication methods for mobile banking. Computers & Security. Oxford: Elsevier, 2022, vol. 115, No 1, p. 1-12. ISSN 0167-4048. Available from: https://doi.org/10.1016/j.cose.2022.102603. 
 +  * [2020] Ukrop, M., Kraus, L., and Matyas, V. Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version). Digital Threats: Research and Practice. New York, NY, USA: Association for Computing Machinery2020. https://doi.org/10.1145/3419472. 
 +  * [2018] StavovaV.Dedkova, L., Ukrop, M., and Matyas, V. A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 2018, 6471.
   * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016.    * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016. 
   * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016.   * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016.
   * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}}   * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}}
 +
 +</collapse>
 +----
 +
  
  
 ---- ----
 +
 +----
 +
 +----
 +
 +====== Archived research projects in CRoCS laboratory ======
 +<callout type="info" icon="true">Click <button  icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).  
 +</callout>
 +
 +<collapse id="archived" collapsed="true">
 +
 ===== Disk encryption ===== ===== Disk encryption =====
 {{ :public:research:fde.png?direct&200|}} {{ :public:research:fde.png?direct&200|}}