Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:research:main [2019-12-03 19:48] xjanovskpublic:research:main [2024-01-18 15:50] (current) – [Open-source security tools] xjancar
Line 1: Line 1:
-====== Research themes in CRoCS laboratory [crcs.cz/projects] ======+====== Research topics at CRoCS ======
 ~~NOTOC~~ ~~NOTOC~~
  
 +<ifauth @user>
 +<callout type="primary" icon="true" title="This page (informal) edit rules:">
 +  - Primary audience are a) students searching for thesis topic and b) foreign researchers interested in our work
 +  - Add selection of few most relevant publications to 'Selected publications' section [goal: convince external researcher we have serious results]
 +  - Make sure 'Publications' button points to complete list of even loose relevant papers (add the keyword to bibtex as described [[https://crocs.fi.muni.cz/publications/main|here]]) [goal: provide all topic-relevant results quickly]
 +  - Try to be consistent with other topics (convince others to update before overly creative change) [goal: have professional consistent style] 
 +  - Add list of involved people and in alphabetical order (goal: avoid subjective ordering based on contributions)
 +  - Update when new publication, tool or contributor happens [goal: keep page up to date]
 +  - Use local section edit instead of whole page edit, check that page is not broken after edits (removed topic, garbage text) [goal: keep page nice and complete]
 +  - Add new topic only when significant work was already done, discuss before [goal: keep page relevant and not overly long]
 +</callout>
 +
 +
 +</ifauth>
 +
 +<callout type="success" icon="true" title="How to get involved">
   - Find project you like,   - Find project you like,
-  - Contact people involved (or visit [[:public:openlab:main | OpenLab]] [crcs.cz/openlab]),+  - Contact people involved,
   - Have fun while saving the world (of research and open-source)!   - Have fun while saving the world (of research and open-source)!
 +
  
 ** Join us! ** ** Join us! **
-We are always looking for enthusiastic people with passion for problem solving willing to work hard yet having [[:public:openlab:main | good fun]]. Don't be afraid if you don't have previous experience in the project area you like. We are here to help you and we all learn something in the process.  +We are always looking for enthusiastic people with passion for problem solving willing to work hard yet having [[:public:openlab:main | good fun]]. Don't be afraid if you don't have previous experience in the project area you like. We are here to help you and we all learn something in the process.  
  
-===== Adaptive Randomness Statistical Tests =====+Read the research domains to get a wider picture. Check currently open [[https://www.fi.muni.cz/research/crocs/topics.html.en | topics in IS]], but do not hesitate do discuss different ones with contact person listed below.  
 +</callout>
  
-{{ :public:crocs:logo-eacirc.png?nolink&200|}} 
  
-The robust generation of a truly random data or pseudo-random data indistinguishable from the truly random ones is a crucial component for many cryptographic systems. We focus on finding defects in a supposedly random data with the help of automated testing methods included in so-called randomness statistical testing batteries. +===== Security of cryptographic implementations =====
  
-While most existing batteries focus on the predefined fixed tests, we automatically generate tests which adapt to the analyzed data - resulting in a stronger bias detection with a less amount of data required and with direct interpretability of the bias found. We also design and develop means for speedup of existing statsitical batteries - both with help of more effcient implementations as well as distributed and CUDA-supported execution.  
-    
-<button collapse="eacirc">Find out more</button> 
  
-<collapse id="eacirc" collapsed="true"> +{{ :public:research:cards.png?direct&300|}}
-**Last update20. 092018**+
  
-**Contact:** Petr Švenda <svenda@fi.muni.cz>   +We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips ([[https://roca.crocs.fi.muni.cz/|ROCA attack CVE-2017-15361]]) or EC private key extraction from timing of ECDSA signatures ([[https://minerva.crocs.fi.muni.cz/|Minerva attack CVE-2019-15809]]). The goal is not only to find an attack but also to provide open-source verification tools.      
 + 
 +<button icon="fa fa-caret-down" collapse="cryptoimplementations">Find out more</button> 
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:cryptoimplementations|Publications]]</button> 
 + 
 +<collapse id="cryptoimplementations" collapsed="true"> 
 + 
 +**Last update: 17.01.2024** 
 + 
 +**Contact:** Jan Jančár <j08ny@mail.muni.cz>
  
 **More information, projects and resources:** **More information, projects and resources:**
-  * BoolTest - efficient and intepretable statistical testing battery: [[https://github.com/ph4r05/polynomial-distinguishersGithub repository]] +  * [[https://keychest.net/roca|ROCA online Tester]]: A tool for testing RSA keys for the ROCA vulnerability. 
-  * Generator of output data streams from weakened cryptographic functions: [[https://github.com/crocs-muni/eacirc-streamsGithub repository]] +  * [[https://github.com/crocs-muni/roca|ROCA repository]]: A code repository with the testing tool for the ROCA vulnerability. 
-  * EACirc - statistical battery [[https://github.com/crocs-muni/eacirc-core Github repository]][[https://github.com/crocs-muni/EACirc/wiki EACirc wiki pages]] +  * [[https://github.com/crocs-muni/minerva|Minerva repository]]: An artifact repository for the Minerva vulnerability. 
-  * Randomness Testing Tool (RTT, STS NIST, Dieharder, TestU01) - unified interface for different statistical batteries [[https://github.com/crocs-muni/randomness-testing-toolkit Github repository]]  +  * [[https://crocs-muni.github.io/ECTester/|ECTester]]: A tool for testing blackbox elliptic curve cryptography implementations on smartcards and in software libraries. 
-  * Faster implementation of STS NIST testing battery: [[https://randomness-tests.fi.muni.cz|Online testing service]] +  * [[https://github.com/J08nY/pyecsca|pyecsca]]: **P**ython **E**lliptic **C**urve **C**ryptography **S**ide-**C**hannel **A**nalysis toolkit. 
-[[https://github.com/sysox/NIST-STS-optimised Github repository]] +  * [[https://github.com/crocs-muni/fooling-primality-tests|Fooling primality tests repository]]: An artifact repository for the "//Fooling primality tests on smartcards//" paper. 
-  * Research project [[research:eacirc:main| internal wiki pages]]+  [[https://github.com/crocs-muni/cm_factorization|4p-1 repository]]: An artifact repository for the "//I Want to Break Square-freeThe 4p−1 Factorization Method and Its RSA Backdoor Viability//" paper.
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:cieslarova.jpg?40|}} {{:public:crocs:hajas.jpg?50|}} {{:public:crocs:kubicek.png?50|}} {{:public:crocs:sys.jpg?50|}} {{:public:crocs:svenda.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}} +  * [[https://is.muni.cz/auth/osoba/j08ny|Jan Jančár]] 2017-now (security of ECC implementations
- +  * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2015-2021 (RSA certificates, cryptocurrency security
-  * [[https://is.muni.cz/auth/osoba/422684|Radka Cieslarová]] 2015-now (heatmap analysis of function) +  * [[https://is.muni.cz/auth/osoba/396066|Matúš Nemec]] 2016-2021 (bias in RSA key generation
-  * [[https://is.muni.cz/auth/osoba/422190|Michal Hajas]] 2015-now (bytecode emulator, generator+  * [[https://is.muni.cz/auth/osoba/408178|Vladimír Sedláček]] 2017-now (theory)
-  * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2015-now (polynomial representation+
-  * [[https://is.muni.cz/auth/osoba/408351|Karel Kubíček]] 2014-now (TEA, metaheuristics, generator+
-  * [[https://is.muni.cz/auth/osoba/396066|Matúš Nemec]] 2016-now (bias in RSA key generation)+
   * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (project concept, results interpretation)   * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (project concept, results interpretation)
   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2008-now (project lead, initial implementation)   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2008-now (project lead, initial implementation)
  
-**Former participants:** Martin Ukrop 2012-2017 (framework model, refactoring, SHA-3 candidates testing, supporting tools); Ľubomír Obrátil 2014-2017 (BOINC&EACirc tasks automization); Jiří Novotný 2014-2016 (CUDA programming, EACirc core); Jan Švarc 2014-2015 (CUDA programming); Zdenek Říha 2013-2016 (bytecode emulator); Milan Čermák 2012-2013 (CUDA support); Ondrej Dubovec 2011-2012 (SHA-3 candidates testing); Matěj Prišťák 2011-2012 (object model and refactoring, XML support, eStream candidates testing); Tobiáš Smolka 2011-2012 (BOINC related support); +** Selected publications**
- +
-** Selected publications **+
    
-  * [2017[[:public:papers:secrypt2017| SýsM.; KlinecD.; Švenda, P.: The Efficient Randomness Testing using Boolean Functions]], In Proceedings of SECRYPT 2017, 14th International Conference on Security and Cryptography, 2017.  +  * [2020JančárJ.; SedláčekV.; Sýs, M.; Švenda, P.: [[https://minerva.crocs.fi.muni.cz/| Minerva: The curse of ECDSA nonces; Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2020**Received Best Paper Award** 
-  * [2015] [[http://www.imt.ro/romjist/Volum18/Number18_1/pdf/02-MSys.pdfSýsM.; Z. Říha, V. MatyášK.MártonASuciuOn the Interpretation of Results from the NIST Statistical Test Suite]], ROMJIST Journal, 2015+  * [2020Klinec D.; Matyas V.: [[:public:papers:monero_ifipsec20Privacy-Friendly Monero Transaction Signing on a Hardware Wallet]]In IFIP TC 11 International Conference (SEC) 2020. 
-  * [2014{{:public:crocs:sys_space_2014.pdf| Sýs, M.; ZŘíha: Faster randomness testing with NIST STS}},SPACE 2014Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering, 2014+  * [2020] Sedláček, V.; JančárJ.; ŠvendaP.: [[:public:papers:primality_esorics20| Fooling primality tests on smartcards]], In 25th European Symposium on Research in Computer Security (ESORICS) 2020
-  * [2014{{:public:crocs:sys_secrypt_2014.pdf| Sýs, M.; Švenda, P.; Ukrop, M.; Matyáš, V.: Constructing empirical tests of randomness}}, In Proceedings of SECRYPT 2014, 11th International Conference on Security and Cryptography, 2014.  +  * [2020Janovský, A.; Nemec, M.; Švenda, P.; SekanP.; MatyasV.: [[:public:papers:privrsa_esorics20| Biased RSA private keys: Origin attribution of GCD-factorable keys]], In 25th European Symposium on Research in Computer Security (ESORICS) 2020
-  * [2014{{:public:crocs:svenda_ccis2014.pdf| Švenda, P.; UkropM.; Matyáš, V.: Determining Cryptographic Distinguishers for eStream and SHA-3 Candidate Functions with Evolutionary Circuits}}, In ICETE 2013, CCIS 456, Springer2014DOI: 10.1007/978-3-662-44788-8 17.  +  * [2019Sedláček, V.; Klinec, D.; Sýs, M.; Švenda, P.; Matyáš, V.: [[:public:papers:Secrypt2019| I Want to Break Square-free: The 4p−1 Factorization Method and Its RSA Backdoor Viability]], In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications (ICETE 2019) - Volume 2: SECRYPT 
-  * [2013{{:public:crocs:svenda_spw2013.pdf| Švenda, P.; Matyáš, V.: On the origin of yet another channel}}, Proceedings of Security Protocols XXILNCS 8263pp. 223-237, Springer, 2013+  * [2017Nemec, M.; Sýs, M.; Švenda, P.; KlinecD.; Matyas, V.: [[:public:papers:rsa_ccs17| The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli]], In Proceedings of ACM CCS 20172017**Received Real-world Impact Award** 
 +  * [2016] Švenda, P.; Nemec M.; Sekan P.; Kvasnovsky R.; Formanek D.; Komarek D.; Matyas V.: [[public:papers:usenix2016 |The Million-Key Question – Investigating the Origins of RSA Public Keys]]In Proceedings of USENIX Security Symposium 2016Usenix2016**Received Best Paper Award**
  
 </collapse> </collapse>
  
-===== Cryptographic smart cards security =====+===== Usability of cryptographic APIs and tools =====
  
-{{ :public:crocs:logo-sc.png?nolink&100|}}+{{ :public:research:error-usability.png?direct&250|}}
  
-This projects focuses on the security of cryptographic smart cards and their interesting uses in security systems as a trusted elementWe work mainly with JavaCard based cryptographic smart cards (sometimes also .NET or MULTOS cards). We maintain a large collection of JavaCards and use them to asses their performance, quality of truly random number generators, key generation algorithms as well as security improvements over the time.+This project focuses on the cryptographic APIs and tools with respect to their developer usabilitySuch APIs are notoriously complex and prone to usage errors -- our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.
  
-We also develop tools and libraries helping open-source developers to create open, faster and more secure JavaCard applets+In the past the research focus was on usable interfaces of cryptographic libraries from the point of developers and administrators lacking detailed security education. We are interested in both programmable and command-line interfaces, with the emphasis placed on X.509-capable libraries, such as OpenSSL, GnuTLS and NSS, paying special attention to the process of certificate creation and validation. The goal is to enable the developers to use security APIs errorlessly and API designers create better interfaces less prone to misuse. We emphasize the necessity of a usable design even for tools targeted at experienced users.
  
-<button collapse="smartcards">Find out more</button>+Recently, we also focused on tools for cryptographic developers, such as tools for verification of constant-timeness. 
 + 
 +<button  icon="fa fa-caret-down" collapse="secapi">Find out more</button> 
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> 
 + 
 +<collapse id="secapi" collapsed="true"> 
 + 
 +**Last update: 17. 01. 2024** 
 + 
 +**Contact:**  Vašek Matyáš <matyas@fi.muni.cz> 
 + 
 +  * Research project [[research:crypto-api:main|internal wiki pages]] 
 + 
 +** Involved people: **   
 + 
 +  * [[https://crocs.fi.muni.cz/people/mukrop|Martin Ukrop]] 2016-2022 
 +  * [[https://is.muni.cz/auth/osoba/445358|Jan Jancar]] 2022-now 
 +  * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2016-now 
 +  * [[https://crocs.fi.muni.cz/people/lkraus|Lydia Kraus]] 2018-now 
 + 
 +** Selected publications: **  
 + 
 +  * [2022] Jancar J., Fourné M., De Almeida Braga D., Sabt M., Schwabe P., Barthe G., Fouque P., Acar Y.: [[public:papers:usablect_sp22|“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks]], IEEE S&P 2022. 
 +  * [2022] Ukrop M., Balážová M., Žáčik P., Valčík E., Matyas V.: [[public:papers:eurousec2022|Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors]], EuroUSEC 2022. 
 +  * [2019] Ukrop M., Kraus L., Matyas V. and Wahshehand H.: [[public:papers:acsac2019|Will You Trust This TLS Certificate? Perceptions of People Working in IT]], ACSAC 2019. 
 +  * [2018] Ukrop M. and Matyas V.: [[public:papers:rsa2018|Why Johnny the Developer Can't Work with Public Key Certificates]], RSA Conference Crytographers' Track 2018. 
 + 
 +/* 
 +{{section>publications:one:2019-acsac-ukrop&noheader&fullpage}} 
 +*/ 
 + 
 +</collapse> 
 + 
 + 
 +===== Security of cryptographic hardware (smartcards, TPMs...) ===== 
 + 
 +{{ :public:research:jcalgtest_logo.png?direct&200|}} 
 + 
 +For more than two decades, we analyze the security of cryptographic hardware and interesting uses in security systems as a trusted element. We work mainly with JavaCard based cryptographic smart cards and Trusted Platform Modules (TPMs). We maintain a large collection of JavaCards and use them to assess their performance, quality of truly random number generators, key generation algorithms as well as security improvements over time. While the internal implementation of cryptographic operations is typically proprietary, we had to develop a suite of techniques for black-box analysis of the implementation correctness - with the advantage of assessment also by other users without the need for proprietary knowledge.   
 + 
 +We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets.  
 + 
 +<button icon="fa fa-caret-down" collapse="smartcards">Find out more</button> 
 +<button icon="fa fa-file-text-o">[[:publications:keywords:smartcards|Publications]]</button>
  
 <collapse id="smartcards" collapsed="true"> <collapse id="smartcards" collapsed="true">
  
-**Last update: 20.9.2018**+**Last update: 18.1.2024**
  
 **Contact:** Petr Švenda <svenda@fi.muni.cz>    **Contact:** Petr Švenda <svenda@fi.muni.cz>   
  
 **More information, projects and resources:** **More information, projects and resources:**
-  * Research project [[research:smartcard:main| internal wiki pages]] +  * **Analysis of cryptographic implementations**  
-  * **Analysis of properties of RSA keys** generated in smartcards, software libraries and hardware security modules (HSMs) +    * [[:public:papers:usenix2016| Classification of RSA key origin based on public key only]], accurate popularity of libraries [[:public:papers:acsac2017|for TLS keys]], [[http://crcs.cz/rsapp | online checker]], [[https://github.com/crocs-muni/RSABias|classifier of private keys]] 
-    * [[:public:papers:usenix2016| Classification of RSA key origin based on public key only]], accurate popularity of libraries [[:public:papers:acsac2017|for TLS keys]], [[http://crcs.cz/rsapp | online checker]] +    * ECTester - ECC implementation tester: [[https://github.com/crocs-muni/ECTester | GitHub repo]] 
-    * Real world use cases for classification capability +    * javus - systematic JavaCard VM vulnerabilities testing: [[https://github.com/quapka/javus | Github repository]] 
-  * **JCAlgTest project** - smartcards performance and capabilities testing+  * **Secure hardware performance and capabilities testing**
     * JCAlgTest [[https://github.com/crocs-muni/JCAlgTest | GitHub repository]] - tools for thorough testing of smart card capabilities     * JCAlgTest [[https://github.com/crocs-muni/JCAlgTest | GitHub repository]] - tools for thorough testing of smart card capabilities
-    * Supported JavaCard algorithms [[http://www.fi.muni.cz/~xsvenda/jcsupport.html | for more then 50 different smartcards]] +    * Supported JavaCard algorithms [[http://www.fi.muni.cz/~xsvenda/jcsupport.html | for more then 100 smartcards]] 
-  * **Smartcard remoting and Reverse engineering tools** +    * TPMAlgTester [[:public:research:tpm_live project]]- tools for detailed testing of Trusted Platform Modules  
-    * APDUPlay project - [[https://github.com/crocs-muni/APDUPlay/ PC/SC APDU inspection and manipulation tool]] +  * **Smartcard development resources**
-  * **JavaCard development resources**+
     * Low-level ECPoint and BigInteger library: [[https://github.com/OpenCryptoProject/JCMathLib | JCMathLib]]     * Low-level ECPoint and BigInteger library: [[https://github.com/OpenCryptoProject/JCMathLib | JCMathLib]]
-    * On-card applet performance profiler: [[https://github.com/OpenCryptoProject/JCProfilerJCProfiler]]+    * On-card applet performance profiler: [[https://github.com/lzaoral/JCProfilerNextJCProfilerNext]]
     * Efficient re-implementations of [[http://www.fi.muni.cz/~xsvenda/jcalgs.html | AES & SHA2 & OAEP for JavaCard]], [[https://github.com/petrs/JCSWAlgs/ | GitHub repo]]      * Efficient re-implementations of [[http://www.fi.muni.cz/~xsvenda/jcalgs.html | AES & SHA2 & OAEP for JavaCard]], [[https://github.com/petrs/JCSWAlgs/ | GitHub repo]] 
-    * JavaCard implementation of selected CAESAR candidates +    * APDUPlay project - [[https://github.com/crocs-muni/APDUPlay/ PC/SC APDU inspection and manipulation tool]] 
-    * JavaCard development tutorials [[public:research:smartcard:javacardcompilation| JavaCard applet development with NetBeans IDE]] tutorials, pre-prepared virtual images, links +    * Code Enhancing Security Transformation and Analysis (CesTa) project [[https://github.com/crocs-muni/CesTa | Github repository]] - source code hardening via security transformations  
-  * **ECC cryptography on smart cards**, [[https://github.com/crocs-muni/ECTester GitHub repo]] + 
-  * **Smartcards analysis, tools and other projects** +
-    * PowerTraceSimulator project [[https://github.com/crocs-muni/PowerTraceSimulator | GitHub repository]] - educational tool for generation of simulated power traces of smart card operation used for differential power analysis. +
-    * ANONCard project [[https://anon.inf.tu-dresden.de/svn/JavaCardStudents/ANONCard/ | SVN repository ]] - abuse-resistant logging of data retention for operators of anonymity servers.  +
-    * Code Enhancing Security Transformation and Analysis (CesTa) project [[https://github.com/crocs-muni/CesTa | Github repository]] - the tool for enhancing security by program transformations of JavaCard code powered by Ant, ANTLR and StringTemplates.  +
-    * PKCS#11 testing suite for OpenSC +
  
 **Involved people:** **Involved people:**
 +  * [[https://is.muni.cz/auth/osoba/445281|Antonín Dufka]] 2019-now (MPC on javacards, ECC leakage)
 +  * [[https://is.muni.cz/auth/osoba/492760|Veronika Hanulíková]] 2023-now (ECC leakage)
   * [[https://is.muni.cz/auth/osoba/445358|Ján Jančár]] 2017-now (testing of ECC implementations)   * [[https://is.muni.cz/auth/osoba/445358|Ján Jančár]] 2017-now (testing of ECC implementations)
-  * [[https://is.muni.cz/auth/osoba/396066|Matúš Němec]] 2015-now (analysis of software generated RSA keys)   
-  * [[https://is.muni.cz/auth/osoba/433390|Peter Sekan]] 2015-now (on-card generated RSA keys analysis)   
   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2003-now (project lead, initial implementations)   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2003-now (project lead, initial implementations)
  
-**Former participants:** Rajesh Kumar Pal (2016-2017) (JavaCard implementation of CAESAR candidates); Rudolf Kvašňovský 2014-2017 (alignment of DPA traces, YAFU); David Komárek 2015-2016 (power analysis of RSA operation); Lukáš Šrom 2014-2015 (support tests); Lenka Kuníková 2013-2014 (performance evaluation of JavaCards) and quite a lot of other people helping us since 2002+**Former participants:** Matúš Němec (2015-2020) (analysis of software generated RSA keys); Peter Sekan (2015-2019) (analysis of RSA keys, large datasets); Rajesh Kumar Pal (2016-2017) (JavaCard implementation of CAESAR candidates); Rudolf Kvašňovský 2014-2017 (alignment of DPA traces, YAFU); David Komárek 2015-2016 (power analysis of RSA operation); Lukáš Šrom 2014-2015 (support tests); Lenka Kuníková 2013-2014 (performance evaluation of JavaCards) and quite a lot of other people helping us since 2002
  
-** Publications ** +** Selected publications: ** 
-  * [2017] [[:public:papers:rsa_ccs17| Nemec, M.; Sýs, M.; Švenda, P.; Klinec, D.; Matyas, V.: {The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli]], In Proceedings of ACM CCS 2017, 2017. **Real-world impact award** +  * [2024Svenda, P.; Dufka, A.; Broz, M.; Lacko, R.; Jaros, T.; Zatovic, D.; Pospisil, J.: [[https://crocs.fi.muni.cz/papers/tpm_ches2024|TPMScanA wide-scale study of security-relevant properties of TPM 2.0 chips]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2024.  
-  * [2017] [[:public:papers:mpc_ccs17| Mavroudis, V.; Cerulli, A.; Švenda, P.; Cvrcek, D.; Klinec, D.; Danezis, G.: {A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components]], In Proceedings of ACM CCS 2017, 2017.  +  * [2020] Jančár, J.; Sedláček, V.; Sýs, M.; Švenda, P.: [[https://minerva.crocs.fi.muni.cz/|Minerva: The curse of ECDSA nonces; Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2020. **Received Best Paper Award** 
-  * [2016] Švenda, P.; Nemec M.; Sekan P.; Kvasnovsky R.; Formanek D.; Komarek D.; Matyas V.: [[public:papers:usenix2016 |The Million-Key Question – Investigating the Origins of RSA Public Keys]], In Proceedings of USENIX Security Symposium 2016, Usenix, 2016. **Best paper award**+  * [2017] Nemec, M.; Sýs, M.; Švenda, P.; Klinec, D.; Matyas, V.: [[:public:papers:rsa_ccs17|The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli]], In Proceedings of ACM CCS 2017, 2017. **Received Real-world Impact Award** 
 +  * [2017] Mavroudis, V.; Cerulli, A.; Švenda, P.; Cvrcek, D.; Klinec, D.; Danezis, G.: [[:public:papers:mpc_ccs17|A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components]], In Proceedings of ACM CCS 2017, 2017.  
 +  * [2016] Švenda, P.; Nemec M.; Sekan P.; Kvasnovsky R.; Formanek D.; Komarek D.; Matyas V.: [[public:papers:usenix2016|The Million-Key Question – Investigating the Origins of RSA Public Keys]], In Proceedings of USENIX Security Symposium 2016, Usenix, 2016. **Best paper award**
   * [2015] Cvrček, D.; Švenda, P.: [[public:papers:space2015 | Architecture Considerations for Massively Parallel Hardware Security Platform]], In Proceedings of Space 2015, Fifth International Conference on Security, Privacy, and Applied Cryptography Engineering, LNCS 9354, pp 269-288, Springer, 2015.    * [2015] Cvrček, D.; Švenda, P.: [[public:papers:space2015 | Architecture Considerations for Massively Parallel Hardware Security Platform]], In Proceedings of Space 2015, Fifth International Conference on Security, Privacy, and Applied Cryptography Engineering, LNCS 9354, pp 269-288, Springer, 2015. 
   * [2014] {{:public:crocs:svenda_asa2014.pdf| Švenda, P.: Nuances of the JavaCard API on the   * [2014] {{:public:crocs:svenda_asa2014.pdf| Švenda, P.: Nuances of the JavaCard API on the
 cryptographic smart cards - JCAlgTest project}}, In Proceedings of ASA 2014, 7th International Workshop on Analysis of Security APIs, 2014.  cryptographic smart cards - JCAlgTest project}}, In Proceedings of ASA 2014, 7th International Workshop on Analysis of Security APIs, 2014. 
-  * [2011] {{:public:crocs:Cyberspace2010-DataRetentionLoggingExperience-v1.pdf| Köpsell, S.; Švenda, P.: Learning from data retention logging for an anonymity service}}, Proceedings of Masaryk University Journal of Law and Technology 2/2011, pp. 305-320, ISSN 1802-5951. 2011.  
-  * [2010] {{:public:crocs:Europen2010_JavaCardSecurity_v5.pdf| Lorenc, V.; Smolka, T.; Švenda, P.: Automatic source code transformations for strengthening practical security of smart card applications}}, In Europen 2010,  2010.   
  
 </collapse> </collapse>
  
-===== Usability of cryptographic APIs ===== 
  
-{{ :public:research:error-usability.png?direct&300|}}+===== Cryptanalysis of elliptic curves and other algebraic methods =====
  
-This project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors -- our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.+{{ :public:research:curves.png?nolink&120|}}
  
-The current research focus is on usable interfaces of cryptographic libraries from the point of developers and administrators lacking detailed security education. We are interested in both programmable and command-line interfaces. Currentlythe emphasis is placed on X.509-capable librariessuch as OpenSSLGnuTLS and NSSpaying special attention to the process of certificate creation and validation. The goal is to enable the developers to use security APIs errorlessly and API designers create better interfaces less prone to misuse. We emphasize the necessity of a usable design even for tools targeted at experienced users.+Likely the most theoretical and math-heavy research we dothough still with real-world consequences in mindWe approach elliptic curves from many different directions: we study ECC implementationsproblems with ECC formulasECC key datasets and in general diverse mathematical ideas involving elliptic curves. Sometimesthis requires us to dive into lattice methods as well
  
-<button  icon="fa fa-caret-down" collapse="secapi">Find out more</button> +In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol.
-<button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button>+
  
-<collapse id="secapicollapsed="true">+<button icon="fa fa-caret-down" collapse="ecc">Find out more</button> 
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:ecc|Publications]]</button>
  
-**Last update: 30. 11. 2019**+<collapse id="ecc" collapsed="true">
  
-**Contact:** Martin Ukrop <mukrop@mail.muni.cz>, Vašek Matyáš <matyas@fi.muni.cz>+**Last update18. 01. 2024**
  
-  Research project [[research:crypto-api:main|internal wiki pages]]+**Contact:** Vojtěch Suchánek <vojtechsu@mail.muni.cz>   
  
-** Involved people: **   +**More information, projects and resources:** 
-{{:public:crocs:ukrop.jpg?50|}} {{:public:crocs:matyas.jpg?50|}} {{:public:crocs:woman.jpeg?50|}}+  * [[https://dissect.crocs.fi.muni.cz/|DiSSECTion of standard curves]] 
 +  * [[https://neuromancer.sk/std/|Database of standard curves]] 
 +  * [[https://github.com/crocs-muni/minerva|Minerva ECDSA vulnerability repository]] 
 +  * [[https://github.com/J08nY/pyecsca|PyECSCA (Python Elliptic Curve cryptography Side-Channel Analysis toolkit)]] 
 +  * [[https://github.com/J08nY/ecgen|ecgen (tool for generating Elliptic curve domain parameters)]] 
 +  * [[https://crocs-muni.github.io/ECTester/|ECTester (tool for analysis of ECC implementations)]] 
 +  * [[https://github.com/crocs-muni/fooling-primality-tests|Fooling primality tests on smartcards repository]] 
 +  * [[https://github.com/crocs-muni/cm_factorization|4p-1 factorization method repository]]
  
-  * [[https://crocs.fi.muni.cz/people/mukrop|Martin Ukrop]] 2016-now 
-  * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2016-now 
-  * [[https://crocs.fi.muni.cz/people/lkraus|Lydia Kraus]] 2018-now 
- 
-**Publications**   
-  * [2019] Ukrop M., Kraus L., Matyas V. and Wahshehand H.: [[public:papers:acsac2019|Will You Trust This TLS Certificate? Perceptions of People Working in IT]], ACSAC 2019. 
-  * [2018] Ukrop M. and Matyas V.: [[public:papers:rsa2018|Why Johnny the Developer Can't Work with Public Key Certificates]], RSA Conference Crytographers' Track 2018. 
- 
-</collapse> 
- 
-===== Social and behavioral aspects of security ===== 
- 
-The usable security projects focus on computational security and end users' behaviour.  
-We already finished first three-year project in a cooperation with commercial companies and Faculty of social studies, Faculty of informatics, Faculty of law. 
-The project aimed to identify influences that make users change their risky behaviour to more secure one. Three experiments are run in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment was targeted at different target group and used different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for for the cooperation of three different branches (Faculty of science, Faculty of informatics, Faculty of law) and three commercial companies, who want to better understand their users and to increase the overall security of their products by improving interfaces and processes used by their end users. 
- 
-Currently we are preparing new project in cooperation with Faculty of social studies and Monet+ company. It aims on user testing of selected authentication methods (FIDO token, identity card, face recognition and use of code only). 
- 
- 
-<button icon="fa fa-caret-down" collapse="social">Find out more</button> <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> 
- 
-<collapse id="social" collapsed="true"> 
-**Last update: 29. 9. 2017** 
- 
-**Contact:** Vašek Matyáš <matyas@fi.muni.cz>, Vlasta Šťavová <256169@mail.muni.cz>, Agáta Dařbujanová <xdarbuj@mail.muni.cz> 
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:stavova.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}} {{:public:crocs:janca.jpg?50|}} {{:public:crocs:matyas.jpg?50|}} {{:public:crocs:malinka.jpg?50|}} +  * [[https://is.muni.cz/auth/osoba/445281|Antonín Dufka]] 2020-now 
-  * [[https://is.muni.cz/auth/osoba/256169|Vlasta Šťavová]] 2014-now +  * [[https://is.muni.cz/auth/osoba/j08ny|Jan Jančár]] 2019-now 
-  * [[https://is.muni.cz/auth/osoba/374297|Matin Ukrop]] 2016-now +  * [[https://is.muni.cz/auth/osoba/451866|Vojtěch Suchánek]] 2020-now 
-  * [[https://is.muni.cz/auth/osoba/xdarbuj|Agáta Dařbujanová]] 2016-now +  * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2018-now
-  * [[https://is.muni.cz/auth/osoba/255879|Radim Janča]] 2014-2016 +
-  * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2013-now +
-  * [[https://is.muni.cz/auth/osoba/49967|Kamil Malinka]] 2013-2016+
  
-**Publications**+** Selected publications: ** 
 +  * [2022] [[https://dissect.crocs.fi.muni.cz/| Sedláček, V.; Suchánek, V.; Dufka A.; Sýs, M.; Matyáš, V.:  DiSSECT: Distinguisher of Standard and Simulated Elliptic Curves via Traits]], In Progress in Cryptology - AFRICACRYPT 2022.  
 +  * [2021] [[:public:papers:formulas_asiacrypt21| Sedláček, V.; Chi-Domínguez, J.J.; Jančár, J.; Brumley, B.B.:  A formula for disaster: a unified approach to elliptic curve special-point-based attacks]], In Advances in Cryptology – ASIACRYPT 2021.  
 +  * [2020] [[https://minerva.crocs.fi.muni.cz/| Jančár, J.; Sedláček, V.; Sýs, M.; Švenda, P.: Minerva: The curse of ECDSA nonces; Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2020. **Received Best Paper Award** 
 +  * [2020] [[:public:papers:primality_esorics20| Sedláček, V.; Jančár, J.; Švenda, P.: Fooling primality tests on smartcards]], In 25th European Symposium on Research in Computer Security (ESORICS) 2020 
 +  * [2019] [[:public:papers:Secrypt2019| Sedláček, V.; Klinec, D.; Sýs, M.; Švenda, P.; Matyáš, V.: I Want to Break Square-free: The 4p−1 Factorization Method and Its RSA Backdoor Viability]], In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications (ICETE 2019) - Volume 2: SECRYPT
  
-  * [2018] Stavova, V., Dedkova, L., Ukrop, M., and Matyas, V. (in press). A large-scale comparative study of beta testers and standard users. Communications of the ACM. 
-  * [2017] Stavova, V., Matyas, V., Just M. and Ukrop, M.:Factors Influencing the Purchase of Security Software for Mobile Devices – Case Study, Infocommunications Journal, 2017, 18–23. 
-  * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016.  
-  * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016. 
-  * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}} 
  
 </collapse> </collapse>
  
-===== Data-Driven Security ===== 
  
-We run several data-scientific and Machine Learning projects with implications on security and privacy. We're collecting and analyzing various datasets from the area of malware research, location privacy, and network packets analysis. One of the goals is to show that seemingly innocent data can become a powerful tool for the adversary armed with the machine learning and/or statistics arsenal. +===== Randomness statistical testing of TRNG and PRNG =====
  
-<button collapse="machine-learning">Find out more</button> +{{ :public:research:random_serial2.png?direct&200|}}
-<collapse id="machine-learning" collapsed="true"> +
-**Last update03. 12. 2019** +
-**Contact:** Adam Janovský <adamjanovsky@mail.muni.cz>    +
-</collapse> +
- +
- +
-===== Cryptoanalysis =====+
  
 +The robust generation of truly random data or pseudo-random data indistinguishable from the truly random ones is a crucial component for many cryptographic systems. We focus on finding defects in a supposedly random data with the help of automated testing methods included in so-called randomness statistical testing batteries. 
  
 +While most existing batteries focus on the predefined fixed tests, we automatically generate tests which adapt to the analyzed data - resulting in a stronger bias detection with a less amount of data required and with direct interpretability of the bias found. We also design and develop means for speedup of existing statistical batteries - both with help of more efficient implementations as well as distributed high-speed execution. 
  
 We build and continuously extend a large database of real-world cryptographic functions (CryptoStreams project containing block and stream ciphers, hash functions, PRNGs) parametrized by the number of used internal rounds and systematic patterns in their inputs. The resulting output data are then analyzed for the presence of unwanted defects.  We build and continuously extend a large database of real-world cryptographic functions (CryptoStreams project containing block and stream ciphers, hash functions, PRNGs) parametrized by the number of used internal rounds and systematic patterns in their inputs. The resulting output data are then analyzed for the presence of unwanted defects. 
  
-<button collapse="cryptanalysis">Find out more</button>+    
 +<button icon="fa fa-caret-down" collapse="randomness">Find out more</button> 
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:randomness|Publications]]</button>
  
-<collapse id="cryptanalysis" collapsed="true"> +<collapse id="randomness" collapsed="true"> 
-**Last update: 20092018**+**Last update: 21012021**
  
 **Contact:** Marek Sýs <syso@mail.muni.cz>    **Contact:** Marek Sýs <syso@mail.muni.cz>   
Line 210: Line 240:
   * BoolTest - efficient and intepretable statistical testing battery: [[https://github.com/ph4r05/polynomial-distinguishers| Github repository]]   * BoolTest - efficient and intepretable statistical testing battery: [[https://github.com/ph4r05/polynomial-distinguishers| Github repository]]
   * Generator of output data streams from weakened cryptographic functions: [[https://github.com/crocs-muni/eacirc-streams| Github repository]]   * Generator of output data streams from weakened cryptographic functions: [[https://github.com/crocs-muni/eacirc-streams| Github repository]]
 +  * Randomness Testing Tool (RTT, STS NIST, Dieharder, TestU01) - unified interface for different statistical batteries [[https://github.com/crocs-muni/randomness-testing-toolkit | Github repository]]  
 +  * Faster implementation of STS NIST testing battery: [[https://randomness-tests.fi.muni.cz|Online testing service]],[[https://github.com/sysox/NIST-STS-optimised | Github repository]] 
 +  * Research project [[research:eacirc:main| internal wiki pages]] 
 +  * EACirc - statistical battery [[https://github.com/crocs-muni/eacirc-core | Github repository]], [[https://github.com/crocs-muni/EACirc/wiki | EACirc wiki pages]]
 **Involved people:**   **Involved people:**  
   * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2015-now (polynomial representation)   * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2015-now (polynomial representation)
-  * [[https://is.muni.cz/auth/osoba/396066|Matúš Nemec]] 2016-now (bias in RSA key generation)+  * [[https://is.muni.cz/auth/osoba/408351|Karel Kubíček]] 2014-now (TEA, metaheuristics, generator)
   * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (project concept, results interpretation)   * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (project concept, results interpretation)
   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2008-now (project lead, initial implementation)   * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2008-now (project lead, initial implementation)
 +  * [[https://is.muni.cz/auth/osoba/mukrop|Martin Ukrop]] 2014-now (EACirc, analysis of CEASAR candidates)
  
-** Selected publications ** +**Former participants:** Tamas Rozsa 2016-2020 (cryptostreams functions); Radka Cieslarová 2015-2019 (heatmap analysis of function); Michal Hajas 2015- 2019 (bytecode emulator, margins); Martin Ukrop 2012-2017 (framework modelrefactoring, SHA-3 candidates testing, supporting tools)Ľubomír Obrátil 2014-2017 (BOINC&EACirc tasks automization); Jiří Novotný 2014-2016 (CUDA programmingEACirc core)Jan Švarc 2014-2015 (CUDA programming)Zdenek Říha 2013-2016 (bytecode emulator)Milan Čermák 2012-2013 (CUDA support); Ondrej Dubovec 2011-2012 (SHA-3 candidates testing); Matěj Prišťák 2011-2012 (object model and refactoringXML supporteStream candidates testing); Tobiáš Smolka 2011-2012 (BOINC related support);
-  +
-  * [2017] [[:public:papers:rsa_ccs17| NemecM.SýsM.; Švenda, P.Klinec, D.MatyasV.: {The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli]]In Proceedings of ACM CCS 2017, 2017. **Received Real-world impact award** +
  
 +** Selected publications: **
 +   * [2019] [[https://link.springer.com/chapter/10.1007/978-3-030-11039-0_7| Sýs M., Klinec D., Švenda P., Kubíček K.: BoolTest: The Fast Randomness Testing Strategy Based on Boolean Functions with Application to DES, 3-DES, MD5, MD6 and SHA-256]], Selected papers of ICETE 2017, 2019.
 +   * [2018] [[https://dl.acm.org/doi/10.1145/3205455.3205518| Mrázek V., Sýs M., Vašíček Z., Švenda P., Sekanina L., Matyáš V.: Evolving Boolean Functions for Fast and Efficient Randomness Testing]], In Proceedings of GECCO 2018, Genetic and Evolutionary Computation Conference, 2018.
 +   * [2017] [[:public:papers:secrypt2017| Sýs M., Klinec D., Švenda P.: The Efficient Randomness Testing using Boolean Functions]], In Proceedings of SECRYPT 2017, 14th International Conference on Security and Cryptography, 2017. 
 +  * [2016] [[https://dl.acm.org/doi/10.1145/2988228| Sýs M., Říha Z.,  Matyáš V.: Algorithm 970: Optimizing the NIST Statistical Test Suite and the Berlekamp-Massey Algorithm]], ACM TOMS Journal, 2016.
 +  * [2015] [[http://www.imt.ro/romjist/Volum18/Number18_1/pdf/02-MSys.pdf| Sýs M., Říha Z.,  Matyáš V., Márton K.,  Suciu A.: On the Interpretation of Results from the NIST Statistical Test Suite]], ROMJIST Journal, 2015.
 +  * [2014] {{:public:crocs:sys_space_2014.pdf| Sýs M., Říha Z.: Faster randomness testing with NIST STS}},SPACE 2014, Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering, 2014.
 </collapse> </collapse>
-===== Open Source Security tools ===== 
-Taking part in the Cuber Security for Europe project, the goal is to evaluate open source security software. Several categories of software are evaluated, including (but not limited to) operating systems, browsers, password managers, and encryption tools. 
  
 +===== Social and behavioral aspects of security =====
  
-<button collapse="secTools">Find out more</button>+Our end-user oriented usable security projects focus on computer security and interactions of systems with end-users. We started in our first significant project in this area in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. 
 +The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users.
  
-<collapse id="secTools" collapsed="true"> +We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code). Results from this project are available herehttps://crocs.fi.muni.cz/public/papers/2020-tacr-report
-**Last update20092018**+
  
-**Contact: Lukáš Němec <lukas.nemec@mail.muni.cz> ** 
  
-**More information, projects and resources:** +<button icon="fa fa-caret-down" collapse="social">Find out more</button>  
-  [[research:secTools| Internal directory]]+<button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> 
 +<button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> 
 + 
 +<collapse id="social" collapsed="true"> 
 +**Last update: 21. 1. 2021** 
 + 
 +**Contact:** Vašek Matyáš <matyas@fi.muni.cz>, Agáta Kružíková <kruzikova@mail.muni.cz>
  
 **Involved people:**   **Involved people:**  
-  * [[https://is.muni.cz/auth/osoba/394036|Lukáš Němec]] 2019-now  +{{:public:crocs:matyas.jpg?50|}}  {{:public:crocs:stavova.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}} {{:public:crocs:janca.jpg?50|}}  {{:public:crocs:malinka.jpg?50|}}
-  * [[https://is.muni.cz/auth/osoba/168968|Milan Brož]] 2019-now  +
-  * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2019-now  +
-  * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2019-now  +
-   +
-** Selected publications **+
  
-None so far+  * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now 
-</collapse>+  * [[https://is.muni.cz/auth/osoba/344|Vašek Matyáš]] 2013-now
  
 +**Former participants:** Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Šťavová (2014-2019); Martin Ukrop (2016-2018); Lenka Knapová (2018-2020)
  
 +** Selected publications: **
  
-===== Wireless Sensor Networks =====+  * [2018] Stavova, V., Dedkova, L., Ukrop, M., and Matyas, V. (in press). A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 2018, 64–71. 
 +  * [2017] Stavova, V., Matyas, V., Just M. and Ukrop, M.:Factors Influencing the Purchase of Security Software for Mobile Devices – Case Study, Infocommunications Journal, 2017, 18–23. 
 +  * [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016.  
 +  * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016. 
 +  * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}}
  
-This project includes providing a secure platform that is transparent for applications in wireless sensor networks (WSN) - WSNProtectLayer. Our platform includes intrusion detection system (IDS) detecting active attacks. We consider privacy issues to prevent passive attacks on the WSN. We also propose secrecy amplification protocols and evaluate key management schemes. Current work includes parametrised attacker simulated on KMSforWSN framework.+</collapse>
  
-<button collapse="wsn">Find out more</button>+===== Secure Multiparty Computation on limited devices =====
  
-<collapse id="wsn" collapsed="true"> +{{ :public:research:smpc_chip.jpg?direct&200|}}
-**Last update17.5.2018**+
  
-**Contact: Lukáš Němec <lukas.nemec@mail.muni.cz> ** 
  
-Additionally, we are developing an optimization framework for the IDS incorporating MiXiM simulatorEvolutionary algorithms are used to optimize the IDS's performance+Secure storage of secret key is paramount in cryptographic applications as the knowledge of the key directly corresponds to the ability of signing documents, decrypting messages, or confirming cryptocurrency transactionsTo protect the secret keys, specialized cryptographic hardware like smartcards, HSM (hardware security module), or lately cryptocurrency wallets is used. However, due to implementation vulnerabilities, the private key may be still extracted even from the security certified devices.
  
-  * Research project [[research:wsn:main| internal wiki pages]] +With the use of secure multi-party computationthe risk of vulnerable implementations can be mitigatedSecure multi-party computation allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operationsThe complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on secure multi-party computation executed on the specialized cryptographic devices, which bring interesting constraints to protocol design and implementation.
-  * **WSNProtectLayer** security middleware for TinyOS +
-    * virtual radio is simulated and automatic packet protectionIDS and key management is provided. +
-    * WSNProtectLayer [[https://github.com/petrs/WSNProtectLayer | Github repository]]   +
-    * Take a look at [[https://youtu.be/qHaUO_XMEqE | video]] showing WSNProtectLayer middleware in action.  +
-  * **Secrecy amplification protocols** +
-    * establishing secure links in partially compromised network +
-    * SensorSim simulator [[http://www.fi.muni.cz/~xsvenda/s3.html| download page]] fast simulator optimized for simulation of secrecy amplification protocols and probabilistic key predistribution +
-    * KMSforWSN framework based on OMNet++ simulator together with parametrised attacker specification +
-  * **Laboratory testbed** +
-    * [[research:wsn:testbed| Laboratory tesbed]] with 28 TelosB and 20 JeeNode nodes +
-    * [[https://github.com/crocs-muni/Edu-hoc/ | Edu-Hoc]] - laboratory Arduino-based [[research:wsn:testbed_arduino| testbed]] with JeeNode nodes together with security applications for ad-hoc and wireless sensor networks.+
  
 +<button icon="fa fa-caret-down" collapse="smpc">Find out more</button>
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:smpc|Publications]]</button>
  
-**Involved people:**  +<collapse id="smpc" collapsed="true">
-{{:public:crocs:nemec.jpg?50|}} {{:public:crocs:ostadal.jpg?50|}} {{:public:crocs:svenda.jpg?50|}}  +
-  +
-  * [[https://is.muni.cz/auth/osoba/394036|Lukáš Němec]] 2013-now (Crypto and Key management in TinyOS, Arduino testbed network, Edu-hoc) +
-  * [[https://is.muni.cz/auth/osoba/255508|Radim Ošťádal]] 2013-now (Secrecy amplification protocols, parametrised attacker in) +
-  * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2004-now (Key management schemes, secrecy amplification protocols)+
  
-**Former participants:** Martin Stehlík 2010-2017 (IDS, simulators, optimization); Marek Sýs 2015 (secrecy amplification protocols); Filip Jurnečka 2010-2014 (Key management schemes), Marcel Gazdík 2012-2013 (ePIR&RFID hw readers), Dušan Klinec 2008-2014 (WSNProtectLayer core developer, a lot of network experiments), Jiří Kůr 2009-2014 (Privacy protection, key establishment), Tobiáš Smolka (testbed, omnetpp experiments, secrecy amplification), Andriy Stetsko (IDS in WSN)+**Last update25. 8. 2023**
  
-** Selected publications ** +**Contact:** Antonín Dufka <dufkan@mail.muni.cz>   
-  * [2019] Němec, L.; Matyáš, V;Ošťádal, R.; Švenda, P.; Palant P.-L.Evaluating Dynamic Approaches to Key (Re-)Establishment in Wireless Sensor Networks, Sensors, 19-4, 2019 +
-  [2018] [[public:papers:dcoss2018 | Němec, L.; Ošťádal, R.; Švenda, P.; Matyáš, V.: Adaptive Secrecy Amplification with Radio Channel Key Extraction]], 2018 14th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2018. +
-  [2018] Němec, L.; Ošťádal, R.; Švenda, P.; Matyáš, V.: Entropy Crowdsourcing – Protocols for Link Key Updates in Wireless Sensor Networks, In 26th International Workshop on Security Protocols (SPW 2018). Lecture Notes of Computer Science. Springer. +
-  * [2016] [[public:papers:icnsc2016 | Stehlík, M.; Matyáš, V.; Stetsko, A.: Towards Better Selective Forwarding and Delay Attacks Detection in Wireless Sensor Networks]] +
-  * [2016] [[public:papers:spw2016 | Ošťádal, R.; Švenda, P.; Matyáš, V.: Reconsidering Attacker Models in Ad-hoc Networks]], In 24th International Workshop on Security Protocols (SPW 2016). Lecture Notes of Computer Science. Springer. +
-  * [2015] {{:public:papers:secamplif_wistp15.pdf| Ošťádal, R.; Švenda, P.; Matyáš, V.: On Secrecy Amplification Protocols}}, In 9th WISTP International Conference on Information Security Theory and Practice, LNCS 9311, Springer, pp. 3-19, 2015. +
-  * [2014] {{:public:crocs:space14_final.pdf| Ošťádal, R.; Švenda, P.; Matyáš, V.: A new approach to secrecy amplification in partially compromised networks}}, In 4th International Conference on Security, Privacy and Applied Cryptography Engineering, LNCS 8804, Springer, pp92–109, 2014.+
  
-</collapse>+**More information, projects and resources:** 
 +  * Myst backdoor-resistant MPC platform [[https://backdoortolerance.org/|web]], [[https://github.com/OpenCryptoProject/Myst| Github repository]] 
 +  * Monero support on Trezor T, [[https://github.com/ph4r05/monero-trezor-doc|Github repository]] 
 +  * MPC Open Platform [[https://github.com/KristianMika/MPC-Open-Platform|Github repository]]
  
 +**Involved people:**  
 +  * [[https://is.muni.cz/auth/osoba/445281|Antonín Dufka]] 2019-now (Schnorr signatures, nonce caching)
 +  * [[https://is.muni.cz/auth/osoba/484647|Jiří Gavenda]] 2019-now (k-of-n ECDSA)
 +  * [[https://is.muni.cz/auth/osoba/325219|Dušan Klinec]] 2018-now (Monero on Trezor T)
 +  * [[https://is.muni.cz/auth/osoba/485298|Kristián Mika]] 2019-now (MPC Open Platform for Raspberry Pi)
 +  * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2018-now (project lead, some initial implementations)
  
 +** Selected publications: **
 +  * [2023] [[:public:papers:jcfrost_ares23| Antonin Dufka, Petr Svenda: Enabling Efficient Threshold Signature Computation via Java Card API]], In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES), 2023.
 +  * [2022] [[:public:papers:shine_secrypt22| Antonin Dufka, Vladimir Sedlacek, Petr Svenda: SHINE: Resilience via Practical Interoperability of Multi-party Schnorr Signatures]], In Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT), 2022.
 +  * [2020] [[:public:papers:monero_ifipsec20| Dusan Klinec, Vashek Matyas: Privacy-Friendly Monero Transaction Signing on a Hardware Wallet]], In Proceedings of IFIPSec'20, 2020.
 +  * [2017] [[:public:papers:mpc_ccs17| Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec and George Danezis: A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components]], In Proceedings of ACM CCS 2017, 2017.
  
-===== Software Security and Secure Programming =====+</collapse>
  
-This project focuses on usage, evaluation and extension of various tools related to secure programming, application vulnerabilities, security testing and code review. We are interested in static and dynamic analysis of applications with a special focus on security bugs, fuzzy testing, taint analysis and semi-automated review procedures and its incorporation into application development lifecycle. This project is coordinated with [[ http://www.ysoft.com/ | Y Soft Corporation, a.s.]], and for students participating in this project, there is a possibility to get a financial support from this company. More general information about Y Soft cooperation with students can be found [[https://www.ysoft.com/en/company/university-relations|here]]. 
  
-<button collapse="swsecurity">Find out more</button>+===== Bitcoin and related technologies =====
  
-<collapse id="swsecurity" collapsed="true">+{{ :public:research:flow2.png?direct&200|}}
  
-**Last update: 19.09.2018**+We analyze cryptographic aspects of implementations in Bitcoin and other cryptocurrencies with a focus on hardware wallets, privacy protocols, cryptographic implementations, and their failuresThe goal is to make Bitcoin and selected cryptocurrency technologies better, more accessible, more private, and overall less vulnerable
  
-**Contact:** Andriy Stetsko <xstetsko@fi.muni.cz> or <andriy.stetsko@ysoft.com>+The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures).
  
-** Financial support:** +<button icon="fa fa-caret-down" collapse="cryptocurrencies">Find out more</button> 
-Y Soft Corporation, a.s. will provide financial support (in a form of stipend at the faculty or a part-time job in the company) to students with promising results.+<button  icon="fa fa-file-text-o">[[:publications:keywords:cryptocurrencies|Publications]]</button>
  
-** Possible topics for cooperation with bachelor students:** +<collapse id="cryptocurrencies" collapsed="true">
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336359|OWASP Dependency Check: add support for Go]] +
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336361|OWASP Dependency Check: add support for C]] +
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336378|OWASP Dependency Check: enhance support for JavaScript]] +
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336379|Unused code detection]] +
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336397|Automatic API extraction from traffic analysis]]+
  
-** Possible topics for cooperation with master students:** +**Last update: 15. 7. 2023** 
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336354;|OWASP Dependency Check: add support for C and Go]] + 
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336381|Unused code detection]] +**Contact:** Petr Svenda <svenda@fi.muni.cz>    
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336384|Dynamic security analysis of web application]] + 
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336385|Automatic API extraction from traffic analysis]] +**More information, projects and resources:** 
-  * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=276842;uplne_info=1|Analysis of export and import laws for systems that involve cryptography]]+  * Weak keys detection and analysis  
 +    * Extraction of public keys from Bitcoin blockchain, [[https://github.com/crocs-muni/bitcoin-keys-analysis|Github repository]] 
 +    * Analysis of weak private keys and related transactions, [[https://is.muni.cz/th/hdpx4/Analysis_of_EC_keys_in_the_wild.pdf 
 +J. Kubesa thesis]]  
 +    Analysis of weak BIP32 seeds, [[https://is.muni.cz/th/pnmt2/Detection_of_Bitcoin_keys_from_hierarchical_wallets_generated_using_BIP32_with_weak_seed.pdf 
 +|D. Rajnoha thesis]]  
 +  * Software and hardware wallets 
 +    * Monero support on Trezor T, [[https://github.com/ph4r05/monero-trezor-doc|Github repository]] 
 +    * Building blocks of hardware wallets, [[https://is.muni.cz/th/xym2w/Thesis_BCaP_14_.pdf|A. Parak thesis]]  
 +    Usability aspects of Bitcoin wallets, [[https://is.muni.cz/th/as92a/output__31_.pdf|K. Raczova thesis]] 
 +    Self-sovereign Identity Framework, [[https://is.muni.cz/th/or6ct/Bachelors_Thesis.pdf|F. Vass thesis]]  
 +  * CoinJoin privacy mixing protocols analysis  
 +    * Analysis of CoinJoin protocols (Wasabi 1.0, Whirlpoool), [[https://is.muni.cz/th/kbvx1/Master_Thesis.pdf 
 +|D. Varga thesis]] 
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:stetsko.jpg?50|}} +  * [[https://is.muni.cz/auth/osoba/445281|Antonín Dufka]] 2019-now (threshold cryptography) 
-  * [[https://is.muni.cz/auth/osoba/184905|Andriy Stetsko]] 2012-now (Project coordinator, thesis supervisor, Y Soft Corporation, a.s.)+  * [[https://is.muni.cz/auth/osoba/408788|Jan Kvapil]] 2022-now (self sovereign identity) 
 +  * [[https://is.muni.cz/auth/osoba/500362|Milan Sorf]] 2022-now (analysis of hardware wallets) 
 +  * [[https://is.muni.cz/auth/osoba/492758|David Rajnoha]] 2022-now (weak BIP32 seeds) 
 +  * [[https://is.muni.cz/auth/osoba/525330|Stepan Yakimovich]] 2022-now (Bitcoin pub keys extraction) 
 +  * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2019-now (project lead, some initial implementations)
  
-**Previous research topics:** +**Former participants:** Dušan Klinec 2017-2022 (Monero on Trezor T, attack on Ledger's Monero); Filip Vass 2021-2022 (EU SSI framework); Denis Varga 2021-2022 (CoinJoin protocols analysis); K. Raczova 2020-2021 (usability of Bitcoin wallets); Adam Parak 2021-2022 (building blocks of hardware wallets); Jan Kubeša 2019-2022 (weak Bitcoin EC keys);  
-  * 2013-2017: **Tools for dynamic security analysis of web applications**, financial support from Y Soft Corporation + 
-  * 2015-2016: **Analysis and application of OWASP testing guide**, financial support from Y Soft Corporation +** Selected publications: ** 
-  2015-2016: **Metasploit**, financial support from Y Soft Corporation +  
-  * 2014-2016: **Secure software development processes**, financial support from Y Soft Corporation +  * [2022] [[:public:papers:shine_secrypt22| Antonin Dufka, Vladimir SedlacekPetr SvendaSHINE: Resilience via Practical Interoperability of Multi-party Schnorr Signatures]], In Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT), 2022. 
-  * 2012-2016**Tools for static and dynamic code analysis**financial support from Y Soft Corporation +  * [2020] [[:public:papers:monero_ifipsec20Dusan Klinec, Vashek Matyas: Privacy-Friendly Monero Transaction Signing on a Hardware Wallet]], In Proceedings of IFIPSec'202020.
-  * 2014-2015**Security mechanisms of PDF files** +
-  * 2014-2015: **Security aspects of Xamarin/Android Platform** +
-  * [[http://sourceforge.net/projects/cesta/ Cesta project]] - security-related transformations of JavaCard source codefinancial support from Y Soft Corporation+
  
 </collapse> </collapse>
  
-===== Disk encryption =====+===== Open-source security tools =====
  
-The first goal is research, and implementation of new algorithms (key derivation, authenticated encryption or integrity protection mechanism) itno existing open-source LUKS/cryptsetup disk encryption project.+{{ :public:research:cc_wordcloud.png?direct&200|}}
  
-The second goal is to make LUKS/libcryptsetup (and supported FDE formats) truly multiplatform tool (Windows/Linux) with focus to independent and extensible open-source software based FDE (Full Disk Encryption) solution. We are focusing on Windows7 and later and Linux 4.x and later OS versions.+We believe that the open-source security tools are crucial not only for the general accessibility, but also to produce more robust secure software and hardware products and their more transparent security certificationsNot only the dedicated testing laboratories, but also end-users shall be able to replicate majority of the steps carried during the certification like Common Criteria or FIPS140-2
  
-<button collapse="diskencryption">Find out more</button>+Existing certification process produces trove of interesting, but hard to automatically process data. We extract, process and analyze these datasets to aid quick identification of potentially vulnerable products, provide ecosystem insight, and reason about the overall state of security. We also map and evaluate the existing open-source security software from several categories including (but not limited to) operating systems, browsers, password managers, and encryption tools. Majority of our other research results are accompanied with open-source tooling.  
  
-<collapse id="diskencryption" collapsed="true"> 
-**Last update: 28.9.2016** 
  
-**Contact:** Milan Brož <xbroz@fi.muni.cz>+<button icon="fa fa-caret-down" collapse="opentools">Find out more</button> 
 +<button  icon="fa fa-file-text-o">[[:publications:keywords:opentools|Publications]]</button>
  
-  * Research project [[research:lukswin:lukswin| internal wiki pages]] +<collapse id="opentools" collapsed="true"> 
-  Upstream (Linux) project [[https://gitlab.com/cryptsetup/cryptsetup | homepage]], [[https://github.com/mbroz/cryptsetup | GitHub mirror]]+**Last update21012021**
  
-** Join us! The possible areas for cooperation: ** +**ContactPetr Švenda <svenda@fi.muni.cz> ** 
-  * Developing HMI (Human-machine interface) for storage encryption - ease of use, test cases, simple GUI, HMI usability experiments. + 
-  Disk (sector-level) storage encryption in Windows studyexisting approaches and implementations (TrueCrypt, DiskCryptor, Bitlocker, FreeOTFE, ...) with focus on free and open-source solutions. Windows driver architecture for implementing similar encryption capabilities as provided in Linux dm-crypt module. +**More informationprojects and resources:*
-  Windows boot process analysis and possibilities to use open-source boot loaders like GRUB2 to inject boot of core Windows system from (LUKS) encrypted device. +  * [[research:secTools| Internal directory]] 
-  * Using open-source multiplatform encryption libraries (gcrypt, openssl, etc) for implementation of symmetric block cipher encryption wrappe in windows environment, both in userspace and driver. +  * JCAlgTest [[https://github.com/crocs-muni/JCAlgTest | GitHub repository]] - tools for thorough testing of smart card capabilities
-  * Current status quo in RNG available in Windows7 and later systems, implementation of wrapper (or usable alternative) to Linux /dev/[u]random device.+
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:broz.jpg?50|}} {{:public:crocs:darbujanova.jpg?50|}}+  * [[https://is.muni.cz/auth/osoba/168968|Milan Brož]] 2019-now (disk encryption, TPM analysis) 
 +  * [[https://is.muni.cz/auth/osoba/adamjanovsky|Adam Janovský]] 2020-now (security certificates analysis) 
 +  * [[https://is.muni.cz/auth/osoba/445358|Ján Jančár]] 2018-now (security certificates analysis) 
 +  * [[https://is.muni.cz/auth/osoba/394036|Lukáš Němec]] 2019-now (existing open-source tools) 
 +  * [[https://is.muni.cz/auth/osoba/4085|Petr Švenda]] 2019-now (security certificates analysis, continuous  certification tools) 
 +   
 +** Selected publications: ** 
 + 
 +  * [2022] Petr Svenda, Rudolf Kvasnovsky, Imrich Nagy and Antonin Dufka: [[public:papers:jcalgtest_secrypt22|JCAlgTest: Robust identification metadata for certified smartcards]], In SECRYPT'22 
 +  * [2020] Vasilios Mavroudis, Petr Svenda: [[public:papers:cybercert2020|JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets]], In Proceedings of CyberCert'20, IEEE Security&Privacy Workshops, IEEE, 2020. 
 +</collapse> 
  
-  * [[https://is.muni.cz/auth/osoba/168968|Milan Brož]] 2014-now (Project lead and coordinator, Red Hat cooperation, grumbling) 
-  * [[https://is.muni.cz/auth/osoba/409879|Ondrej Mosnáček]] 2015-now 
-  * [[https://is.muni.cz/auth/osoba/409782|Agáta Dařbujanová]] 2014-2016 (Student, User interface for storage encryption application) 
  
  
-** Selected publications ** 
-  
-  * [2016] [[https://is.muni.cz/auth/th/422714/fi_b/|Harčár, M.: Generátory náhodných čísel v multiplatformním prostředí]], FI bachelor thesis 
-  * [2016] [[https://is.muni.cz/auth/th/409782/fi_b/|Dařbujanová, A.: Uživatelské rozhraní aplikace pro šifrování disku]], FI bachelor thesis 
-  * [2016] Brož M.,Kozina,O.: [[https://mbroz.fedorapeople.org/talks/DevConf2016/devconf2016-luks2.pdf|The Future of Disk Encryption with LUKS2]], DevConf 2016 
-  * [2015] Brož M.,Matyáš V.: Selecting a New Key Derivation Function for Disk Encryption, STM 2015 
-  * [2015] [[https://is.muni.cz/auth/th/409879/fi_b/|Mosnáček, O.: Key derivation functions and their GPU implementations]], FI bachelor thesis 
-  * [2014] [[https://is.muni.cz/publication/1185613/|Brož M.,Matyáš V.: The TrueCrypt On-Disk Format—An Independent View]], IEEE Security & Privacy, 2014, vol. 12, No 3, p. 74-77. ISSN 1540-7993 
-  * [2011] [[https://mbroz.fedorapeople.org/talks/DevConf2012/|Brož M.:Disk encryption (not only) in Linux]], Europen.cz 2011, Red Hat DevConf 2012 
  
-</collapse> 
  
  
 +===== Archived projects =====
 <callout type="info" icon="true">Click to see [[:public:research:main_archived | Archived projects]]. Older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).   <callout type="info" icon="true">Click to see [[:public:research:main_archived | Archived projects]]. Older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).  
 </callout> </callout>