|RNDr. Petr Svenda, Ph.D.|
Something about me...I'm researcher and lecturer at Faculty of Informatics, Masaryk University, Brno, Czech Republic. I'm member of Centre for Research on Cryptography and Security (CRoCS). Official university web page is here, list of all my publications can be found here. I'm/was involved in the EU 7th FP PICOS project, EU NoE FIDIS project, little bit in AN.ON project and several Czech National Security Agency and Czech Science Foundation projects. I worked as software developer at SodatSW. Text below is an attempt to put my work into some context.
Wireless Sensor Networks (WSNs)My main Ph.D. research topic, dissertation thesis defended in 2009 (The link key security in wireless sensor networks, thesis download, abstract download). We inspected security protocols for the scenarios for 102-105 nodes with the main assumption that the partial compromise (with up to 20 % of all nodes) is inevitable, but we still like to maintain reasonably functional network. We proposed several techniques ranging from the node capture resilient key establishment over key strengthening mechanism called secrecy amplification protocols to automatic protocol generation to fulfill this task.
We proposed the group-supported protocol for key establishment (Authenticated Key Exchange with Group Support for Wireless Sensor Networks, IEEE WSNS'07, paper download) based on the probabilistic key pre-distribution by Eschenauer and Gligor, increasing node capture resiliency of the original scheme from hundreds of captured nodes to thousands of captured nodes. Extended results came out as a book chapter in From Problem to Solution: Wireless Sensor Networks Security by Nova Publishers.
New PULL key establishment protocol from the family of the secrecy amplification protocols together for the unconventional key distribution method called Key Infection by Anderson at al was designed (Smart dust security - key infection revisited, ERCIM STM'05, ENTCS, significantly extended version from thesis download). Our PULL protocol provides better performance for some patterns of the network compromise and paper provides also detailed simulations for comparison of various versions of the secrecy amplification protocols.
The secrecy amplification protocols can be composed from the simpler steps with the possibility to evaluate performance of the composite on the network simulator. We used evolutionary algorithms to automatically generate&test large amount of candidate secrecy amplification protocols to find well performing new protocol outperforming previously published protocols. Same approach was used to design unconventional class of group-oriented secrecy amplification protocols with only linear instead of exponential number of messages (Evolutionary Design of Secrecy Amplification Protocols for Wireless Sensor Networks, ACM WiSec 2009, paper download). Deep analysis of linear genetic programming behavior when evolving secrecy amplification protocols and new better performing protocols are provided in EuroGP 2012 paper .
Similar generate&test approach was proposed for the automatic generation of the attacker strategies composed from simple steps against the key pre-distribution scheme, node capture strategy and routing algorithms (Evolutionary design of attack strategies, SPW'09, paper download). Highly optimized simulator S3 was developed for the purpose of candidate secrecy amplification protocols and attacker strategies evaluation and is available including the source codes.
Cryptographic smart cardsI have a passion for cryptographic smart cards, both for the research and development issues. I'm involved in the laboratory testing of the resilience of smart cards hardware (main processor, cryptographic coprocessor, random number generator) against power and fault analysis (some details for SCSAT04 measurement board we use are here), reverse engineering of Java Card bytecode from the power trace, Java Card platform security, security code review of Java Card applets and applications development.
From the published topics, we worked on bytecode-level information leakage and reverse engineering via power analysis (Improving Resiliency of Java Card Code Against Power Analysis, MKB'09, paper download). The possibility to recognize separate bytecode instructions from the power trace and reconstruction of the applet code is documented, together with the information leakage about operand value just by the conditional jump instructions itself. Based on the results from evaluations, we worked on the concept and practical implementation of a framework for an automatic source code security transformations (Automatic source code transformations for strengthening practical security of smart card applications, Europen'10, paper download, slides download). Practically usable transformations mitigating conditional jump leakage, introducing protection against memory fault attack, robust state transition enforcement generated from visual transition graph and atomic transaction analysis are automatically inserted into source code of target applet and were tested on large real world applets (CesTa project).
During my stay at Technical University of Dresden, we worked on data retention compliant logging for AN.ON anonymity service. We have analyzed newly arising security risks and proposed a secure logging scheme, which utilizes cryptographic smart cards, trusted timestamping servers and distributed storage to mitigate these risks (Secure logging of retained data for an anonymity service, Springer, paper download).
I prepared some materials about smart cards security and its programming for university lectures and various talks: Smart cards security&programming&practical attacks, Smart cards introduction and PC/SC programming, Java Card basics and Gemalto RADIII software, Java Card cryptography introduction, Secure messaging and OpenPlatform, Selected attacks against smart cards. I co-authored paper on electronic passports security with explanation of basic protocols used and discussion about published attacks (Electronic passports, Upgrade journal, paper download).
I wrote an application testing supported cryptographic algorithms on particular Java Card smart card, as this information is usually hard to find in product specs. You are invited to contribute to build information database for cards you have access to as others already did. I also rewrote few cryptographic algorithms (AES, SHA2-384, SHA2-512 and OAEP) for Java Card in case your card doesn't support them and you can tolerate lower performance without hardware acceleration. Based on USB communication dump, I reverse-engineered basic structure and marshalling format of the RPC communication protocol of the .NET smart (official specifications may be available, but I was unable to obtain them on web).
Random number generation in mobile environmentWe focused on the possibility and estimation of entropy extractable from sources available on mobile devices like cell phones, especially from the microphone and camera input (The Sources of Randomness in Mobile Devices, Nordsec'07, paper download). Huge amount of audio/video frames was collected in different environmental conditions, analysis of available entropy was performed and NIST statistical battery was used to test the output from simple entropy extractor. More advanced entropy extractor for this environment with theoretical background was proposed (Towards True Random Number Generation in Mobile Environments, NordSec'09, paper download)
Software code protectionMy earlier work including master thesis was in the area of the software code protection. Master thesis targeted white-box attack resistant (WBACR) implementation of the block ciphers and meaningful usage together with smart cards (thesis and source codes download). I proposed specially formed I/O encoding for WBACR compatible with CBC mode (Implementace kryptografickeho protokolu s vyuzitim mobilni kryptografie, MKB'04, paper download, in Czech only). I did technical comparison of modes for remotely keyed encryption (Basic comparison of Modes for Authenticated-Encryption (IAPM, XCBC, OCB, CCM, EAX, CWC, GCM, PCFB, CS), IPICS Summer school 2004, paper download) and later an implementation with the performance comparison also (Srovnani protokolu pro Remotely Keyed Encryption, MKB'05, paper download, in Czech only).
TeachingI'm currently involved in teaching of the C programming language (PB071, info here), object-oriented programming in C++ (PB161, info here), techniques of practical development in C/C++ (PB173, info here) and some lectures related to smart cards and reverse engineering in Laboratory of security and applied cryptography I/II (PV181, PV204) and few others.
OpenPGP key : 0x89CEB31C