Vashek (Vaclav)
Matyas
Faculty of Informatics
Masaryk University
Botanicka 68a
602 00 Brno - Czech Republic E-mail: LastName at fi.muni.cz
GPG/PGP keys - operational (GPG), old (PGP)
Office hours: not until Sep 2012,
on sabbatical at the Center for Research on
Computation and Society (CRCS), Harvard University.
Current activities:
Security of wireless sensor networks,
with focus on security protocols, intrusion detection and also privacy.
A starting discussion of issues in this area can be found in our paper
Attack detection vs. privacy - How to find the link or how to hide it?
presented at the 2011 Security Protocols Workshop.
Our work on neighbour-based intrusion detection for wireless sensor setworks,
partly presented at the Sixth International Conference on Wireless and Mobile
Communications (ICWMC) 2010 in Valencia, Spain, is available as the
technical report FIMU-RS-2010-04.
Our work on Secrecy Amplification Protocols for Wireless Sensor Networks appears at the
ACM WiSec 2009, and
other results came out in a book chapter in
From
Problem to Solution: Wireless Sensor Networks Security by Nova Publishers.
Some of the work on group support for authenticated key exchange and on secrecy amplification in
the
technical report FIMU-RS-2007-05.
Study of biometric authentication systems.
A full version of a paper written with Zdenek Riha and presented at the Computer
Information Systems and Industrial Management Applications 2010 conference, is
available as the
technical report FIMU-RS-2010-07.
We have a
book on biometric authentication
(in Czech), where I took care of co-editing (and
writing up some) chapters.
An older summary paper reviewing major
security
and usability issues of biometric authentication systems was presented at the
Communications and Multimedia Security Conference, summary of trends and visions
was presented at the Information Security Summit 2002, and few other papers
presented at other conferences. A good summarizing article
Toward Reliable User Authentication through Biometrics
appeared in IEEE Security & Privacy and an introductory technical report written also
with Zdenek Riha is also
available.
Security of random number generation,
with focuses on both truly and pseudorandom number generation in the mobile
environment. Our recent work Towards True Random Number Generation in Mobile Environments
appears at the
NordSec 2009 (paper
download),
and earlier work with more experimental results appeared in paper
The Sources of Randomness in Mobile Devices, NordSec 2007 (paper
download).
Information privacy, where we undertook another privacy valuation experiment,
results from which are prepared for a publication, following the attention of both expert
and general public that has been drawn to our
Value of Location Privacy paper
(copyright ACM, presented at WPES 2006). This work has been undertaken in the framework
of activities around the FIDIS Network of Excellence.
Earlier on, we also examined ways to model the state of privacy in a given
system - and possibly to use this model for evaluating various aspects of privacy.
We started with a critical review of the older Common Criteria approach, provided
for additional definitions of unlinkability and also refined the approach, revising
also the Freiburg Privacy Diamond work of Alf Zugenmeier et al.
Preliminary results of our work are in contributions to the Privacy and Security
workshops of
Ubicomp 2004 and
Fourth IEEE International Conference on Data Mining,
and the underlying considerations were presented at the Cambridge Workshop on Security Protocols.
In my earlier work in this area, I also worked on analysing
and reporting doctor-level prescribing information in the Xponent project with
IMS Health. A paper (draft of which is
available here) for
Healthcare Informatics Journal 4.3-4 outlines some of the issues. Yet older work
involves participation in drafting the Privacy Class of the
Common Criteria, and also work
relevant to the Canadian privacy scene that was presented as the Technical Report
"Information
Privacy in Canada (Legislation in the Face of Changing Technologies)",
TR-246, School of Computer Science,
Carleton University.
Shouldersurfing attacks,
namely in relation to the Chip&PIN card payment authorisation. We conducted an intensive study
to compare the (in)security of signature- vs. PINpad-based payment
authorisation by customers. More results came out in an IEEE Computer
article, results from
the first round of our experiments are available either as
old slides
or drafted
lecture notes
(final version can be found in the proceedings of
2005 Cambridge Workshop on Security Protocols).
A book
on these and related issues on authentication and authorization is available in Czech.
Conferences, workshops, etc.
The first regional event to mention is
Mikulasska kryptobesidka,
our annual Czech cryptology workshop -
aiming to facilitate closer cooperation of professionals working in the field
of applied cryptography and related areas of security.
I also take part in the Program Committees or regular paper reviews of events like
26th IFIP International Information Security Conference (SEC 2011),
3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), and
ACM 2011 SAC Track on Applied Biometrics,
Information Security Summit,
where I chair the Steering Committe.
Data Security Management (DSM) -
Czech security journal published bi-monthly, where I'm member of the journal Editorial
Board. (And I shouldn't forget its annual Information
Security Summit, the region's prime event in the area of information security.)
My lectures in security/crypto here at the Masaryk University:
-
Securing Data and Privacy (PV080 - taught in Czech - Ochrana dat a informacniho soukromi).
-
Authentication and Access Control (PV157 - taught in Czech - Autentizace a rizeni pristupu).
-
Applied Cryptography (PV079 - in English).
-
Seminar on Information Technology Security (PA018 - in English).
-
Postgraduate Seminar on IT Security and Cryptography (PA168 - in English).
More information on these courses can be found through the university webpages
on my courses,
and we also opened our new lab at FI,
which is a coherent part and co-founder of BUSLab.
Information for our students inquiring about supervision, support, etc. can be found
at this page.
Yet I only plan to take new PhD students from September 2012 since I will spend
December 2011 - July 2012 at the
Center for Research on Computation and Society,
Harvard School of Engineering and Applied Sciences,
with a kind support of the Fulbright-Masaryk Scholarship.
I supervise PhD students
Vit Bukac,
Jaromir Dobias,
Filip Jurnecka,
Jiri Kur,
Tobias Smolka,
Martin Stehlik,
Andriy Stetsko,
Pavel Tucek,
and I had the pleasure to supervise PhD graduates
Jan (Honza) Krhovjak,
Marek Kumpost,
Petr Svenda.
Older stuff:
- The
Global Internet Trust Register published by MIT Press in March 1999 contains the
fingerprints of many important public keys used throughout the world, and you
can read more on the effort here.
- IT Security Terminology, of course with focus on the Czech
language. A part of this effort is oriented towards "English-Czech Terminology
of IT Security" - a dictionary with Czech explanatory notes, published by the
Computer Press, s.r.o. Praha 1996. Second
issue is now on the horizon.
- Security Evaluation Criteria where did some work on the Communication
and Privacy Classes for the Common
Criteria v0.9 in cooperation with the Canadian Communications Security Establishment.
Just in case you met me during my sabbatical in 2003/04 either as a Visiting Researcher
with Microsoft Research Cambridge,
or a Visiting Lecturer with University College Dublin,
Department of Computer Science, then yes, it is me. :-)
And again thanks to both these institutions, their employees, and other visitors at the
time for their kind hospitality, inspiring discussions, etc.
Vashek Matyas
E-mail: LastName at fi.muni.cz
Wed Nov 30, 2011