Main research goals

Security and applied cryptography are broad and important areas in IT. In its research projects the centre covers in a fairly complex manner all relevant subfields.

• Security of smart cards and specialized hardware modules
  Various types of smart cards are employed to improve authentication security. These types differ in the list of attacks they are able to resist (acid etching, irradiation, freezing with liquid nitrogen), thus varying in their respective suitability for various applications. By far the most secure type is the so-called hardware security module. Even that, however, has its weaknesses we are trying to expose.
• Security protocols and authentication tokens
  The second sub-field of interest is analysis and design of security protocols and of tokens used for authentication and privacy attainment. These protocols are commonly seen in money transactions or communication with electronic passports, smart cards and other such hardware tokens.
• Random number generation
  Another important research vector is generation of (pseudo)random numbers and cryptographic material in general. Currently, mobile computation environments are the principal aim, with mobile phones in the hotspot. The research covers, for instance, identification and analysis of satisfactory sources of randomness, design and integration of prototypical extractors of entropy and pseudo-random number generators.
• Security in wireless sensor networks
  Wireless sensor networks are a new technology which allows for extraction of information (on temperature, pressure, motion, etc.) from a large area using wirelessly connected autonomous sensor nodes equipped with a considerably limited computational power, memory and energy source. Security-oriented research in this field focuses on designing new key management techniques, on secure routing, robust data aggregation, distributed reputation systems and detection of presence of an attacker in the network. In our laboratory a testing network is available which can be used for empirical verification of proposals and designs.
• Privacy protection
  Out of all the topics related to user privacy protection we chiefly focus on modeling of user behavior. These models (acquired from a particular live system) let us find out about the predictability of user behavior in the future. Other points of observation are identifiability of a particular user based solely on her long-term behavior so far, and factors influencing the success of such identification.
• Network security
  Expansion of the Internet brought about similarly fast expansion of the number of attack vectors. Starting with conventional viruses, the attackers moved on to automated worms, forged bank-originated e-mails (phishing) and forming botnets out of captured computers whose owners have no clue as to what are their machines at home or at worked abused for. The work of our group is to promote education and participate in formulating principles of good behavior in a network.
• Securing web services
  All kinds of attacks interest us in this respect: SQL injection, cross-site scripting, remote code injection, etc. Students can not only learn about such techniques, but also acquire hands-on experience executing them in a real environment. That lets them glimpse the thought processes of attackers, and develop more effective security measures in consequence.