• Security in wireless sensor networks
    Wireless sensor networks are a new technology which allows for extraction of information (on temperature, pressure, motion, etc.) from a large area using wirelessly connected autonomous sensor nodes equipped with a considerably limited computational power, memory and energy source. Security-oriented research in this field focuses on designing new key management techniques, on secure routing, robust data aggregation, distributed reputation systems and detection of presence of an attacker in the network. In our laboratory a testing network is available which can be used for empirical verification of proposals and designs.
  • Security protocols and authentication tokens
    The second sub-field of interest is analysis and design of security protocols and of tokens used for authentication and privacy attainment. These protocols are commonly seen in money transactions or communication with electronic passports, smart cards and other such hardware tokens.
  • Security of smart cards and specialized hardware modules
    Various types of smart cards are employed to improve authentication security. These types differ in the list of attacks they are able to resist (acid etching, irradiation, freezing with liquid nitrogen), thus varying in their respective suitability for various applications. By far the most secure type is the so-called hardware security module. Even that, however, has its weaknesses we are trying to expose.
  • Random number generation
    Another important research vector is generation of (pseudo)random numbers and cryptographic material in general. Currently, mobile computation environments are the principal aim, with mobile phones in the hotspot. The research covers, for instance, identification and analysis of satisfactory sources of randomness, design and integration of prototypical extractors of entropy and pseudo-random number generators.
  • Securing web services
    All kinds of attacks interest us in this respect: SQL injection, cross-site scripting, remote code injection, etc. Students can not only learn about such techniques, but also acquire hands-on experience executing them in a real environment. That lets them glimpse the thought processes of attackers, and develop more effective security measures in consequence.
For more information visit the webpages of Laboratory of Security and Applied Cryptography