Personal page: Dr. Tomáš Rosa

Mathematical modelling for risk analysis and security, earned Ph.D. in cryptology with the doctoral dissertation thesis “Modern Cryptology: Standards Are Not Enough” (online version of the Ph.D. thesis). Graduated in a joint study program at the Faculty of Electrical Engineering (FEE) of the Czech Technical University in Prague (CTU in Prague) together with Faculty of Mathematics and Physics of the Charles University in Prague. My doctoral thesis received the Best Doctoral Work Award of the Rector of CTU in Prague for the year of 2004. As an external lecturer and researcher, I closely cooperate with the Department of Algebra of the Faculty of Mathematics and Physics of the Charles University in Prague and with the Faculty of Information Technology of CTU in Prague.

-- "There are people, fluent in math. There are others fluent in plain talk. The ones, who are fluent in both, might be then influential."

-- "Essentially, all models are insecure, but some are safe."

Professional Membership: IACR, UCMP

HAM Radio: OK1SFU

Quick Links: Cryptology For Practice (CZ), PicNic – HF RFID Emulator/Spyware

Here is a personal page of my colleague and friend Dr. Vlastimil Klíma who I often cooperate on research projects with. You can also find some of our joint publications there.

Work experience:

2004 – Yet Principal Cryptologist with Raiffeisenbank and Raiffeisen Bank International Competence Centre for Cryptology and Biometrics

This involves solving information security problems using formal models and methods. A considerable part of my job is an internal evaluation of security products as well as designing our own security mechanisms. That presents me various very interesting problems from the area of computer science with certain accent on applied mathematics and physics. I do actively promote the approach based on applied cryptanalysis as a natural and important counterpart to applied cryptography. I am also focused on the security of embedded and radio systems such as RFID, NFC, EMV cards, GNSS, mobile networks, and biometrics (perceived as a signal detection and estimation problem).

2003 – 2004 Information Security Director with eBanka

The objective of this job was to provide certain technology vision and leadership to start developing and implementing information security program in the bank. I was responsible for establishing a secure environment for its information assets. That included, but was not limited to: security surveys and risk analyses, development of security policies, standards, procedures and guidelines, design and analysis of security countermeasures, intrusion detection, incident handling, disaster recovery planning, etc. Besides this position I continued working on cryptology research, mainly in the area of applied cryptography and cryptanalysis. In fact, this job gave me very good inspiration for that, since I could easily recognize how modern cryptology fits into the whole puzzle of information security. Seeing the lack of essential cryptologic knowledge together with facing its practical consequences motivated our joint (with Dr. Vlastimil Klíma) effort on writing an easy to read, easy to understand, and easy to get serial on Cryptology for Practice.

2001 – 2003 Chief Cryptologist with ICZ Co.

As the chief cryptologist, I worked on projects in the area of applied cryptographic research. This mainly included joint work with the Czech National Security Authority (CNSA) on cryptographic devices designated to protect sensitive information at various security levels, including the TOP SECRET level (according to the law 148/1998 Coll., Czech Republic). In 2001 and 2003, on behalf of my results achieved, I received a special award of the board of directors and CEO of ICZ Co.

1997 – 2001 Development Specialist, Development Manager with Decros Ltd.

Here, as an information security specialist, I started working on an implementation and design of cryptographic countermeasures into various protecting devices. Since 1999, I led a small security team which was focused on the joint work with CNSA aimed on the development of special purpose cryptographic devices.

1993 – 1999 Independent Security Consultant & Publicist

Besides various consultations, studies and expert’s findings, I worked on a security devices evaluation in testing laboratories of the computer magazine CHIP (in Czech Republic).

Research area:

Cryptology, Side Channel Cryptanalysis, Cryptographic Algorithms and Protocols, Quantum Cryptography, Quantum Cryptanalysis, Mathematical Modelling, Risk Analysis, Mathematics and Physics in Computer Science, Information Theory, Signal Processing, Radio Science.

Lecture notes and publications (selected):

Cryptology for Practice. A serial aimed to serve as a basic handbook of modern applied cryptology. It should mainly be useful for security architects and cryptology students (undergraduate level). Also, several notes on RFID security are presented there. (CZ)
Electronic Attack Vectors, Information Security Summit, Prague, May 2023
Electronic Attacks on Computer Interfaces, Fresh IT, Prague, March 2023
Unmasking the Signal of e-Mask Applications (GAEN hacking), Security 2022
Mathematical Epidemiology - Compartmental Models Essentials, Mathematical Epidemiology - Vaccination, Limits, and Rates, Mathematical Epidemiology - Effective Reproduction Number of mathematical epidemiology at the Faculty of Mathematics and Physics, Charles University, Prague, Autumn 2021
GARP Chapters: Mathematical Epidemiology, Virtual chapters meeting, September 2021
KoroNERV-20 modelling meeting notes 2021: June 6th, June 22nd, July 13th, September 14th, These notes were used for discussions at our regular workshops when epi modelling was the topics. They go uncommented, but with a moderate background, I do believe they are self explaining. I put them here not only for my colleagues, but to also pursue open modelling policy that I consider very important.
Mathematical Epidemiology for... Security Analysts Again, This time with a certain emphasis on the risk induced by the principal invertibility and reversibility of the ODE-based models on the background of the epidemic code controlling governmental decisions.
Mathematical Epidemiology for... just in case, Financial Conference, Prague, June 10th, 2021. Explains mechanistic modelling using systems of differential equations that can bring important insights into the principal code of epidemic. This time, mainly for financial analysts to help them exploit this sort of a hidden determinism in their economical analyses and predictions.
Mathematical Epidemiology for the People, Part One, Part Two, Internal Raiffeisen Bank seminars for financial analysts, March-April, 2021. Also touches non-pharmaceutical interventions, vaccination models and endemic equilibria. The accent is on qualitative modelling using systems of differential equations that can bring important insights into the principal code of epidemic.
Mathematical Epidemiology for KoroNERV-20. KoroNERV-20 regular meeting, 30th of March, 2021. Explains the key ideas and principles of mathematical epidemiology to financial analysts. The emphasise was on mechanistic models formulated as systems of Ordinary Differential Equations, since these models do have many important properties for this particular kind of data science. The basic, effective, and controlled reproduction numbers were explained together with the herd immunity concept, all in the frame of the classical Kermack-McKendrick theory heritage. We also touched: non-pharmaceutical interventions, vaccination, very simple hospital occupation and prevalence relaxation models, etc. All with a qualitative accent on the principal understanding.
Mathematical Epidemiology for Security Analysts. Security Meetup, 16th of February, 2021. We exemplify the power of mathematics when applied to the epidemiological modelling, monitoring, and moderation. We view the contemporary pandemic as a global security threat and to this end we also formulate several security-related questions. Could there be a backdoor in the pandemic control system? How can we disprove this? How can we simulate and verify our control strategy? What can we learn about "patient zero" by reversing the time flow in a mechanistic model? Is the in-vivo mathematical virology modelling a way to the security in-depth control principle?
eRouška Security, Privacy, and Impact. Internal seminar, Prague, 2020. Evaluation of Google-Apple Exposure Notification framework, which in turn addresses the Czech national contact tracing application "eRouška". To also address the question "Why?", we touched the basis of mathematical modelling of epidemics, hoping to illustrate general principles of its moderation.
Emerging Security Revolution as a Response to the Quantum Mechanics Threats. Prague Payments Week, Prague, 2020.
Quantum Computation Fundamentals. Online webinar, Prague, 2020.
RBI Quantum Hackathon Workbench, Part Two. Prague and Bratislava, 2019. This time the focus was on the Learning Parity with Noise problem from the quantum machine learning perspective, emphasising its problematic usage as a cryptographic primitive under superposition queries.
The Advent of Quantum Computers. Prague, 2019. Overview of the quantum computing phenomenon, its applications in cryptanalysis and a brief outline of its peaceful usage in computational chemistry and financial mathematics.
RBI Quantum Hackathon Workbench. Prague and Vienna, 2019. This is to illustrate the quantum computing research activities that our competence centre actively participates on internally in the whole group of Raiffeisen Bank International.
Evil Qubits - The Threat of Quantum Cryptanalysis Explained. Prague, 2019. One of many and actually a root of several other lectures I did on the topic of the emerging era of quantum computer science and its implications for the future cryptanalysis and cryptography.
Cyber Breakfast - Crime in the Radio Field. Introduction into radio hacking based on the software-defined radio phenomenon. It touches the security of mobile networks, GNSS, NFC from the radio perspective, and Bluetooth LE adult toys.
Mobile Networks Hacking Techniques. A quick overview of mobile networks vulnerabilities from the radio as well as signalling systems perspective, mainly inspired by the privacy, integrity, and confidentiality demands of financial services. A small disclaimer: As intelligence agencies are noted to exploit some of these vulnerabilities here, I would like to add I am in no way surprised nor disgusted they (have to) do so. Noting them here is just for the sake of completeness. This text is a base for several public lectures on this topic I was giving in 2017.
GNSS Hacking in the Wild and Cryptographic Protections. At ITSF 2016, Prague, Oct 31st - Nov 3rd, 2016.
GPS Radio Hacking – What the Hell Time Is It? At Information Security Summit, Prague, May 25th - 26th, 2016.
GNSS/GPS Radio Hacking - From Beautiful Equations to Serious Threats. At QuBit Conference 2016, Prague, April 12^th - 14^th, 2016. This is a rather long (126 slides in total) lecture presentation that is meant to be a GNSS/GPS hacking and security analysis trivium. It contains basic overview of the GNSS principle exposing the physical connection in between the position, velocity, and time computation and the underlying signal processing. In its second part, the basic meaconing and spoofing attacks are exemplified in such a way they can be easily repeated, while keeping certain academic rigor, so other researchers can continue with their own approach. To that end, mathematical and physical principles of the digital signal processing for software-defined radios together with noise analysis in electronic circuits as well as a short introduction into real signal transmission setups is also provided to such an extent that it sufficiently supports the experiments documented here. Interestingly, in the meaconing experiment, it can be seen that the EGNOS channel PRN120 (Inmarsat 3F2 AOR-E) has also been successfully recorded and replayed, thereby illustrating a working attack on the EGNOS safety mechanism. Of course, any SBAS clearly cannot address the reception of fake signals by individual receivers, so this is not to show EGNOS would be useless. Just to point out its strength has its limits. Finally, suggested references for further study are also included in a classified way to help to pick up the right ones. Update (05/12/16): GLONASS L1OF replay attack illustrated. Update (05/26/16): Incidental radiation snapshots.
Software-Defined Radios Expose NFC and GPS Vulnerabilities. At Security 2016, Prague, February 17^th, 2016.
Radio Attacks on NFC, GPS, and Mobiles. Advent seminar note for students at FIT, CTU in Prague, December 21st, 2015. In very short and gentle introduction into mathematical groundings of Software Defined Radio (SDR), we argue SDR will probably accelerate RF hacking in general. Therefore, we shall pay attention even to those "exotic" attack that might have seem perhaps too "theoretical". Once somebody creates an RF application exploit (as we know them from the classical computer security), this SDR-exploit can be spread around the world almost instantly. So, those "theoretical" weaknesses of NFC and GPS do matter, now! Even that IEMI injection of commands into mobile voice assistants, despite looking more o less like a funny game now, can be a useful part of cyber warfare portfolio. Especially, provided we recognise IEMI can target not only those voice assistants.
X-Platform Advanced Persistant Thread. ISACA IT Governance 2015, Pilsen, October 13th - 15th, 2015. Cross-platform attack is any fraudulent activity that exploits vulnerabilities across different computing platforms. In particular, we review the following examples here: Breaking the two-factor SMS-based authentication, Bluetooth Smart potential weaknesses, and GPS spoofing.
Bluetooth Low Energy - Smart Choice With Just a Few Caveats. Gemalto SafeNet Executive Day, Prague, October 8th, 2015. Introduction into the BLE platform together with an overview of the possible security opportunities and issues. (video)
Bluetooth Low Energy Ranging Primer. Public seminar note, Prague, October, 2015. Fundamental aspects of the BLE ranging problem are described, starting with the essentials of the related EM field and antenna theory, going through Friis transmission equation in the free space, to a random process model for RSSI indicator of the a real BLE controller. Based on this elaboration, several particular ranging procedures can be devised (I do apologize, this is not a part of the public edit version, since it may contain certain company trade secrets, thanks for understanding).
Coping with the Stochastic Biometrics. At SPI 2015, Brno, May 20^th-21^st, 2015. Invited lecture, where I presented my approach to the biometrics from the cryptographer's viewpoint.
Radio Aspects of NFC Security. At Smart Cards & Devices Forum 2015, Prague, May 19^th, 2015. Despite certain marketing claims, we show the NFC communication has a deeper connection with the classical radio phenomenon then it seems to. We go deeper into the antenna theory to show rigorously what are the common principles and to what extent do they apply. On this platform, we review the physical layer attacks on NFC. Especially, we warn about the sniffing attack that is usually possible at somehow surprising distances. We also introduce a simple, however yet unpublished, new Man-In-The-Middle approach that exploits the effects of the well-known linear superposition in the electromagnetic field to allow monitoring as well as active packet injections into an existing NFC channel. We emphasise that, similarly to e.g. Wi-Fi or Bluetooth, the MITM attacker does not need to be exactly in between the two communicating parties geometrically to get into their channel in the logical sense. With extended comments, this lecture was also presented to payment card experts in the spring course of private workshops for SBK. Widescreen cinema version of this lecture presented at the Hackerfest 2015 is here.
Biometrics as Signal Detection Problem. At Security 2015, Prague, February 18^th, 2015. Based on the lecture at Hacking & Security Conference 2014 below, this version also includes certain notes on handwritten signatures security as deployed in the so-called dynamic biometric signature applications in CZ.
Biometrics - Trust But Test. Hacking & Security Conference 2014, SOOM.CZ, Prague, November 7^th, 2014. First part presents the biometrics as a statistical signal detection problem. It emphasises biometric data mining techniques are the cornerstone of reliable applications evaluation and safe (hopefully...) operation. Also mentioned are the most important, yet still open problems we have to solve in this area. Biometric cryptography is touched just lightly, please see one of those previous lectures for more on this subject. At the end, we again turn our attention to the signal detection viewpoint to show we shall never ever regard biometric characteristics as secret keys directly! Yet, reasonable systems can be built, but never this way. This complete lecture was also a base of several others of my autumn talks, so please refer to this file should you be searching for the slides of Mobile Payments 2014, Cardsession - Autumn 2014, etc.
Mobile Authentication with BIO-Cryptography Taste. Smart Cards and Device Forum 2014, Prague, May 22^nd, 2014. Popular, somewhat lightweight version of the lecture given at the Brno University of Technology security workshop, please see bellow.
Modern Authentication Hypes. European Fraud Sharing Group Meeting 2014, hotel Port, Doksy, May 16^th - 17^th, 2014. Discusses the contemporary client authentication trends showing both what is OUT and what is IN. Includes dissection of recent SMS-interception malware and also shows how to approach mobile security with possible help of devices like AirBond. We also touch the increasingly popular area of biometrics, focusing mainly on brute-force attacks and detailing this technology too has its pro et contra. Especially, we argue to do proper penetration tests here as well!
Biometric Cryptography - Mobile Application Viewpoint. Seminar security workshop, Brno University of Technology, Apr 22^nd 2014. First part presents a cryptographer's viewpoint of biometrics security. We have paid attention to expose the biometric-style brute force attack based on using random input samples and relying just on the False Acceptance Rate. After reviewing the most wanted open problems (convincing algorithm vs. black-box alchemy, safe template revocation vs. security by obscurity "no one understands this mess", and liveness detection), we have introduced the notion of biometric cryptography. Or, how to interconnect biometrics and cryptography with reliability and without invoking security by obscurity. For such "biocryptography", we have employed the well-know fuzzy commitment scheme together with discussing the generalisation towards fuzzy extractors. As a model example, we used a hypothetical mobile banking application that would use a biometric verification as yet-another authentication factor. To protect against mobile device theft, we showed we had to either use server-based biometrics or employ a biocryptography to reliably project the biometric characteristics to a key space. The possibility of biocryptography based on increasingly popular voice biometrics was discussed, too. We have presented an idea on using front-end joint factor analysis to produce derived feature vectors in the speaker space that can be employed as input samples in biocryptography schemes.
Bitcoin - Cryptographic Texture. Seminar note, Prague, Dec 20^th 2013. Introductory lecture covering the essential security mechanisms of Bitcoin together with pointing out possible directions for further research. Especially, we have paid certain attention to the distributed time-stamping service based on BlockChain majority voting scheme guarded by the Proof-of-Work mechanism. We present simple model based on an information-theoretic channel that allows us to deliver a convincing proof of the double-spending attack probabilities that are usually either "just stated" or derived in a considerably more complicated way. Nevertheless, there are still open questions concerning potential existence of more efficient attacks on BlockChain that deserve further attention. The purpose of this lecture was, besides the others, to provoke a follow-up research.
Mobile Security In Practice - Autumn 2013. Mobile Payments, Prague, Oct 10^th 2013. Reviews the threat of X-platform attacks in the light of recent attacks on mobile TAN in CZ. Then it recalls the threat of Break Your Own Device as well as inherent vulnerabilities of external NFC controllers on e.g. iPhone (regarding PIN capturing attacks and more). We also warn about using payment NFC stickers on mobile devices that have their own internal NFC controller turned on. Bluetooth Low Energy is shown as a promising technology for building e.g. external authentication devices that could enhance mobile security if the long-awaited TrustZone concept would fail its job. Finally, we discuss basics of biometric identification from the perspective of a cryptographer who believes that security through obscurity is not the right way. We warn about the necessity to precisely know at least those probability density functions behind FAR (False Accept Rate) and FRR (False Reject Rate). We then contrast different design principles in between classic, quantum, and biometric algorithms emphasizing the resistance against “algorithm tampering” (like differential/linear cryptanalysis, side-channel attacks, etc.) is usually not the prime concern in biometrics. What we can find instead is a hope that the complexity of Mother Nature will somehow automatically guarantee the strength of those algorithms. This is, however, a clear example of security through obscurity.
Mobile Devices Boom - Hackers Are Ready. What About You? IT Security Trends and DMS Safety, Prague, Sep 17^th 2013. Recalls the threat of X-platform attacks, PIN prints in mobile applications, and finally emphasizes the importance of SSL/TLS and underlines certain consequences of ignoring its known cryptographic properties (or not understanding on how to critically judge server labels obtained by audit test tool). This is just an overviewing, easy-to-follow presentation that revamps the most actual topics that were detailed in separate lectures bellow.
Wi-Fi Protected Setup - Friend or Foe? Smart Cards & Devices Forum, May 23^rd 2013. We review the brute-force attacks on WPS together with a new original countermeasure algorithm called Swamp, showing that WPS is actually not that bad as it may seem. We emphasize the attacks that captured public attention in 2011-2012 were already anticipated by WPS standard authors. We also elaborate deeper cryptographic properties of the Registration protocol, namely the role of Bit Commitment primitives inside the mutual authentication scheme. From here, we conclude that the split verification of WPS PIN that has been broadly criticised actually servers a very good purpose in the whole protocol, since it allows us to reasonably defeat another attack - we call it dual attack here. Furthermore, we show the idea of Bit Commitment based authentication can be also found in Secure Simple Pairing of Bluetooth BR/EDR, as well as in Security Manager of Bluetooth Low Energy. Interestingly, the WPS implementation of the Bit Commitment approach turns out to be the strongest one. Furthermore, we show the idea of the brute-force attack was already discovered far before by Andrew Y. Lindell in 2008 in his attack on SSP in Bluetooth. When studying the common properties of the aforementioned protocols, a new attack on authentication in Bluetooth Low Energy has been found.
Security (In)Dependence of Mobile and Internet Banking. ICT in Financial Institutions, Prague, February 27^th, 2013. First part of the presentation is devoted to emerging cross-platform attacks. Especially, various techniques of cross-platform infection are discussed. This is then used to show that those popular mobile Transaction Authentication Number (mTAN) techniques are rather on their way down. We show that having a mobile banking application is not just a luxury, as it can also be viewed as kind of countermeasure. Of course, this countermeasure is by no means definitive, as it is shown in mobile threats elaboration in second part. It may, however, give us some time to think about either external “smart” tokens or to finally bring TrustZone into its real life. Either way, we shall recognize there is rather strong dependence in between mobile and internet banking. We shall care about mobile devices security even (!) if our objective is just the internet banking only.
Discovering PIN Prints In Mobile Applications. Lecture at Security 2013, Prague (February 20^th). Despite it being feasible to achieve reliable resistance against the After-Theft Attack, we can still spot a terribly flawed design patterns that instead of defeating them rather do actively promote such attacks. In this presentation, we detail cryptographic issues connected with so-called PIN prints in applications aiming at two-factor authentication. We show various examples of such PIN prints that were already met in practice together with a (very slight) “computation-oriented” information theoretic analysis of how much information can be conveyed by such a PIN print, while transferring this to show how long PIN can be reliably brute-forced basing on that particular PIN print.
NFC On Mobile - On the Real Security of Mobile Payments. Lecture at the workshop Cards 2012, Prague. It is an extended version of the overviewing presentation from Mobile Payments 2012 (cf. bellow on this page).
Mobile Devices Security - On Practical Risks of NFC Payments. Lecture at the workshop Mobile Payments 2012, Prague. It is mainly focused on smart phone operating systems integrity, since this is the part that really deserves great attention, now. We rephrase iOS Jailbreaking as a world-wide verified proof showing us clearly even the best smart phone OS can be reliably (!) hacked (this is not to say the author is strongly against this initiative – we just reflect its security implications). Furthermore, we show practical results of iPhone peripheral channels infiltration (we use a simple MobileSubstrate tweak to do that) which has direct impact on mobile payment applications relying on external NFC controllers.
The Decline and Dawn of Two-Factor Authentication on Smart Phones. Invited lecture at Information Security Summit 2012. Basic study on whether and how we can achieve adequate two-factor authentication on smart phones. We define a simple threat model and discus the risk mitigation. The notion of distributed implicit PIN verification armored with partial OTP verification is introduced as a practical way on how to cope with this environment. The emerging concept of TrustZone is also touched. The accompanying presentation serves a dual role – instead of repeating the countermeasures from the main paper, it presents several hacking techniques emphasizing insecurity of disturbing amount of contemporary mobile applications.
Note on a mobile security, or “How the Brave Permutation Rescued a Naughty Keyboard”. Joint lecture with Petr Dvořák from Inmite at Mobile DevCamp 2012. Besides recalling wanted and unwanted design patterns, this lecture is also a continuation of the study presented at Smart Cards & Devices Forum 2012 noted bellow. It shows how exactly we have implemented the idea of the encrypted keyboard in certain mobile banking project that we have participated on.
Smart Phones Security - How (Not) To Summon The Devil. Invited lecture at Smart Cards & Devices Forum 2012. Being addressed to smart phone applications developers and penetration testers, the presentation shows typical vulnerabilities the author has met in contemporary financial applications. Particular experiments were done for Android and iOS environment, since - according to author's opinion - these systems are the most interesting and important ones. The results obtained, however, are generally applicable to almost any smart phone platform.
Android Ecosystem Integrity - Possible Malware Cross-Infection Vector. Seminar note, November 2011. This really is a trivial observation that is based on a well-known approach on how to bypass the screen lock on certain Android devices. Surprisingly, I have not seen it mentioned as a possible malware cross-infection vector regarding attacks on those popular SMS-based two-factor authentication schemes. So, I wrote this simple note for my students. Superseded by Smart Phones Security - How (Not) To Summon The Devil and also exploited in The Decline and Dawn of Two-Factor Authentication on Smart Phones.
RFID Security - Selected Areas of LF and HF Applications. Invited lecture at Hacking & Security 2012 by Soom.cz. Its aim is to illustrate typical RFID vulnerabilities and their particular exploits. It begins by trivial skimming attacks in the LF band and continues to the phenomenon of RFID wormholes. Also touched is the NFC technology, mainly as a promising hacking tool. Also included is a simple transformer-based tool for easier debugging of point-to-point NFC communication with mobile devices (no more those annoying “96” positions!).
RFID Wormholes – the Case of Contactless Smart Cards. Invited lecture at SmartCard Forum 2011. The aim was to give a solid overview of wormhole (or relay) attacks by looking at this phenomenon from various viewpoints – physical principles, technical realization, cryptographic countermeasures, NFC, etc. The experimental part is based on using libNFC library.
Unleashing EMV Cards For Security Research, Santa’s Crypto Get-Together in Prague, December 2^nd – 3^rd, 2010 (slides, abstract). Invited lecture for the international cryptography workshop organized in Prague. Together with the previous presentation on approaching side channel experiments (cf. bellow) this is another part of EMV Cards Trivium puzzle aimed to encourage academic research of payment cards security.
EMV Cards Trivium – A Fast Way to Side Channel Experiments. This lecture was originally prepared for the smartcard security research group at Masaryk University Faculty of Informatics in Brno. It is, however, addressed to all those researchers who would like to experiment with side channel attacks on EMV cards but were afraid of their obscure complexity. To allow rapid card profiling, a technique based on CAP/DPA-reader interaction is developed and described here. We call it a CAP/DPA-teacher approach. June 2010.
Authentication By Payment Card – Experiences Gained By Penetration Tests (CZ). Invited lecture at SmartCard Forum 2010. The main objective here was so-called connectable CAP/DPA reader. Besides promising new user-friendly features, these devices also introduce several new risks that shall be addressed accordingly when deploying them in internet banking applications.
Certain lecture notes on RFID security: SmartCard Forum 2009 (CZ, EN), Teleinformatika 2009 (CZ).
Problems arising around non-repudiation of digital signatures as an inspiration for quantum cryptologists, University of Palacky, October 7, Olomouc, 2004. (CZ)
Security Policy – a Document of Various Looks and Purposes, lecture for security managers and directors at IT Security 2004, staged by the Institute for International Research, Wien. (CZ)
Lecture on special cryptanalysis held for colleagues at the Department of Computer Science, June 2003 (zipped ppt, syllabus). (CZ)

Research projects and publications (selected ones):

Rosa, T.: Bypassing Passkey Authentication in Bluetooth Low Energy, IACR Cryptology ePrint Archive, Report 2013/309, May 2013.
Android Binder Security. Started in November 2011, this project aims to promote recognition of importance and further research in the area of security of the Android binder framework – its core Inter Process Communication mechanism.
Hlaváč, M. and Rosa, T.: A Note on the Realay-Attacks on e-passports – The Case of Czech e-passports, IACR ePrint archive 2007/244, Jun 2007.
Hlaváč, M. and Rosa, T.: Extended Hidden Number Problem and Its Cryptanalytic Applications, in Proc. of SAC 2006, LNCS 4356, pp. 114-133, Springer-Verlag, 2007.
Rosa, T.: Cryptographic Insecurity of the Test&Repeat Paradigm, NATO Advanced Research Workshop - Security and Embedded Systems, University of Patras, Greece, 2005. (slides in ppt)
Rosa, T.: Lattice-based Fault Attacks on DSA - Another Possible Strategy, in Proc. of Security and Protection of Information 2005, pp. 91-96, Brno, 2005.
Rosa, T.: Non-repudiation of digital signatures, in Proc. of 2^nd Scientific and Pedagogical Conference at ZMVS: Juridical Regulation of Networked Society, Trebic, September 2004. Slides used for the presentation are here. The paper identifies an insufficiency of a strictly logical approach to the subject of non-repudiation. It warns about problems arising on the edge between mathematical and juridical reasoning and sketches possible solutions. (CZ)
Dissertation thesis, mainly on Side Channel Cryptanalysis.
Klíma, V., Pokorný, O., and Rosa, T.: Attacking RSA-based Sessions in SSL/TLS, in Proc. of CHES 2003, Cologne, Germany, September 2003, pp. 426-440, Springer-Verlag, 2003. For an extended version, see IACR ePrint archive 2003/052, March 2003. Slides used for the presentation are here.
Klíma, V., Rosa, T.: Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format, in Proc. of Security and Protection of Information 2002, NATO PfP/PWP - 2nd International Scientific Conference Security and Protection of Information, Brno, Czech Republic, 28^th – 30^th of April 2003.
Klíma, V. and Rosa, T.: Further Results and Considerations on Side Channel Attacks on RSA, in Proc. of CHES 2002, San Francisco Bay, USA, August 2002, pp. 245-260 , Springer-Verlag, 2002. Slides used for the presentation are here.
Klíma, V. and Rosa, T.: Strengthened Encryption in the CBC Mode, IACR ePrint archive 2002/061, May 2002.
Rosa, T.: On the Key-collisions in the Signature Schemes (CZ), in Proc. of workshop VKB 2002, pp. 14-26, 2002, Brno. These slides (EN) belong to the Czech version of the paper. The paper won the best presentation award on the workshop VKB 2002. The paper differs from the one presented at CRYPTO 2002 Rump Session in that it also discuses k-collisions in RSA schemes. On the other hand the paper listed bellow is more general and it also elaborates possible countermeasures more deeply and precisely.
Rosa, T.: Key-collisions in (EC)DSA: Attacking Non-repudiation, CRYPTO 2002 Rump Session, IACR ePrint archive 2002/129, Santa Barbara, USA, August 2002. Slides used for the Rump Session presentation are available here.
Rosa, T.: Future Cryptography: Standards are not Enough, in Proc. of Security and Protection of Information 2001, NATO PfP/PWP – 1st International Scientific Conference Security and Protection of Information, Brno, Czech Republic, 9^th – 11^th of May 2001.
Klíma, V. and Rosa, T.: Attack on Private Signature Keys of the OpenPGP format, PGP (TM) Programs and Other Applications Compatible with OpenPGP, IACR ePrint archive 2002/076, version 1, March 2001, minor update on June 2002. For somehow re-factored elaboration of this subject please see my dissertation thesis here.
Kupča, V. and Rosa, T.: Theory and Perspectives of Quantum Computers, in Proc. of Workshop 2001 - Part A, pp. 192-193, CTU Prague, 2001. This short article summarizes the results of diploma thesis presented by Vojtěch Kupča at the Department of Computer Science at FEE, CTU in Prague, and led by Tomáš Rosa.

Other Activities:

Time to time, you can see my contributions at the Czech cryptologic news server. The aim of the server is to bring reader’s attention at fresh, but also certainly matured topics related to cryptology and-or information security. (CZ)
Here you can find an interview with me done for a weekend supplement of the newspaper Hospodářské noviny in May 2003. Partly, it is based on our attack on SSL/TLS (cf. above). (CZ)

Last update: July 15^th, 2023.

tomas_dot_rosa "96"(just append this number) [at] gmail_dot_com