Personal page: Dr. Tomáš Rosa

I was born in 1974 in Prague, Czech Republic. I received M.Sc. degree in theoretical computer science at the Faculty of Electrical Engineering (FEE) at the Czech Technical University in Prague (CTU in Prague). The theme of my doctoral dissertation thesis reads “Modern Cryptology: Standards Are Not Enough” (online version of the Ph.D. thesis). It was a joint study program also at the Faculty of Mathematics and Physics of the Charles University in Prague and it was honored by the Best Doctoral Work Award of the Rector of CTU in Prague for the year of 2004. As an external lecturer and researcher, I closely cooperate with the Department of Algebra of the Faculty of Mathematics and Physics of the Charles University in Prague and with the Faculty of Information Technology of CTU in Prague.

Here is a personal page of my colleague and friend Dr. Vlastimil Klíma who I often cooperate on research projects with. You can also find some of our joint publications there.

Membership: Cryptoworld (CZ)

Quick Links: Cryptology For Practice (CZ), PicNic – HF RFID Emulator/Spyware

Work experience:

2004 – yet Senior Cryptologist with Raiffeisenbank (merged with eBanka in summer 2008)

Having successfully established information security department for eBanka (c.f. bellow), I enjoy working in this department as a senior cryptologist, or broadly speaking as senior information security expert. That involves solving information security problems using formal models and methods. A considerable part of my job is internal evaluation of security products. Obviously, any modern bank requires its systems to be under close and continuous security supervision during their design and maintenance. That presents me various very interesting problems from the area of modern cryptology. I do actively promote the approach based on applied cryptanalysis as a natural and important counterpart to applied cryptography. I am also focused on the security of embedded systems (including the smart phone platforms like Android, iOS, etc.), RFID, NFC, and EMV cards. Besides that I also somehow participate on design and implementation of the whole information security strategy of Raiffeisenbank. Through the Vienna headquarter, I also provide the aforementioned services for the whole group of Raiffeisen Bank International.

2003 – 2004 Information Security Director with eBanka

The objective of this job was to provide certain technology vision and leadership to start developing and implementing information security program in the bank. I was responsible for establishing a secure environment for its information assets. That included, but was not limited to: security surveys and risk analyses, development of security policies, standards, procedures and guidelines, design and analysis of security countermeasures, intrusion detection, incident handling, disaster recovery planning, etc. Besides this position I continued working on cryptology research, mainly in the area of applied cryptography and cryptanalysis. In fact, this job gave me very good inspiration for that, since I could easily recognize how modern cryptology fits into the whole puzzle of information security. Seeing the lack of essential cryptologic knowledge together with facing its practical consequences motivated our joint (with Dr. Vlastimil Klíma) effort on writing an easy to read, easy to understand, and easy to get serial on Cryptology for Practice.

2001 – 2003 Chief Cryptologist with ICZ Co.

As the chief cryptologist, I worked on projects in the area of applied cryptographic research. This mainly included joint work with the Czech National Security Authority (CNSA) on cryptographic devices designated to protect sensitive information at various security levels, including the TOP SECRET level (according to the law 148/1998 Coll., Czech Republic). In 2001 and 2003, on behalf of my results achieved, I received a special award of the board of directors and CEO of ICZ Co.

1997 – 2001 Development Specialist, Development Manager with Decros Ltd.

Here, as an information security specialist, I started working on an implementation and design of cryptographic countermeasures into various protecting devices. Since 1999, I led a small security team which was focused on the joint work with CNSA aimed on the development of special purpose cryptographic devices.

1993 – 1999 Independent Security Consultant & Publicist

Besides various consultations, studies and expert’s findings, I worked on a security devices evaluation in testing laboratories of the computer magazine CHIP (in Czech Republic).

Research area:

Cryptology, Side Channel Cryptanalysis, Cryptographic Algorithms and Protocols, Quantum Cryptography, Quantum Cryptanalysis, Risk Analysis, Mathematical Foundations of Information Security, Security Management, and Information Management

Lecture notes and publications (selected):

Cryptology for Practice. A serial aimed to serve as a basic handbook of modern applied cryptology. It should mainly be useful for security architects and cryptology students (undergraduate level). Also, several notes on RFID security are presented there. (CZ)
RFID Wormholes – the Case of Contactless Smart Cards. Invited lecture at SmartCard Forum 2011. The aim was to give a solid overview of wormhole (or relay) attacks by looking at this phenomenon from various viewpoints – physical principles, technical realization, cryptographic countermeasures, NFC, etc. The experimental part is based on using libNFC library.
Unleashing EMV Cards For Security Research, Santa’s Crypto Get-Together in Prague, December 2^nd – 3^rd, 2010 (slides, abstract). Invited lecture for the international cryptography workshop organized in Prague. Together with the previous presentation on approaching side channel experiments (cf. bellow) this is another part of EMV Cards Trivium puzzle aimed to encourage academic research of payment cards security.
EMV Cards Trivium – A Fast Way to Side Channel Experiments. This lecture was originally prepared for the smartcard security research group at Masaryk University Faculty of Informatics in Brno. It is, however, addressed to all those researchers who would like to experiment with side channel attacks on EMV cards but were afraid of their obscure complexity. To allow rapid card profiling, a technique based on CAP/DPA-reader interaction is developed and described here. We call it a CAP/DPA-teacher approach. June 2010.
Authentication By Payment Card – Experiences Gained By Penetration Tests (CZ). Invited lecture at SmartCard Forum 2010. The main objective here was so-called connectable CAP/DPA reader. Besides promising new user-friendly features, these devices also introduce several new risks that shall be addressed accordingly when deploying them in internet banking applications.
Certain lecture notes on RFID security: SmartCard Forum 2009 (CZ, EN), Teleinformatika 2009 (CZ).
Problems arising around non-repudiation of digital signatures as an inspiration for quantum cryptologists, University of Palacky, October 7, Olomouc, 2004. (CZ)
Security Policy – a Document of Various Looks and Purposes, lecture for security managers and directors at IT Security 2004, staged by the Institute for International Research, Wien. (CZ)
Lecture on special cryptanalysis held for colleagues at the Department of Computer Science, June 2003 (zipped ppt, syllabus). (CZ)

Research projects and publications (selected ones):

Android Binder Security. Started in November 2011, this project aims to promote recognition of importance and further research in the area of security of the Android binder framework – its core Inter Process Communication mechanism.
Hlaváč, M. and Rosa, T.: A Note on the Realay-Attacks on e-passports – The Case of Czech e-passports, IACE ePrint archive 2007/244, Jun 2007.
Hlaváč, M. and Rosa, T.: Extended Hidden Number Problem and Its Cryptanalytic Applications, in Proc. of SAC 2006, LNCS 4356, pp. 114-133, Springer-Verlag, 2007.
Rosa, T.: Cryptographic Insecurity of the Test&Repeat Paradigm, NATO Advanced Research Workshop - Security and Embedded Systems, University of Patras, Greece, 2005. (slides in ppt)
Rosa, T.: Lattice-based Fault Attacks on DSA - Another Possible Strategy, in Proc. of Security and Protection of Information 2005, pp. 91-96, Brno, 2005.
Rosa, T.: Non-repudiation of digital signatures, in Proc. of 2^nd Scientific and Pedagogical Conference at ZMVS: Juridical Regulation of Networked Society, Trebic, September 2004. Slides used for the presentation are here. The paper identifies an insufficiency of a strictly logical approach to the subject of non-repudiation. It warns about problems arising on the edge between mathematical and juridical reasoning and sketches possible solutions. (CZ)
Dissertation thesis, mainly on Side Channel Cryptanalysis.
Klíma, V., Pokorný, O., and Rosa, T.: Attacking RSA-based Sessions in SSL/TLS, in Proc. of CHES 2003, Cologne, Germany, September 2003, pp. 426-440, Springer-Verlag, 2003. For an extended version, see IACR ePrint archive 2003/052, March 2003. Slides used for the presentation are here.
Klíma, V., Rosa, T.: Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format, in Proc. of Security and Protection of Information 2002, NATO PfP/PWP - 2nd International Scientific Conference Security and Protection of Information, Brno, Czech Republic, 28^th – 30^th of April 2003.
Klíma, V. and Rosa, T.: Further Results and Considerations on Side Channel Attacks on RSA, in Proc. of CHES 2002, San Francisco Bay, USA, August 2002, pp. 245-260 , Springer-Verlag, 2002. Slides used for the presentation are here.
Klíma, V. and Rosa, T.: Strengthened Encryption in the CBC Mode, IACR ePrint archive 2002/061, May 2002.
Rosa, T.: On the Key-collisions in the Signature Schemes (CZ), in Proc. of workshop VKB 2002, pp. 14-26, 2002, Brno. These slides (EN) belong to the Czech version of the paper. The paper won the best presentation award on the workshop VKB 2002. The paper differs from the one presented at CRYPTO 2002 Rump Session in that it also discuses k-collisions in RSA schemes. On the other hand the paper listed bellow is more general and it also elaborates possible countermeasures more deeply and precisely.
Rosa, T.: Key-collisions in (EC)DSA: Attacking Non-repudiation, CRYPTO 2002 Rump Session, IACR ePrint archive 2002/129, Santa Barbara, USA, August 2002. Slides used for the Rump Session presentation are available here.
Rosa, T.: Future Cryptography: Standards are not Enough, in Proc. of Security and Protection of Information 2001, NATO PfP/PWP – 1st International Scientific Conference Security and Protection of Information, Brno, Czech Republic, 9^th – 11^th of May 2001.
Klíma, V. and Rosa, T.: Attack on Private Signature Keys of the OpenPGP format, PGP (TM) Programs and Other Applications Compatible with OpenPGP, IACR ePrint archive 2002/076, version 1, March 2001, minor update on June 2002. For somehow re-factored elaboration of this subject please see my dissertation thesis here.
Kupča, V. and Rosa, T.: Theory and Perspectives of Quantum Computers, in Proc. of Workshop 2001 - Part A, pp. 192-193, CTU Prague, 2001. This short article summarizes the results of diploma thesis presented by Vojtěch Kupča at the Department of Computer Science at FEE, CTU in Prague, and led by Tomáš Rosa.

Other Activities:

Time to time, you can see my contributions at the Czech cryptologic news server. The aim of the server is to bring reader’s attention at fresh, but also certainly matured topics related to cryptology and-or information security. (CZ)
Here you can find an interview with me done for a weekend supplement of the newspaper Hospodářské noviny in May 2003. Partly, it is based on our attack on SSL/TLS (c.f. above). (CZ)

Last update: November 11^th, 2011.

tomas_dot_rosa (at) rb_dot_cz