Facebook Twitter LinkedIn You TUBE


Tomáš Rosa

Czech Republic

Mr. Tomáš Rosa Ph.D.


Future Forces Forum Future Forces Exhibition 2016 Geospatial, Hydrometeorological and GNSS (GEOMETOC) Workshop 2016

External consultant
National Cyber and Information Security Agency


Presentation

Mobile Infrastructure Vulberabilities

 

It is well known that software-defined radios (SDR) break the barrier in between eager hackers and many radio electronic applications. Besides GNSS (Global Navigation Satellite Systems), the mobile networks since 2G to even 5G seem to be the next target of massive attacks. 

In this talk, we explain the threat of these activities, the vectors they use to invade the network integrity as well as how to mitigate the risk for applications that have to rely on these services somehow. As an example, we use contemporary banking applications. 

In particular, we will cover typical vulnerabilities, starting with the mobile handsets, going through the radio interface and ending up with network core vulnerabilities induced by SS7 and Diameter. The emphasis will be on combined attacks that are, not surprisingly, the most efficient and hard to defeat ones. 


Curriculum Vitae

Education:

1999 – 2004: Ph.D. in Computer Science / Applied Mathematics

combined study at Czech Technical University in Prague, Faculty of Electrical Engineering, and Charles University in Prague, Faculty of Mathematics and Physics

honoured by Best Doctoral Work Award of the Rector of CTU

 1996 – 1999: M.Sc. in Computer Science

Czech Technical University in Prague, Faculty of Electrical Engineering

 1993 – 1996: B.Sc. in Electronics

Czech Technical University in Prague, Faculty of Electrical Engineering

 Professional Experience:

2003 – yet: Principal Cryptologist of Raiffeisen Bank International

2001 – 2003: Senior Cryptologist , ICZ, a.s.

1997 – 2001: Developer of Embedded Applications, Decros, s.r.o.

Achievements (selected):

2013:     Passkey authentication of Bluetooth Low Energy broken even for one-time passwords – standard was updated

2011:     Cryptanalysis of the international payment cards protocol EMV – resulted into an EMV standard update and worldwide audit of payment card processors

2003:     Cryptanalysis of SSL/TLS protocols – significant worldwide response, standard was updated (cf. RFC 5246, ref. [KPR03])

2001:     Cryptanalysis of OpenPGP – international impact and response

© 2010 – 2018 Future Forces FORUM Prague, All rights reserved.