• The jubilee XXV year of the IS2 conference took place on 29-30 May 2024 in the Aula of the Czech Technical University - Bethlehem Chapel.
    It was an honour to welcome all the distinguished personalities and speakers.
    Thank you to all partners.
    We are now preparing websites with the archive of lectures.
  • Videos and summit books from past conferences are available for registered participants after logging to "Off-line Access" HERE...

back  Back to programme...



Tomáš Rosa graduated from the Dept. of Computer Science of the Faculty of Electrical Engineering of the Czech Technical University in Prague (CTU), in a combined study programme with the Faculty of Mathematics and Physics of Charles University in Prague. He received the Best Doctoral Work Award of the Rector of CTU for 2004. As a chief cryptologist, he worked on TOP SECRET information protection projects under Czech Act no. 148/1998 Coll. In the Czech Republic, he belongs to the group of pioneering researchers in the area of applied cryptanalysis which he promotes as a natural counterpart to the well-known paradigm of applied cryptography. He participates on various research projects in this area. As an information security expert with Raiffeisenbank, he is focused on applied cryptography and cryptanalysis in the area of embedded applications and devices.




In this paper, we focus on two-factor authentication methods employed by smart phones. Regarding this platform, it is well-known that there are several risks that should be evaluated carefully when designing such applications. It actually turns out that it probably signalizes an emerging decline of two-factor authentication as we know it, for instance, from some contemporary banking applications. Smart phones, on the other hand, do not provide only new threats and vulnerabilities; they also promise to deliver an excellent mix of computational power, rich peripheral devices and applications right into the client’s hand. After having successfully mastered this part of mobile device evolution, we can hope to see a dawn of the two-factor authentication as we need it. We define three basic threat models that are connected with smart phones. For each model, we then present a typical effective way of how the risk can be mitigated. We do not strive to improve the smart phone platform itself. We basically accept that the particular threat can occur and we search for possible ways of how to mitigate the risk. To do this, we mainly employ techniques of redundancy-less encryption schemes, intensive explicit sensitive data wiping, and finally, we also touch on approaching technologies such as NFC-based authentication tokens bearing an independent display and buttons. We examine this topic solely from the viewpoint of the code that is running on the particular smart phone device, since we believe that this is the part that now deserves the greatest attention. To explain the countermeasures, we use easy-to-follow examples illustrating what can happen when something in our design goes wrong. Our aim is to explain the main principles, while unimportant technical details will be omitted for the sake of readability.

What interests you?

sliva 2017 1

DSM Magazine

DSM is a professional quarterly magazine focused on information security and data protection problematics. Our goal is to provide an up-to- date overview of development trends in broader context.


is2 20 let

Conference IS2

A prestigious international conference on information security, organized under the auspices of the prime minister and other eminent representatives of the Czech government.



Partnerská společnost
icz logo banner small v2

Na naší webové stránce používáme cookies. Některé z nich jsou nutné pro běh stránky, zatímco jiné nám pomáhají vylepšit vlastnosti stránky na základě uživatelských zkušeností (tracking cookies). Sami můžete rozhodnout, zda cookies povolíte. Mějte prosím na paměti, že při odmítnutí, nemusí být stránka zcela funkční.

Back to top