Ing. Jiří Dostál, Ph.D.

Ing. Jiří Dostál, Ph.D.

Dr.-Ing. Martin Novotný

Department of Digital Design

Ing. Jiří Dostál, Ph.D.

Ing. Ivan Halaška

Department of Software Engineering

This thesis deals with the design and development of universal booking system for services club Silicon Hill on Strahov. Based on the analysis it is designed and implemented an application that will be used to create and then manage the reservations of services. Applied technologies are PHP, Nette, HTML, SQL, CSS.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Smítka

Department of Computer Systems

The goal of my bachelor thesis was to analyse existing booking system at the grill centre in the Strahov dormitories, which is based on groupware called Zimbra, and to develop a new system that solves all lacks of the current system. The new web application meets all the requirements including connection to the existing information system that runs on the Strahov dormitories using OAuth 2.0 protocol. The back-end is written in Node.js using Express framework. The data are stored in the PostgresSQL database and the sessions use Redis store. The user interface is designed to meet all today's standards including responsivity and works in all modern browsers. The application was tested by several users on different systems and devices in different browsers.

Ing. Jiří Dostál, Ph.D.

Ing. Karel Pohl

Department of Computer Systems

The Bachelor's thesis on "Aplikace pro řízení rizik kybernetické bezpečnosti" addresses risk management analysis for small to medium-sized enterprises in the first part. The thesis discusses various environments and conditions for risks, the individual steps that must be taken, and how to best evaluate these risks. The second part of the thesis deals with an analysis of the risk management application, followed by the implementation and programming of a prototype and how to implement it. In the last section the prototype was tested in a real-world environment to identify any problems our prototype may have.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Ondřej Mašek

Department of Theoretical Computer Science

Ing. Jiří Dostál, Ph.D.

Ing. Marek Suchánek, Ph.D. et Ph.D.

Department of Software Engineering

This thesis offers solution for project "Hospital information system". The main aim of the thesis is to contribute to improving the efficiency of the hospital and to transit to a new level of care and treatment of patients. In the theoretical part of the thesis reader will be able to explore a subject area related to the health field and to focus on legal issues of national regulators and standards with reference to cybersecurity and the preservation of sensitive health information. Besides, the process of designing the information system, including analysis of requirements, conceptual models, will be described in details. In the practical part of the thesis the information system for medical institutions based on a web platform will be implemented.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Michal Šoch, Ph.D.

Department of Computer Systems

This bachelor's thesis deals with the design of GCSE project submissions system at the Secondary School of Electrical Engineering and Higher Vocational School Pardubice. The objective of the thesis is to implement a web application for the submission of GCSE projects considering the security and cryptographic verification of the work. Software engineering methods are used to analyze requirements and use cases. Furthermore, the design of the web application including a security model for non-repudiable submission of GCSE project files using trusted timestamping is developed. The previous analysis and design are followed by the implementation of the web application, which is resolved using a Single Page Application, written in React, on the frontend, interacting with REST API, using Laravel framework, on the backend. The result of this work is a fully working web application that allows a high school to effectively manage the GCSE projects of students.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

This thesis deals with Java Card Technology as a second-factor of authentication for KeePass Password Manager. The 2FA is implemented by using the KeePass Plugin System along with the Java Card applet. To ensure maximum security, this work analyses possible security threats and implements security measures that prevent them. The most significant threats are the danger of emulating the Java Card, communication sniffing, and weak database key. All of them are prevented by a combination of the following factors. First of all, protecting the card by PIN code. Second, encrypt the communication by using the RSA cipher. Third, implementing the Secure Channel Protocol that ensures the Java Card does not provide the database key to any other entity, but the KeePass plugin. Last, proper generation of the database key with a secure random algorithm that is supported by the Java Card. This thesis is a good reference for anyone who wants to explore the possibilities of Java Applet development including supported security functions, and the KeePass Plugin System.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Miroslav Balík, Ph.D.

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

This thesis focuses on security vulnerabilities of wireless communication and their use by software defined radios. Base elements of radios are discussed, their analog parts and digital signal processing. This is followed by attacks analysis like jamming attack, replay attack, tampering and relay attack. In addition, a review of existing solutions was conducted, the focus was particularly on Universal Radio Hacker. Using all this knowledge, own app was designed, implemented and optimized for use with HackRF and USRP. Also HackRF One and USRP B210 were used during testing. Application testing was done on the weather station TFA and remote keyless system used in Ford Focus Mk 2.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

The bachelor thesis focuses on the security analysis of the updated internal network of the Tesla Model 3 car. The theoretical part of the work describes the network technologies used by the automotive industry and introduces the reader to the technologies used in the Tesla Model 3. The practical part then focuses on a security analysis of the tested car. The security analysis uses a modified penetration testing standard PTES. The standard has been enriched with an experimental part that expands the usefulness of the work in the penetration testing industry. The analysis found that the tested internal network of the car is securely created apart from the video recording from the rear camera. An attacker could modify video recording, after the previous access to the car, without the knowledge of the car owner. At the end of the thesis, a specific example of the found vulnerability is presented and a sample video recording of the vulnerability can be found in the appendix of the thesis.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Smítka

Department of Computer Systems

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

This bachelor's thesis explores creating a peer-to-peer backup application that allows users to create a backup to other randomly selected users -- in exchange for some of their free disk space. The theoretical part of this thesis involves analyzing the requirements, creating the design, and examining solutions to its deficiencies. The implementation part features a functional proof-of-concept application that showcases the concept.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš

Department of Software Engineering

This thesis deals with the analysis, design and implementation of a plugin for Pico CMS - simple, flat file web content management system. The plugin will provide a user authentication and a configurable access restriction to pages. Authentication will be achieved via local user accounts managed by the plugin or via a Single Sign-On (SSO) solution. This thesis also describes the options for authentication using the OAuth 2.0 protocol and discusses potential security risks of the final implementation. The resulting plugin can be used by the community of Pico CMS users for allowing access to some parts of their web presentation only to the authorized users. The attachment contains a source code of the plugin and a documentation reference.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Viktor Černý

Department of Computer Systems

This bachelor thesis deals with the security analysis of the ZigBee protocol and the IEEE 802.15.4 protocol on which the ZigBee protocol is built. It explains the basic functioning of both protocols and their security extensions and weaknesses in detail. It also discusses how to create a test network using the CC2652P coordinator, smart bulb, switch and Home Assistant application. The work results in an application that allows easy security analysis of devices and networks, which can be extended simply. The application is written in Python using the Scapy library. It uses the CC2531 coordinator to eavesdrop on communications. The proposed application is used to analyze the created test network whose security is evaluated in the work.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Pavel Štěpán

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Simona Fornůsek, Ph.D.

Department of Computer Systems

The goal of this thesis is to create a new tool or a plugin which will improve capabilities of automated detection of web application vulnerabilities. To reach this goal the most popular open-source web vulnerability scanners were analyzed and benchmarked for SQLi and XSS detection. Based on this analysis a decision to create a ZAP plugin which would improve its XSS detection capabilities was made. The newly created plugin successfully reaches this goal by correctly detecting whether an XSS payload is being injected into a properly quoted JavaScript context.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Tomáš Zloch

Department of Computer Systems

Ing. Jiří Dostál, Ph.D.

Ing. Viktor Černý

Department of Computer Systems

This thesis presents a secure Over-the-Air update model designed for IoT devices. This model is created based on a research of existing FOTA architectures and a built threat model concerning the OTA update process. The model is adaptable for various IoT platforms and thus it serves as a framework for a platform-specific OTA update design creation. It is followed by a practical utilization of the model consisting of an OTA update architecture designed for ESP32 devices. The architecture is implemented considering the existing ESP-IDF framework OTA solution providing a secure OTA update solution for an environment with ESP32 devices. The implementation is tested on ESP32 DevKitC revision 1 device.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Kašpar

Department of Computer Systems

Analysis of creation and getting timestamps from hardware resources is main part of this thesis. There is also part with their processing according to PTP protocol. All these methods are described using C language. Informations are ilustrated in formed application, which copies PTP principles. Application testing results are included in the document as well.

Ing. Jiří Dostál, Ph.D.

Ing. David Buchtela, Ph.D.

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Computer Systems

Research on the KeePass plugin base and most common cloud storage providers showed that no combination of plugins or cloud providers creates a safe 2FA environment for the KeePass database. Therefore, several solutions were investigated. Researched technologies consist of OTP tokens, Microsofts crypto libraries, such as CNG or Windows Hello, and TPM 2.0. TPM was chosen for the solution proposal and later for implementation out of all these candidates. Using TPM and an arbitrary cloud provider, a cryptosystem was created and implemented into a working KeePass plugin. This plugin was tested and documented, as well as a creation of a threat model on this plugin, identifying possible cybersecurity threats.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

The bachelor's thesis focuses on the development of an application to simplify IoT testing processes. The thesis describes the architecture of fourth-generation mobile networks and analyses the srsRAN and Osmocom projects. The main part deals with the design and implementation of the application, which was developed using the Python programming language. The application allows simple network parameter setting and SIM card programming. The network settings and SIM profiles are stored within the project which can be saved or loaded. The application executes the tools of the srsRAN and Osmocom projects using bash scripts. The work also includes a security evaluation, as the application accepts user input, works with the file system and executes scripts using privileged commands. An installation manual and a user guide are provided for the users.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš

Department of Computer Systems

This thesis deals with T. J. Sokol Kolín - Atletika company computer network security analysis. The emphasis is on cybersecurity. The analysis part proceeds using The Penetration Testing Execution Standard. The thesis uses method STRIDE to identify security threats. After analysis, the work continues with the suggestion and implementation of measures to eliminate the discovered threats. The solution is mostly based on network segmentation, access management, identity management, and network monitoring. As a result, the T. J. Sokol Kolín - Atletika company network is better secured. Based on the thesis, similar companies can secure their networks such as.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Smítka

Department of Computer Systems

This thesis deals with vehicle-to-everything communication, V2X, focusing on its security aspects. It describes the function of digital certificates that are used to secure the communication and the methods by which they are distributed. It also examines current software solutions and their security capabilities. The result of the practical part is an application that can request the necessary certificates from the provider and work with them. As part of the development, the necessary cryptographic algorithms were implemented according to European standards.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

This thesis addresses the security analysis of the Duplicati backup tool. The thesis describes the issue of backup and describes the Duplicati tool and its features. The security analysis of the tool examines the backup format of the tool and verifies the safety of working with sensitive data. Based on the analysis, several security vulnerabilities were found. Identified vulnerabilities are evaluated using the CVSS methodology and corrective solutions are proposed. The work warns that some use of the tool can lead to a fundamental weakening of security with fatal consequences. The most critical vulnerability is the eavesdropping of unencrypted web traffic when the tool is used on the network interface. Another critical vulnerability in the tool is the possibility of using a password that is too weak.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Tomáš Luňák

Department of Computer Systems

This thesis deals with technologies of the 2nd through 5th generation of mobile networks with a focus on authentication and security of voice and data transfers. Above all, it focuses on the 4th generation networks and implementation of MILENAGE and XOR authentication algorithms suitable for testing and debugging. It describes the srsRAN project, which can be used to create a virtual mobile network, and extends this project with a tool for user_db.csv file generation, which represents the user database stored in the network core (srsEPC).

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

This thesis is about creating FIDO2 authentication simulator, more specifically the simulation of USB security key. It describes operation of the FIDO2 technology with focus on the protocol and functions of security keys and analyzes possibilities of simulation of USB devices in various operating systems. The implementation part is focused on choosing approach of simulating USB device and selecting functions from the specification for the simulator. It then describes final implementation and explains the process of credential creating an authentication with simulator code and output. This thesis is useful for developers who wants to better understand or implement this technology.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Pavel Benáček, Ph.D.

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Petr Šafář

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš

Department of Software Engineering

This thesis explores the possibilities of using FIDO2 devices as a replacement for master passwords in password managers. It describes the capabilities and current limitations of FIDO2, and discusses implementation approaches: storing encryption keys on FIDO2 authenticators, and using the authenticators to encrypt externally stored keys. The implementation chapter describes the chosen approach of storing encryption key on the authenticator, the encountered challenges with restrictions on access to FIDO2 devices in recent versions of Windows, and the architectural decisions made to overcome those challenges. As a whole, the thesis is a useful reference for anyone attempting to utilize FIDO2 in password managers or similar environments.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

doc. Ing. Jan Janeček, CSc.

Department of Computer Systems

This bachelor thesis deals with the possibilities of secure over-the-air updates for the Arduino platform. First, the important concepts used in this thesis are introduced and existing over-the-air update solutions for Arduino are summarized. Then, a general update model for IoT devices is proposed. In the last section, based on this model, adapted for Arduino, the over-the-air update is implemented.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Michal Šoch, Ph.D.

Department of Computer Systems

This thesis deals with research and deployment of provisioning frameworks for bare metal servers. Goal of this thesis is to chose one of those frameworks, deploy it and with changes use it in production. The choosing criteria are: open-source software for practical and economical reasons, comunity behind framework and support for installed operating system (there has to be at least OS CentOS and Debian). Based on analysis in the first chapter was chosen framework Foreman, that suits criteria the best -- simple and usable graphical web interface, support for multiple separated local area networks and an option to change configuration of installed systems fast. Another chapter shows deployment of Foreman framework. This thesis also includes plugin for Foreman to show graphs from rrd data source (with use of Collectd Graph Panel). Ansible playbooks for simple deployment of Foreman servers are also included.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

The content of the bachelor thesis is a theoretical analysis of the security of data transmission using the ZigBee Touchlink radio protocol and the practical development of an application exploiting discovered vulnerabilities to attack this protocol. The analytical part of the thesis introduces the operation of the radio transmission standard IEEE 802.15.4, then presents the structure of data transmitted using ZigBee, available elements to ensure confidentiality and integrity of the transmission and the functionality of Touchlink. The critical result of the thesis is a Python command-line application that uses the leakage of the Touchlink static encryption key to decrypt communications in ZigBee networks. The application provides interactive and non-interactive modes, easy extensibility using the Scapy library, and implements the radio layer using software-defined radio (SDR) technology. Finally, the results of testing the application on a real network are summarised, showing a possible eavesdropping distance in the low tens of meters. These results make the practical applicability of this application limited.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Ondřej Kmoníček

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

In this thesis, Bluetooth Low Energy communication in Tesla 3 with scope to the keyless access is analyzed, threats are modeled and attacks are designed. In approach to the practical part, the methodology of the penetration testing PTES, adjusted to the nature of the thesis, is used. The result of the thesis is an analysis of the communication between the car and the phone (or the keyfob), threat models with scope to the keyless access, or in combination with other parts of the system.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

The purpose of this work is to explore some of the existing types of attacks performed using SDR and also to create an application that facilitates these attacks using USRP B210 for penetration testing. The application must support the following types of attacks: jamming, replay and reinjection. The theoretical part describes the basic elements of SDR, some types of signal modulation, existing solutions for performing attacks and some types of attacks on devices using wireless communication. The practical part of the work describes the process of software development for attacks and also describes the procedure of software testing on attack scenarios in laboratory and real conditions on devices such as wireless bell UBZ4 and weather station DIVA GO 30.3018, manufactured by TFA.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Viktor Černý

Department of Computer Systems

This bachelor thesis deals with the cybersecurity concerns and vulnerabilities related to the IoT device Over the Air firmware update. The analytical part of the thesis describes the firmware update mechanism, the related cybersecurity technologies and the ESP32 platform and its hardware and software cybersecurity features such as Secure Boot, Anti-rollback, or Flash Encryption. The thesis describes two versions of the ESP32 firmware. A basic firmware version without any cybersecurity measures and a firmware version which includes verification of the firmware integrity, the firmware image encryption and the secure firmware image transfer using the Trans- port Layer Security (TLS). The performed tests confirmed that the listed cybersecurity features are supported by the ESP32 platform. It also confirmed that the TLS 1.2 is fully supported and found that the version 1.3 has only limited support and cannot be used. The evaluation of the security measures discussed in this thesis helps the IoT community to choose the proper solutions for the development of the OTA firmware for IoT devices. The thesis is complemented by the firmware source code implementing the mitigation described in it.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Information Security

The thesis is focused on the vulnerability analysis of a new generation electric car Tesla Model 3. The main goal of the thesis is an introduction to security testing of the car, which should serve as an initial insight into what is happening under the hood. I found that the vehicle is at the initial preview very well protected. The results of this work allow other students to begin their own research, which can easily follow this work.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Information Security

This diploma thesis focuses on the security analysis of remote keyless entry systems. The general overview is followed by a summary of several systems that use the rolling code scheme and their known weaknesses. The KeeLoq system's security is analyzed more in-depth in the following chapters, primarily focusing on implementation weaknesses. This thorough analysis resulted in a description of a new attack that can exploit the system in approximately one hour. This attack, along with other selected attacks, is implemented using the software-defined radio USRP B210 and the KeeLoq system development kit. The conclusion contains the author's security recommendations based on gained knowledge.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Information Security

Smart home device availability has risen in the last few years, and users widely implemented smart home elements into their houses. The popularity of these devices stems from the usage of new technologies and protocols, which make the control of the house more convenient. The smart home is one of the categories of IoT devices, as the smart home ecosystem connects all devices into one network. Nevertheless, the security evaluation in IoT devices remains unknown. Therefore, it is vital to examine the security state of smart home devices, which controls crucial and sensitive aspects of a house. The last popular overview of IoT devices was released in 2018. The thesis aims to evaluate the security of smart home devices and compare the results with existing overviews. A methodology for the quick identification of vulnerabilities in IoT devices was proposed in the form of a minipentest. The selected categories of smart home devices were smart cameras, smart locks, smart hubs, and smart sensors. In total, six devices were analyzed - 2 smart cameras (Tapo C200, Tapo C320WS), one smart hub (Tesla Zigbee Hub), two smart lock appliances (Danalock, Danapad), and one smart smoke (Tesla smart smoke detector). The analysis uncovered vulnerabilities compared with OWASP IoT Top 10 and with simultaneous research proposing a new list of top IoT vulnerabilities.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Department of Software Engineering

Ing. Jiří Dostál, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Information Security

Digital forensics is a critical tool not only in criminal investigations, but the knowledge gained from it is also essential in system recovery schemes. This thesis provides the essential knowledge base for these tasks. A significant focus is laid on partitioning schemes, with some real-world examples of possible misconfigurations. Further, selected file systems (ext4, FAT32, and NTFS) are described with coverage of basic digital forensics scenarios. Several of these scenarios are described in the form of tasks to complete on the enclosed CD (or zip file), with a solution provided. As for the practical part, a disk image generator for these cases was created, allowing easy configurability for the disk image output. It is built in a scaleable manner to allow possible further development.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Pavel Benáček, Ph.D.

Department of Digital Design

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Information Security

This thesis aims to create a Showcase Platform to demonstrate potential vul- nerabilites in modern infotainment systems and their resulting impacts. Anal- ysis of current state of security in automotive industry with emphasis on in- fotainment system has been conducted and requirements for such platfrom have been stated. The platform was then built using extensible hardware and open source software. Two vulnerabilities of types heap corruption and Time-of-Check to Time-of-Use, respectively, were chosen. Subsequently, two intentionally vulnerable applications, Audio Queue and App Installer, were created containing the vulnerabilities. Exploitation has been performed and demonstrated as leading to whole-platform compromise.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

This thesis deals with a CAT-TP communication protocol, which is used in the field of mobile networks. Text consists of a basic information about this protocol and description of the practical part. This implementation part contains plugin for the network analyzer and simulation environment. The plugin allows a detailed analysis of the captured CAT-TP data.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Information Security

This thesis is about security of the Tesla Model 3. Main goal of the thesis was to analyze security of Ethernet based internal network. Analysis follows modified version of the PTES guideline. It includes creation of the threat model that identifies vulnerabilities followed by their in depth analysis. Analysis has showed that car's internal network is protected against external threats, however communication on local network is not secured. All findings are summarized in the conclusion of the thesis.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Tomáš Luňák

Department of Information Security

We introduce in this thesis a ranking list of the ten most common vulnerabilities in Internet of Things devices. The main aim was to provide ranking lists created from public data with a transparent creation methodology because ranking lists with these requirements currently do not exist. For example, the popular project OWASP published the most recent ranking list in 2018, and other existing up-to-date ranking lists do not provide a transparent creation methodology and used data sources. We introduce in this thesis a ranking list of the ten most common vulnerabilities in Internet of Things devices. Furthermore, we propose a similar ranking list only for camera devices. Also, we present the most common vulnerability for different smart device categories. In addition, the scraping tool for vulnerability collection was implemented in the framework Scrapy, and an analysis of three vulnerabilities in the context of the Internet of Things devices was performed. The selected vulnerability categories are Access Control, Overflow, and Password Management.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Information Security

The work deals with surveying and designing a secure OTA update process using an SRAM-based PUF and a typical IoT device deployment. It consists of three parts. The first part examines the structure and the functionalities of a common OTA process. It is concluded with a proposal of a simple variant of the process suitable for resource-constrained devices. The second part studies the possibilities of using a PUF within the cryptographic techniques utilized by the proposed OTA process. And finally, a library for general use of SRAM PUF was designed, integrated and deployed on an ESP32 proof of concept demonstration, where it was used among the simplified OTA proposal.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Information Security

The focus of this thesis is to analyze the state of ESP32 security, which is one of the most commonly used IoT platforms today. It analyzes the current threats to IoT devices, frequently used IoT protocols, available security features, and known vulnerabilities of the ESP32 platform. Part of this thesis is a proof of concept app that shows how Secure Boot, Flash Encryption, OTA updates, and TLS Mutal Authentication using the ATECC608A HSM module can be used to create a secure IoT solution for remote telemetry. Learnings from the analysis and the implementation are then summarized and discussed.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Tomáš Luňák

Department of Information Security

The aim of this thesis is to design and create an environment for demonstration of selected network attacks in laboratory conditions. Based on the research of the most common attacks, some of them are selected for more detailed analysis. The analysis focuses on impacts of those attacks, possible detection techniques and means of defence. Obtained results are used to derive the most suitable structure of the demonstrational environment and to select tools for replication of the attacks. The output of this thesis is an environment implemented using the virtualization tools VirtualBox and Vagrant

Thesis on DSpace