Ing. Jiří Buček, Ph.D.

Ing. Jiří Buček, Ph.D.

Ing. Jiří Kašpar

Department of Digital Design

This bachelor thesis deals with an analysis of RFID NFC chips and its use for borrowing items in scope of development boards within the faculty. The theoretical part deals in evaluating the current state of borrowing and analysing chosen technologies. In the practical part I am occupied with the proposal of a prototype and its implementation. The result of the thesis is a prototype system for borrowing items capable of detecting removal and addition.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Computer Systems

In this bachelor's thesis, several side-channel attack methods on the AES encryption algorithm are examined and compared. The focus of the study is on three basic attack methods: Correlation Power Analysis, Template Attack, and a machine learning method, specifically Random Forest. The aim of the work is to analyze and compare the effectiveness of these methods on the ChipWhisperer Nano platform, using the Python programming language and its libraries. In the practical part, the implementation of experiments for each attack method is carried out. The effectiveness of the methods is evaluated based on selected metrics, such as Partial Guessing Entropy, the number of necessary measurements, and computation time. The number of necessary measurements is evaluated to be 32 for Correlation Power Analysis, 17 for Template Attack, and 17 for the Random Forest method. The results of this work show that the machine learning method is the most effective in Partial Guessing Entropy metrics, but it has the worst results in terms of computation time. The Template Attack has the best results in computation time. This work contributes to a better understanding of the effectiveness of individual side-channel attack methods and can serve as a basis for further research in the field of encryption security.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

RNDr. Igor Čermák, CSc.

Department of Software Engineering

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Theoretical Computer Science

This thesis deals with the implementation of the key exchange based on supersingular elliptic curves isogenies, which belongs to the post-quantum cryptography. With the advent of quantum computers, cryptographic systems that are used today will become broken and will be replaced with the new ones. Post-quantum cryptography offers such candidates. Very widespread programming language C++ was selected for the implementation, along with the PARI - mathematical library. A working application was created that performs key exchange. Its biggest benefit is its simple design, which illustrates the basic principles of the key exchange algorithm and which allows to understand the algorithm easily.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Tomáš Zahradnický, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Jan Bělohoubek, Ph.D.

Department of Computer Systems

The thesis applies Correlation Power Analysis (CPA) attack against AES implementation running on a dedicated microcontroller and explores how the success depends on the operating voltage of the microcontroller. Part of the work deals with instrumentation required to execute the CPA attack on the target device. Data acquisition framework QCoDeS was extended to support the Aim-TTi QL355TP power supply. The CPA attack was applied on an Atmega microcontroller and proved to be successful although no direct correlation between operating voltage and attack success was found. Future work exploring the attack success against other types of crypto hardware was proposed.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Computer Systems

This thesis focuses on key generation using a hardware security primitive known as physical unclonable function. Proof of concept application is created to test the functionality of physical unclonable function - inside cryptographic protocol known as Transport Layer Security - on ESP32 platform. The theory behind physical unclonable functions in the context of key generation is examined to define essential properties. An enrollment protocol for the keys generated on ESP32 is proposed to enable the use of generated keys in Transport Layer Security. Available Transport Layer Security libraries are investigated to select the most suitable choice for the proof of concept application. Both a mock-up (simulating ideal properties) and a real physical unclonable function are used inside the proof of concept application to test the functionality on the ESP32 platform. Our application proves that physical unclonable functions can be successfully used to generate keys for Transport Layer Security on ESP32. Mock implementation is working almost perfectly. However, the real physical unclonable function poses some significant implementation challenges that decrease the usability of these solutions.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Josef Kokeš

Department of Computer Systems

Bachelor thesis theoretically analyzes two methods of side channel attack, namely differential power analysis (DPA) and electromagnetic analysis (EMA). It also deals with the application of DPA to a ChaCha stream cipher implemented on a single-chip computer, specifically implemented on an AVR chip on a chip card. In the practical part, the attack on the highly simplified and reduced version of the ChaCha cipher is initially executed with only one round and the attack is then applied to the entire ChaCha cipher.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek

Department of Software Engineering

In the thesis, I focused on the examination and implementation of the solution for relay attack on contactless transactions using the NFC technology and public network with Android mobile devices. I successfully implemented the solution using the NFC enabled Android devices and services and interfaces provided by Android without other specific services. During the testing part, I accomplished 100% of successful attack runs. The measured delay caused by the data relay was not significant and did not affect the transaction. Based on this result, I can deduce, that this solution, despite its simplicity, is efficient and can be used and studied by any user interested in the topic of contactless payment attacks. Attachments are provided at the end of this thesis. CD attachment contain screenshots from the mobile devices and testing logs and scripts.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This thesis is focused on replication of timing attack on RSA cryptosystem introduced by Paul Kocher, which is done by measuring time of square and multiply algorithm with Montgomery multiplication. The attack is based on measuring execution time of decryption function on messages with different properties. The thesis describe main principles and vulnerabilities of RSA cryptosystem. Implementation should be used for education purposes, mainly in security courses.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Theoretical Computer Science

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Computer Systems

This thesis analyzes the possibility of implementing a static random access memory (SRAM) physical unclonable function (PUF) on the ESP32 microcontroller. First, literature research on the topic of PUFs is provided with focus on SRAM PUFs. A discussion on which properties the SRAM PUFs possess is presented. Two power-control methods of SRAM memory on the ESP32 are proposed. An analysis of behavior of startup SRAM bit values depending on operating temperature and power-off time is conducted for both methods. Their suitability for the PUF implementation is discussed based on the experimental results. Then, an implementation of SRAM PUF with stable response reconstruction is presented. Two different bit preselection methods are tested and a simple repetition error correction code (ECC) is used to stabilize the responses. The presented PUF design combines the two power-control methods to achieve faster and more reliable response extraction. Reliability testing revealed that it is possible to reach 100 % success rate of response reconstruction across the temperature range of -40 to +70 °C. The responses can be used as cryptographic keys to secure the ESP32 platform. Finally, the proposed PUF design is implemented in an easy-to-use ESP32 library.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

The thesis analyzes the security of modern hardware crypto wallets. Different threat models and threats for users are assessed with some of the current hardware wallets reviewed. Potential users are educated how to choose the right hardware wallet and warned about misleading advertising of some vendors. The original hardware wallet, Trezor One, is thoroughly analyzed from both hardware and software perspective and the security claims of the vendor are verified. A particular emphasis is placed on side-channel attacks and experiments with Trezor One.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This work demonstrates a timing side-channel attack on the AES-128 cipher using modern hardware. It provides software which leverages such attack to test a provided AES-128 implementation for vulnerability. The software is provided in a form suitable for use as an InfoSec laboratory assignment. Finally, it demonstrates that the latest OpenSSL release is under certain conditions still vulnerable to the attack.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This bachelor thesis deals with problems of contactless smart cards and their emulation. In the implemantation part I designed and created printed circuit board with microcontroller, that I use to emulate contactless smart cards. Then I programmed mobile application for operating system Android, application allows us to change emulated UID or to load UID from already existing contactless smart card and change it to that one.

Ing. Jiří Buček, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Jiří Kašpar

Department of Theoretical Computer Science

This bachelor thesis utilizes an information metric known as guessing entropy in order to analyze the information content present in a side channel. The side-channel attack chosen in this thesis is the differential (or more specifically, correlation) power analysis. Utilizing the correlation power analysis attack on a device lacking protection against it, it is discovered how much information content is present in the power measurements. During this process, guessing entropy shows itself as a highly viable security metric when it comes to deciding how well a device is protected against side-channel attacks.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Department of Computer Systems

The bachelor thesis focuses on survey of solutions to implement a trusted platform. A more detailed description is devoted to the standards of Trusted Computing Group (TCG) and GlobalPlatform organizations. It concerns a Trusted Platform Module (TPM) security chip and an integrated secure processor zone called Trusted Execution Environment (TEE). Part of the bachelor thesis is also a practical demonstration of using a TPM chip on a regular PC computer under the Linux operating system. Practical part is devoted to encryption of external media (USB disk) and storing the key in the TPM.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Tomáš Vondra, Ph.D.

Department of Computer Systems

The main goal of the thesis is to set up a cluster managed by Kubernetes for password recovery. The next step is to describe used technologies like Docker, Ansible, and Hashcat. The thesis contains a description of how the passwords are stored and the most known attacks to crack them. Successful deployment and password cracking lead to analyzing the speed of the cluster and the particular cracking method.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Tomáš Zahradnický, Ph.D.

Department of Computer Systems

This thesis is dedicated to the industrial USB standard and its security with focus on structures describing the device. It also describes some risks related to connecting an unknown device and analyses possible USB sniffing. Finally an demonstration of already known vulnerability of USB drivers is included with added validation of fix in up-to-date operating systems.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Štěpánek

Department of Software Engineering

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This thesis describes rebuilding a 3D printer into a device that automatically captures electromagnetic side channel of a microprocessor (smart card). The aim is to measure the signal emitted by a smart card using a digital oscilloscope and to plot a 3D graph displaying the amount of signal radiated by each part of the smart card. The theoretical part of this paper deals with electromagnetic side channel and methods of analysis of measured data, particularly with differential electromagnetic analysis. The practical part of the paper follows with building a positioning device for automated measurements, then with a program that handles communication between a computer, the oscilloscope, the positioning device and the smart card. Finally, the program analyses the measured data. The resulting device offers a cheap alternative to already existing expensive devices measuring electromagnetic emissions.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

This thesis summarizes the principles of ISO/IEC 14443 type A communication. Next, it researches existing devices for eavesdropping and analysis of RFID communication, analyzes the capabilities of the Proxmark3 hardware device and extends its functionality in the area of eavesdropping RFID communication according to the ISO/IEC 14443A standard. The extension allows for real time eavesdropping of the communication along with a mobile application for the Android operating system that enables the user to view the eavesdropped data and its basic analysis.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Josef Kokeš

Department of Theoretical Computer Science

The purpose of this bachelor thesis was to analyze the current state of RSA-based digital certificate usage across the Czech Internet spectra and to conduct a study on digital certificate parameter quality using selected well-known RSA attacks. The thesis also includes a brief introduction to the theory behind the RSA cipher, descriptions of the various attacks used and a short interpretation of gathered data.

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek

Department of Computer Systems

This thesis deals with the implementation of a true random number generator on FPGA development board building on pair of ring oscillators and explores the influence of temperature and power supply changes on generated output, evaluated by NIST-inspired tests. The results show that environmental changes does not impact the ouput in any significant way.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Digital Design

Through power consumption of a device a lot of information about it internal structure and data it processes can be leaked. Simple and Differential power analysis are well described techniques for such side channel attacks. This work gives brief introduction to the idea of power side channel analysis and methods it uses. The main objective of this Bachelor's thesis is power side channel analysis of a microcontroller's instruction set specifically ATMega163 which is embedded in a smartcard. Important aspects of microcontroller's operation and it's instructions are discussed: instruction execution cycle, address in a Program Memory, operand values and data flow. Also how instruction type affects power consumption, in other words, what does microcontroller internally do to process data or manage program flow.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This thesis describes secure communication with Smart Card based on GlobalPlatform specification v2.2. It also describes other standards related Smart Cards, general principles of the Java Card technology and NetBeans Platform. As a part of this thesis the Java Card Manager Suite was updated to support SCP02.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek

Department of Computer Systems

In this bachelor's thesis, we documented the design and the implementation of security devices that use a physically unclonable function to secure wireless communication. The implementation is in C ++ language and VHDL language on Wemos D1 mini device with ESP8266 WiFi chip and on FPGA Digilent Basys 2. Wemos D1 mini communicates with FPGA via serial line and thus obtains data to prove its identity. The device was tested on a local vii WiFi network, and the success of such secure communication reached 96.7% due to the instability of a physically unclonable function.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. David Pokorný

Department of Information Security

In this master's thesis, we aimed at the currently alternative candidate for the NIST post-quantum standardization process. Supersingular Ksogeny Key Encapsulation (SIKE) is the only isogeny-based cryptosystem in the standardization process. The main focus was on the side-channel analysis (SCA) of SIKE and experimentally testing the possible attack vectors, using CPA, in the officially submitted reference implementation. For that, we used ChipWhisperer-Lite, which features an STM32F303. Apart from that, we also focused on the possible countermeasures against SCA. Although the attack was unsuccessful, we have gathered a lot of interesting information regarding SCA against SIKE.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Štěpánek

Department of Digital Design

This diploma thesis describes implementation of contactless chip card emulator compliant with ISO/IEC 14443. It differs in way of emulation when almost everything is done in hardware - FPGA - using VHDL language.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Dr.-Ing. Martin Novotný

Department of Digital Design

The thesis is focused on possible attacks using differential power analysis on a masked AES-128 implementation onto an AVR microcontroller. The implementation is divided into three parts. The first part comprises of an unmasked version of AES-128. The second part uses a constant value of mask used throughout the code. The third part generates a random mask which is then applied to the 10 rounds. Finally, first order DPA and second order DPA are used to try and break the cipher and find the key.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Information Security

Despite the increasingly complex physical protection of critical cryptographic devices, differential attacks based both on power side-channel analysis and electromagnetic side-channel analysis can be attractive for their simplicity of implementation -- when the device is susceptible to them. This thesis tries to summarize the basic principles needed to understand the correlation differential electromagnetic analysis on the side channel, to implement and describe the attack on real equipment -- targeting smart card and measuring using spectrum analyzer. We compare the effectiveness of the attack according to various parameters set during the measurement of electromagnetic emissions was carried out. And finally, based on the results, we propose a conceptual procedure for practical lesson which will help students to become more familiar with the issue of similar attacks.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Tomáš Vaňát, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Petr Budiš, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Jiří Kašpar

Department of Computer Systems

Cryptography is used to prevent people accessing data they are not authorized to access. However in some case the algorithm used for encrypting data are performed on an untrusted device for example in the case of access to copyrighted content on a personal computer (music, films...). In this case the traditional cryptographic model is not enough to assure the security of the data and the study of protection under this context is called white-box cryptography. This thesis presents different designs found in the llitterature as well as attacks to break those implementation. The recently proposed design by Luo et al. to protect AES (Advance Encryption Standard) has been implemented in C and studied in regards to the types of attacks introduced by Bos et al.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Tomáš Vaňát, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Information Security

This Master's thesis deals with the selected algorithms of multivariate cryptography, especially Unbalanced Oil & Vinegar and Rainbow. The aim of this work is the implementation of the algorithms in Wolfram Mathematica, the investigation of existing solutions and their implementation on the ESP32 microcontroller. The algorithms are tested and measured against the RSA and ECDSA algorithms.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Josef Kokeš, Ph.D.

Department of Computer Systems

Ing. Jiří Buček, Ph.D.

Ing. Jaroslav Súkup

Department of Information Security

The main aim of this diploma thesis is to design and implement an on-line key management system for the ETCS train control system. The thesis starts with the analysis, which contains a description of ETCS and the key management options for this train control system. The analysis also contains specification of requirements for the solution with regard to ERTMS/ETCS SUBSET-137 and this chapter also contains a description of suitable technologies for implementation. The next chapters deal with the design of the application and description of the implementation. The final system is composed of a few components, namely the key management centre, the component for storing keys on the end entity and the certification authority. The TLS protocol is used for the transmission of key management related messages. The Certificate Management Protocol is used to communicate with a certification authority. The last part of the thesis deals with testing the functionality of the implemented system.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This work explores possible software countermeasures against differential power analysis for AES-128 algorithm implemented on an AVR micro-controller. The implementation of several countermeasures is compared with unprotected version in both security and efficiency.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Josef Hlaváč, Ph.D.

Department of Digital Design

Ing. Jiří Buček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

This thesis deals with analysis of architecture used for solving linear equations in modular arithmetic. Works also deals with design and simulation one such architecture. Based on design of this architecure is created software simulation. This simulation is evaluated. This evalution is based on design assumptions. Standalone application is created to show the steps of this simulation. This visualization helps to understand behaviour of the designed architecture.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Josef Kokeš

Department of Digital Design

This thesis provides an overview of the security of flash drives with hardware encryption support and a security analysis of Kingston DataTraveler Vault Privacy.

Thesis on DSpace