Ing. Josef Kokeš, Ph.D.

Theses

Bachelor theses

Secret Sharing Algorithms

Author
Hana Svobodová
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis deals with secret sharing algorithms. The survey part is focused on the introduction of chosen secret sharing algorithms, their mathematical background and analysis of factors affecting their security. Shamir's and Asmuth-Bloom's algorithms are implemented in the second part. Then, their results are compared. The next part presents the implemented application which can encrypt given file with a symmetric cipher and share the used key using the implemented secret sharing algorithms. It is also possible to decrypt the file using shares of the secret and the encrypted file. The application is written in C and uses OpenSSL library.

Distributed Denial-of-Service: Vulnerabilities and Attacks

Author
Kamil Kopp
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jan Fesl, Ph.D.
Summary
In this work, it is dealed with cyberattacks called Distributed Denial-of-Service. An~overview of these attacks is created and their examples, for each one are described possible attack scenarios, their impacts and methods of mitigation. From overview, it is chosen attack using Memcached. Using Virtualbox, attack schema is created using virtual machines, and its realization afterwards. Scripts are created on the side of attacker to perform the attack. Using these scripts, the attack is realized and network monitoring programs are used to measure its strength under various conditions. Measured data are presented in tables and the results are discussed afterwards. Finally, options to mitigate the effects of the attack are recommended and implemented for both victim and Memcached, which is also a victim.

Analysis of the CTU Teaching Survey's Anonymity

Author
Eliška Helikarová
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Valenta, Ph.D.
Summary
The bachelor's thesis deals with an anonymity analysis of the Anketa CTU application, an online survey system used by the Czech Technical University for an anonymous course and instructor evaluation. The application falls into the category of anonymous survey systems, meaning the data contained in the survey questionnaires submitted by students should not be linked to the student's identity. The thesis examines this property, its implementation within the application, and discusses possible threats and pitfalls that could potentially compromise the users' privacy. The chosen approach for the anonymity analysis involves a threat analysis using the LINDDUN privacy threat modeling framework. The threat modeling process consists of studying and describing the application using both the publicly available information as well as the source code files and other parts of the system which are not accessible to the general public. After the information gathering phase, the next step is to create data flow diagrams of the system which depict individual system components and data flows. The individual parts of the system, as well as the system as a whole, are then examined for privacy threats that fit into any of the LINDDUN threat categories. The listed threats are then evaluated by their impact on the students' anonymity. The thesis describes the application's inner workings as well as a JWT misconfiguration and other vulnerabilities discovered within the system. Finally, the thesis proposes suitable mitigation strategies and anonymity-enhancing solutions.

The Stack Clash Attack

Author
Petr Heřmánek
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Summary
Stack Clash is a software memory vulnerability recently exposed on a variety of operating systems. Current default Stack Clash protections are not satisfactory and pose a serious threat, such as arbitrary code execution, information disclosure and privilege escalation. In this thesis we demonstrate the Stack Clash attack as well as explain the necessary process memory background along with possible exploitation techniques and protections. Stack Clash principles are then explained and demonstrated on a proof of concept. We then discuss the operating system features which make the attack possible and propose mitigation techniques.

Analysis of the Ripple20 Attacks

Author
Jan Dvořák
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
In this study, we explore the security of the Internet of Things (IoT). Specifically, we focus on Ripple20, a family of 19 vulnerabilities discovered in 2020 in the TCP/IP stack by Treck, Inc. We try to reproduce at least one of the attacks on the Ripple20 vulnerabilities. First, we present an overview of the Internet of Things, the related cybersecurity issues and a brief history of exploiting the IoT devices. We select the device for our experiments and two specific vulnerabilities to be researched. The determination whether or not the tested vulnerabilities are present in our device can be seen as another objective of this study. We follow by performing the attacks. In one case, the device apparently demonstrated incorrect behaviour (a denial of service). Even though this response differs from the published studies (information leak from the heap), we can find indirect evidence that the vulnerability is present in the tested system. In the second case, our device successfully resisted the attacks. We conclude that the second researched vulnerability is not present in the device's implementation of the TCP/IP stack. We succeeded in detecting one of the vulnerabilities in our IoT device and in performing the respective attack. On the contrary, the presence of the second vulnerability can be ruled out. After concluding that the tested IoT device is vulnerable, we suggest the most important risk mitigation strategies.

Security Incidents in SSL/TLS Implementations

Author
Jan Král
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
This bachelor's thesis is focused on the SSL/TLS protocol and some related network attacks and security weaknesses from recent years. Its purpose is to describe and analyze these attacks, their capabilities and possible limitations. The thesis is specifically focused on Heartbleed, DROWN, FREAK, Triple handshake and SWEET32 attacks. The practical part of this thesis demonstrates two different types of the Heartbleed attack. The results help readers to understand the feasibility and danger of given attacks.

Security Analysis of the Mozilla Firefox's Password Storage

Author
Vladimir Dmitriev
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Summary
This work is focused on getting acquainted with the methods by which web browsers secure data stored in the password managers. One of the goals is to compare "Best practices" for this problem with solutions which are used. The second half of the work is more focused on Mozilla Firefox and its implementation of password processing and storage. Based on the obtained information a tool for import and export of passwords for Firefox profiles is created.

Buffer overflow on the heap

Author
Michal Bambuch
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This bachelor's thesis addresses heap buffer overflow and known exploits of the glibc library's heap. The aim of the thesis is to create a virtual environment and implement selected exploits. The set environment is Ubuntu 18.04 LTS virtualised in VirtualBox. The following 4 exploits have been selected for demonstration: the unlink macro, the House of Force and the House of Spirit from the Malloc Maleficarum and finally the House of Einherjar. The last one is reproducible in a two-year-old glibc 2.25. The two Malloc Maleficarum's exploits are reproducible in glibc 2.27 installed directly on the virtual environment.

Authenticating Users by Their Irises

Author
Pavla Louthánová
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
The work deals with the recognition of users using their irises. The research part of the thesis acquaintances the reader with biometric methods and systems for user authentication. Subsequently, the work focuses on the recognition of the iris. In the practical part of the work, taking into account the minimization of the price and the use of commonly available components, a system for scanning the iris and to create its own database of images is designed. Furthermore, the individual phases of recognition, data storage and demonstration program are implemented. Finally, the time required, reliability and security of implementation are discussed.

Security analysis of SOHO routers

Author
Jakub Kaloč
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Summary
The aim of this thesis is to inform the reader about the issues of router security testing and some common router vulnerabilities, including overcoming the barrier between the local area network and the internet. The paper applies the acquired theoretical information to perform security testing on some SOHO routers commonly distributed by internet providers. The theoretical part of this paper describes the technical standards which are relevant for the security of network devices. The following part of the thesis defines the fundamentals of security testing and various classifications of security test. The particular methodology of router security testing and its whole procedure are both defined and described in the thesis based on the presented background information. The practical part of this paper demonstrates the use of the methodology of router security testing and is used to perform security tests of some of the chosen vulnerabilities. The results are described in the final part of this paper.

Custom OpenSSL provider based on CNG

Author
Ladislav Marko
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Summary
This thesis takes a closer look at OpenSSL providers and how to implement them. The thesis goes through the process of implementing a provider that offloads certificate operations to other algorithm implementations then OpenSSL ones. The selected implementation of algorithms is the Windows Cryptography API: Next Generation. The final provider allows for TLS 1.3 connection using client certificate loaded from the system certificate store of operating system Windows.

Evaluation of Percy++, A Private Information Retrieval Library

Author
Arnold Stanovský
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Summary
In this thesis, I explore the Private Information Retrieval (PIR) problem. I describe situations in which this problem arises and the incentives for its solution. I then present several methods for retrieving online resources privately (i.e. while concealing which resource is being accessed) and discuss real world use-cases for these methods. To verify my claims about the feasibility of such use cases, I also present the design of several benchmarks to measure the performance impact of choosing specific methods, using queries over an SQL database as an example of a resource to retrieve. Finally, I describe my implementation of these benchmarks using the Percy++ library and discuss their results.

CryptoAPI Next Generation Support in OpenSSL

Author
Jan Pešek
Year
2020
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
The main object of this bachelor thesis is to create an OpenSSL engine supporting Microsoft Cryptography API: Next Generation. The thesis contains an analysis of the OpenSSL architecture, focusing on the current LTS version 1.1.1. As Engine API is an important component for engine development, one section is dedicated to properly describing the interface. Thesis also provides a description of Microsoft CryptoAPI and Cryptography API: Next Generation supplied with Windows OS. Working and tested OpenSSL engine supporting Microsoft Cryptography API in OpenSSL is delivered.

Analysis of the Meltdown attack

Author
Tomáš Zvara
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Michal Štepanovský, Ph.D.
Summary
The primary goal of this bachelor's thesis is to describe and execute a Meltdown attack on Linux and Windows operating systems. The theoretical part starts with a background information on modern processor architecture and the cache memory. Then it continues with the description of the virtual address space and a comparison of memory management of both operating systems. The practical part contains an implementation of the Meltdown attack in Linux and Windows. Both implementations prove that speculative execution leaks sensitive information through the microarchitectural side channel. Afterwards, an analysis of Meltdown attack countermeasures is provided.

Security analysis of Bitwarden

Author
Jakub Štrom
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Simona Fornůsek, Ph.D.
Summary
Password managers are software tools that can generate and store passwords. This thesis focuses on password manager Bitwarden and analyses the security of its implementation. As a part of this thesis, Bitwarden is described and its user data handling and the security of the associated processes are examined. Found vulnerabilities are listed and their impact on users is discussed. The main findings were a possibility of cracking the user's key using brute force from local data when a PIN lock is used and a possibility of stealing the key when logging in using SSO.

Improvements to the Off-The-Record Protocol

Author
Ali Mammadov
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
MSc. Juan Pablo Maldonado Lopez, Ph.D.
Summary
OTR is a cryptographic protocol that provides encryption for instant messaging conversations. The latest version of OTR uses a combination of AES symmetric-key algorithm with 128-bit key length, Diffie-Hellman key exchange with 1536-bit group size, and SHA-1 hash function. The goal of this work is to introduce changes to this protocol to make it better secured against growing computational power of potential adversaries. The changes proposed by this work allow flexible selection of the set of cryptoalgorithms and their parameters. As a result, there is a way to choose desired security level and the overall task of managing security of OTR is simplified.

Security Analysis of Blocks Lockers

Author
Eliška Krátká
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This thesis covers a security analysis of the Blocks smart lockers with a focus on the admin console. A summary of competitors is added. A description of the implementation is provided. Threats are modelled using the STRIDE methodology, and the CVSS metric calculates the risk. Testing exploitation confirms identified vulnerabilities, and their mitigation is formulated.

Security analysis of Cryptomator

Author
Anton Titkov
Year
2020
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This thesis deals with the issue of storage encryption and data safety. It provides a brief overview of technologies and software for storage encryption currently available to users. The work provides a security analysis of Cryptomator, an open-source application for encrypting files in cloud storage. Potential risk areas are further explored and evaluated. Some of the possible attacks are shown.

Analysis and Demonstration of the ProxyLogon Vulnerability

Author
Gabriel Hévr
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Summary
In early 2021, a serious vulnerability was discovered in Microsoft Exchange that was widely exploited and combined with other vulnerabilities to allow attackers to take complete control of the server. The described vulnerability is called Proxylogon and the Thesis focuses on the analysis of this vulnerability and attacks related to it, which led to massive data leakage not only from governmental and military institutions. Subsequently, a demonstration of one of the attacks is performed. For the purpose of the demonstration and analysis of the vulnerability, a virtual environment has been prepared which can be further used for educational purposes. Finally, prevention options from the server provider's perspective are discussed.

Security Analysis of the Solitaire Cipher

Author
Vojtěch David
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Mgr. Martin Jureček
Summary
In my work I deal with the principles of the Solitaire pen-and-paper cipher by a cryptologist Bruce Schneier. The text describes in details its principles with a description of safe usage. Next, I examine the cipher vulnerabilities as bias in the stream key, reusing the same key and nonrandomness of the jokers possition in the deck. I also show the difference between using a password and using a key. I find out, that password must be at least 80 charaters long. Then I show which of these variants is better to use in practice. To do so, I use the Solitaire implementation written in C++, capable of encryption and decryption using either the key or the password.

Security Vulnerabilities in the Lightning Network

Author
Jan Kalivoda
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Josef Gattermayer, Ph.D.
Summary
The scope of this work is to analyze the Lightning Network protocol, which is used to make bitcoin payments outside of blockchain (off-chain) in a fast and inexpensive way. It is one of the possible solutions for the so-called scalability problem of Bitcoin. However, this solution, is built on trade-offs, especially in security. In the case of making payments outside blockchain, we are losing many benefits, such as a solid solution for the double-spending problem. Security aspects of this protocol are the main objective of this work. Among other things, the thesis presents possible vulnerabilities, their exploitation, and in some cases also practical demonstration. Finally, remediation steps for mentioned vulnerabilities are discussed, or at least recommendations for users on how to minimize the risk of being hacked. The purpose of this work is to spread awareness of the Lightning Network, especially its security aspects, to help users who use the network minimize the risk of losing their funds.

Analysis of the Contents of Web Browsers' Profiles

Author
Stanislav Lepič
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Summary
This thesis deals with the transfer of user data between browsers, both within one and several different devices. The work analyzes how user data is stored and encrypted, focusing on Google Chrome and Mozilla Firefox browsers. Based on this analysis, a transfer file in JSON format is then designed, which uses the created program to demonstrate the functionality between the two selected browsers. The program is created in C/C ++ and allows conversion within one device, offline conversion between devices or just extracting data from the browser. When designing the program, emphasis was placed on easy operation and extensibility with other browsers or data types.

A security analysis of KeePassXC

Author
Michal Kavan
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Ivo Petr, Ph.D.
Summary
The main focus of this thesis is password management and secure password storage. It provides an overview of current password management solutions. The goal of this thesis is to perform a security assessment of KeePassXC password manager. Security assessment starts with a review of graphical interface and suspicious items are further analysed in the source code. The analysis confirmed one suspicious place where program is not compliant with current security standards. Severity of this vulnerability has been evaluated and possible fixes have been suggested.

Analysis of the Rescue File of BestCrypt Volume Encryption

Author
Jan Vojtěšek
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis focuses on reverse engineering and security analysis of a disk encryption application called BestCrypt Volume Encryption. It provides a detailed description of a previously undocumented binary file format used for rescue procedures. Several vulnerabilities and bugs were found during the performed security analysis. Each of those vulnerabilities is discussed in detail and an example of how this vulnerability might affect the security of regular users is given. The author also cooperated with the developers of BestCrypt Volume Encryption in order to fix or at least mitigate those vulnerabilities. A tool that makes it possible to mount encrypted volumes on some Unix-like systems is also presented.

Security Analysis of the Linux Clipboard

Author
Benjamín Peraus
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Šoch, Ph.D.
Summary
This bachelor thesis deals with the security aspects of the clipboard used in operating systems to copy and paste content from a source application to a target application. The thesis provides a detailed research of the current clipboard security situation. Particular attention is paid to the use of clipboard to transfer passwords from the password manager to the target program. The security aspects of clipboard implementations as they relate to Linux-type operating systems are analyzed in detail. The severity of the threats found is rated using the CVSS methodology. For these implementations, a solution is proposed to make the clipboard more secure. In this work, a secure copying tool that transfers P2P data using clipboard has been developed. The tool is implemented in C/C++ for the Wayland protocol and the Weston compositor (however, the tool is also functional on the KWin compositor and should be functional on all conventional compositors). This tool is a proof-of-concept of this solution and the thesis explains how it can be incorporated into the password manager. The strengths and weaknesses of this solution/implementation are discussed in this thesis, as well as deployment options.

Cross-site Vulnerabilities in Web Browsers

Author
Karolína Lhotská
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Tomáš Kiezler
Summary
This bachelor thesis is analysing Cross-Site vulnerabilities in browsers. It describes and explains the principle of vulnerabilities Cross-Site Scripting and its subtypes Self-Cross-Site Scripting and Mutated Cross-Site Scripting, then Cross-Site Request Forgery, Cross-Site Script Inclusion, Cross-Site History Manipulation, Cross-Site Malicious CAPTCHA and Cross-Domain Referer Leakage. Based on this knowledge practical examples were created in a form of websites written in~HTML, PHP and JavaScript. These examples were tested on current versions of Google Chrome, Opera, Mozilla Firefox and Microsoft Edge browsers. It was discovered that the protection in the form of automatically set SameSite attribute on Cookie to Lax is implemented and enabled in Google Chrome, Opera and Microsoft Edge browsers and because of this many of analysed vulnerabilities are not working anymore in these versions. There is this functionality also in Mozilla Firefox browser, however it is not enabled by default. In addition there is functionality Referrer-Policy in Mozilla Firefox browser which can be changed that protects against vulnerability Cross-Domain Referer Leakage. There is this functionality automatically enabled in other browsers by default and cannot be changed there. The thesis can be useful for a regular user of Internet who can decide which web browser is the best for him based on this thesis, or for web developers so that they know what protections there are now and how to use them, and eventually also for web application pentesters, because its conclusion is that Mozilla Firefox browser is currently the best option for penetration testing. Each vulnerability has recommendations of protections not only for users of web browsers, but also for web developers. These protections can be tested in the implemented example. In the end there is a manual how to set the Mozilla Firefox browser so that this browser provides same protections as other analysed browsers.

The Security of Web Applications and Its Penetration Testing

Author
Aleš Répáš
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This bachelor thesis deals with the extension of the OWASP ZAP tool with the Cross Site Request Forgery vulnerability detection capability. In the solu- tion, the web request header manipulation method was used. The developed solution provides an automatic search for vulnerabilities in a web application. The main result is a more accurate penetration testing with the ZAP tool.

Analysis of the KRACK attacks

Author
Tomáš Pšenička
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Summary
Main focus of my bachelor thesis is design of environment for testing KRACK attacks, their realization, analysis and evaluation of programming errors, which made these attacks possible. To solve the problem, I created an environment consisting of Raspberry Pi 3 as a client device, a Tp-Link router as an access point, and a laptop with adapters for wireless communication with a monitor- ing interface to simulate an attacker. The software itself used for the attack is a script written in Python. The specific focus of my thesis is the establish- ment of a shared encryption key during communication inicialization and how it can be altered. I describe the successful weakening of encryption by the attacker and the way to obtain the content of encrypted messages. By under- standing the way this attacks work, I describe ways to reduce their impact. In this thesis I also mention errors in implementation and design of wireless communication standard together with the way of their correction. In the appendix, I attach the source codes of used scripts and the data captured on the proposed environment during testing.

SSL/TLS Filtering Support for Privoxy

Author
Václav Švec
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
The thesis deals with the topic of proxy servers in relation to HTTP and HTTPS protocols and describes the ways of filtering HTTPS communication. Different ways of HTTPS filtering are presented, as well as the features of these filters and the proxy server procedures for controlling of HTTP/HTTPS connections. The second part of this thesis implements a SSL extension for Privoxy. This extension allows filtering HTTPS communication using variety of filtering features of the original program. Achieved results are evaluated and other possible improvements are suggested.

Library for Off-line Access to TrueCrypt Containers

Author
Petr Mück
Year
2015
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
This thesis describes the design and implementation of library for off-line browsing and extraction of TrueCrypt containers. The thesis describes TrueCrypt and its functions, FAT, NTFS and ext filesystems and some of the libraries supporting them and realization of the library, its structure and possible expansion. The result is a C library compatible with Linux OSes, designed to be easily expanded.

Security Analysis of D-Link DIR-842 Router

Author
Gabriel Seidl
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Tomáš Vondra, Ph.D.
Summary
The goal of the thesis was to study router D-Link DIR-842 and further to perform a security analysis focusing on the following targets: default security settings, password policy and services published to the internal and/or external network. The first step of the analysis was to examine the default setting of the router after factory reset do a port scan with nmap which is used to discover open ports and interfaces running on them. The scan was done on LAN, WAN, from both the internal and the external network, and on WiFi. The analysis showed a problem when handling the admin password and the UPnP service. UPnP service is enabled by default and allows the attacker to discover internal services. I found out that the device can be vulnerable especially with the default settings. It is highly likely that many users will run it with these default settings and that means a lot of potentially vulnerable devices. To demonstrate the vulnerability I made a Python program. A recommendation for users how to setup their router to be more secure is also provided.

Security analysis of the Linux Unified Key Setup (LUKS)

Author
Jaroslav Kříž
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Simona Buchovecká
Summary
The topic of this work is the security analysis of the Linux Unified Disk Encryption (LUKS), its advantages, disadvantages, and comparison with other tools across the platforms. The thesis also contains an introduction to the hard drive encryption and cryptographic primitives used in the tool. The result of this work is verification of the functionality of the investigated tool by its independent reimplementation in C language and also brute force attack on the password in LUKS container where its efficiency is measured.

Digital Signature Verification in PDF

Author
Tomáš Stefan
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Summary
The subject of the presented thesis is the area of digital signatures with special attention to their use in PDF files. A short introduction containing basic principles and a summary of essential features are provided, as well as the basics of the PDF file structure. Different types of digital signatures in PDF files are described in more detail. A way to verify the validity of the basic PDF digital signature in Linux is demonstrated with a library written in C and a simple command line application.

The use of cryptography in 7-zip

Author
Josef Hušek
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This thesis focuses on the use of cryptography in the open source file archiver 7-zip. We first discuss a bit about how 7-zip is structured and how it is compiled. We then take a look at the included AES implementation and compare its outputs with outputs from the OpenSSL library. After that we mostly focus on the key-dervation-function which transforms user-supplied passwords into AES keys. We find that the key-dervation-function is customizable before compilation, however the decoding part of 7-zip supports even very weak variations. This means a purposefully weak 7-zip build would still produce valid archives - only they would be much easier to crack. After that we demonstrate how password guessing attacks take place with the help of another open source application called hashcat. Finally we list a few interesting curiosities and properties we noticed along the way, which may or may not prove problematic from a security perspective. We conclude the thesis by a summary and suggestions for future exploration.

Wikipedia: Defense Against Vandalism

Author
Martin Urbanec
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Šoch, Ph.D.
Summary
The thesis focuses on improving countervandalism workflows on Wikipedia. As of writing, countervandalism relies a lot on manual efforts by regular users, administrators and other stakeholders. Relying solely on human labor is not sustainable in the long term. To fix this, the thesis researches new countervandalism techniques Wikipedia could implement. To ensure the researched techniques can be deployed to all 300+ language editions of Wikipedia, all researched techniques need to depend solely on revision metadata. Four different countervandalism techniques were suggested: (a) requiring wikipedians to identify themselves, (b) disallowing logged-out contributors, (c) disallowing users with their IP address in an external blacklist from contributing, (d) prohibiting edits by users with several prior edits reverted. All four techniques were submitted to the first round of review where their compatibility with Wikipedias philosophy was verified. All except the first one passed the first round of review. The second round of review was focused on viability of the three remaining solutions based on a randomly generated sample of 100 edits, manually classified by Wikipedias administrators. While disallowing logged-out contributors indeed managed to prevent most of the vandalism, it also prevented a lot of otherwise constructive edits. On the other hand, disallowing edits by users with a lot of reverted edits proved to have potential (with thresholds to-be-clarified in a subsequent research). IP blacklists showed no results -- in the generated sample of 100 edits, there were no IP addresses present on the blacklist.

Protecting the User's Anonymity on the Internet

Author
Jakub Dvořák
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
In this thesis I deal with protection of user anonymity on the Internet. In theoretical section I explain important concepts for understanding principles of attacks and defense mechanisms. I reveal the core aspects of chosen problems and proper defense against these methods. In the practical section I demonstrate a chosen attack on anonymity and implementation of extension for Google Chrome web browser as a defense mechanism. Attack is implemented in JavaScript programming language and uses the framework WebRTC. Extension for web browser Google Chrome is implemented in HTML and JavaScript.

Feasibility of the Spectre attack in a security-focused language

Author
Jaroslav Chládek
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Michal Štepanovský, Ph.D.
Summary
We present a functioning proof-of-concept implementation of the Spectre Variant 1 attack in the Rust programming language. We prove the feasibility of the attack in this security-focused language with our modified algorithm and compare its viability to that in unsafe languages. We show its impact on the security of the Rust platform, its mathematical properties and theoretical assumptions.

Security analysis of Passbolt

Author
Radek Smejkal
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Buček, Ph.D.
Summary
This work focuses on password management and secure password storage using password managers. It also provides a brief overview of current password managers, focusing on security features and their comparison. The aim of this work is to perform a security analysis of the selected password manager Passbolt, which was designed to support team collaboration and password sharing. The potentially risky places found are further examined directly in the application's source code. The analysis also includes monitoring and subsequent network traffic exploration. During the analysis, no vulnerability directly endangering the confidentiality or integrity of the stored data was found. However, the analysis has identified several situations that may in some ways lead to a reduction of security or even a complete compromise of the user's account. After evaluating the severity of each finding, possible measures to eliminate these vulnerabilities are suggested.

Security of the Lua Sandbox

Author
Petr Adámek
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Simona Fornůsek, Ph.D.
Summary
Lua is an easy to embed language which can be used to extend an application with a scripting environment. This thesis focuses on isolation of Lua scripts from sensitive parts of the application. Sandboxing is commonly used for isolation of components in an application. This work covers some theory behind sandboxes and discusses how to properly implement a sandbox in Lua. A sandbox based on isolation of Lua functions and a sandbox based on isolation of the entire Lua interpreter are proposed as possible implementations. An analysis of the Lua language, including the standard library, is performed, focusing on isolation and potential for escaping a sandbox. A simple tool for crawling and dumping the environment of a Lua function is created. The dumped values can be later analysed in an interactive environment. This allows for a comprehensive examination of values accessible from a sandbox. Some freely available Lua sandbox implementations are analysed to show how the theory described here is used in practice. The theory is further demonstrated on a flaw found in the Lua sandbox of the OpenMW game engine.

Analysis of the Zlib's CVE-2022-37434 Vulnerability

Author
Vojtěch Krejsa
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
In early August 2022, a critical vulnerability identified as CVE-2022-37434 was discovered in the widely used Zlib compression library. The vulnerability is described as a heap buffer overflow. Some sources even argue that it could be exploited to execute arbitrary code. However, there is no available evidence confirming this claim. In this thesis, a detailed analysis of the vulnerability focusing on its exploitability to code execution is performed. The analysis is performed on the Ubuntu 22.04 LTS operating system with the glibc 2.35 memory manager and on Windows 10, version 22H2, with its default memory manager. The analysis results confirm that the vulnerability can indeed be exploited to code execution. In this thesis, it is described how it can be achieved. For demonstration purposes, virtual environments have been prepared.

Correlation Attacks on TOR

Author
Jan Fajfer
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
The primary goal of this bachelor's thesis is to describe and execute a correlation attack on the anonymity network Tor. It starts with an analysis of Tor's design, threat model, and attack vectors and continues with the analysis of the current state of correlation attacks on Tor and notable work in this field. The practical part contains execution of an attack using the Levine et al. and a modified Sun et al. method on the live Tor network. The main tests showed an overall good correlation with an average correlation coefficient r greater than 0.87 for both methods. The error rate was 5% with no false positives. The thesis continues with an analysis of factors influencing these attacks and concludes with a description and an analysis of countermeasures against end-to-end correlation attacks.

Deobfuscation of VBScript-based Malware

Author
Matěj Havránek
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jakub Souček
Summary
VBScript is a desktop and web based scripting language that is often used by malicious software. Authors of such sofware often attempt to conceal its true functionality and prevent others from reading the source code by using obfuscations. This thesis focuses on analyzing these obfuscations, exploring ways of reverting them and implementing a tool to improve readability of obfuscated programs using both static and dynamic deobfuscation methods.

Master theses

Reduced models of the Rijndael cipher

Author
Lukáš Solil
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
The thesis deals with the reduction of the cypher Rijndael. It examines the characteristics of the cypher and its design criteria. The obtained knowledge is used to create a Rijndael reduced model design process. The thesis provides tools enabling the user to follow the steps of the process and after that, to use the new model implementation. The practical use of the models is demonstrated on repetitive encryption cryptanalysis.

Device for Wi-Fi Security Testing

Author
Petr Heřmánek
Year
2021
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
doc. Ing. Tomáš Čejka, Ph.D.
Summary
The wireless network compromise presents a serious threat to traffic confidentiality, integrity, and authenticity. The globally widespread protocols already have a well established attack surface filled with various pitfalls, ranging from poor design decisions to critical programming errors. In this thesis, we focus on researching the recurring threats to provide a modern taxonomy overview and general protection guidelines. To demonstrate its functionality, we constructed a portable device capable of a fully automated Evil Twin kill chain execution along with the contemporary Wi-Fi auditing toolkit options.

Differential Cryptanalysis of Baby Rijndael

Author
Jakub Tomanek
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
In this thesis we deal with the methods of differential cryptanalsis applied to the Baby Rijndael cipher. In the first two chapters, we demonstrate the similarness of the Rijndael and Baby Rijndael ciphers. Then we discuss the basic principles of differential cryptanalysis. These are the precomputation of differential characteristics and their later usage for key extraction. We focus on the possibility of merging and clustering of the differential characteristics. We discuss the parameters which have an impact on the overall success of key extraction. Finally we estimate the memory and time complexity of our attack in comparison with the brute force approach and we compare our results to results of other works. In our attack we were able to extract secret key in 26 % cases on average in better time than the brute force attack.

Modernization of the SSL/TLS protocols support in Privoxy

Author
Václav Švec
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Summary
The thesis reacts to the development of encrypted HTTP in modern web browsers over the last three years. It focuses particularly on changes that affect proxy servers and web certificates and evaluates their impact on HTTPS filtering using proxy servers. The thesis also includes the design and implementation of modifications that extend the previous implementation of SSL/TLS support to the Privoxy proxy server. These modifications allow filtering of all communication of modern web browsers and at the same time emphasize the maintenance of sufficient proxy server performance. The achieved results are tested and evaluated in comparison with previous versions of the Privoxy proxy server. At the same time, they are supplemented by other suitable improvements.

Security Analysis of OnlyKey

Author
Josef Hušek
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Marina Shchavleva
Summary
This thesis is about the OnlyKey device, which is a small personal authentication token. Its main function is acting as a dedicated hardware password manager, including support for two-factor-authentication. We will first discuss a bit about what hardware it is based on and some general information about the device including its advertised capabilities. After this we will shift our attention to the several open-source software pieces, which make the device work as intended and delve into how they work and interact with each other. Lastly we will discuss what interesting facts we found during the study of this device, especially pertaining to user security.

Advanced Algorithms for Secret Sharing

Author
Hana Svobodová
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Summary
This thesis deals with secret sharing algorithms. In particular, it focuses on verifiable secret sharing algorithms, quantum secret sharing and multiparty computation. The survey part focuses on the description of selected algorithms and their security properties. In the second part, Shamir's scheme, Pedersen's verifiable scheme and Schoenmakers' publicly verifiable secret sharing scheme and BGW scheme for multiparty computing are implemented. The quantum secret sharing scheme is implemented on a simulator. The main result is an application which can split and reconstruct secret according to the implemented algorithms.

Finding vulnerabilities in the LLVM intermediate code

Author
Jan Brož
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Buček, Ph.D.
Summary
Thesis examines possibilities of static analysis for the purpose of searching vulnerabilities, which arise from common programming mistakes. Firstly we describe those mistakes, their impacts and worldwide statistics. We also summarize existing methods for detection of such mistakes and their shortcomings. Thereafter we suggest a method of backward finding a data origin by following data dependancies in LLVM intermediate code, which is then applied on detection of injection of commands or format strings and certain cases of buffer overflow. We examine types of false positives this method produces and we suggest ways to mitigate them. The method is implemented in C++ using LLVM framework and tested on selected samples of vulnerable programs.

Light-Weight Sandbox for Installers

Author
Artem Ustynov
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Summary
When searching for lesser-known software products or products developed by independent developers one has to deal with software installers. Such installers often bundle third party software and sometimes it is impossible to install the desired software without also installing some additional program. The goal of this work is to analyze the commonly used installer the ``InnoSetup" and develop a lightweight sandbox that will ensure that installer won't modify registers or files on the host computer, allowing the user to make a better-informed decision regarding the safety of the software they desire to install. The proposed solution is designed to be a lightweight alternative to existing approaches.

Novel approaches to the detection of backdoors

Author
Jan Vojtěšek
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
This thesis presents a detailed examination of application backdoors hidden in Portable Executable files and proposes novel anomaly-based methods for their heuristic detection. Four application backdoors used in large-scale supply chain attacks were reverse-engineered and shown to exhibit anomalous properties that could be utilized in the search for similar backdoors. These anomalous properties serve as the basis for three heuristic detections that were implemented and had their performance evaluated on a dataset composed of both benign and backdoored applications.

Security Analysis of IrfanView

Author
Radek Jizba
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Summary
This Thesis focuses on analysis of image viewing software IrfanView. Previous vulnerabilities and their fixes of this software were also mapped and analyzed. As a result this thesis comes to a conclusion, that software IrfanView is very well maintained by the author, and all vulnerabilities are fixed in very little time.

Recovery of the AES key by monitoring a program's flow

Author
Jonatan Matějka
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
The AES cipher is the most widely used symmetric block cipher. It is used daily in secure communication protocols and in data storage. There is a certain area where the usage of this cipher doesn't please us -- unwanted software. It might be ransomware encrypting our precious data and demanding money for decryption. It might be a botnet client using secure communication to coordinate the next attack. In these situations we would find it handy to have a tool to reveal these encrypted data to us. In this thesis we propose an algorithm to serve that purpose. By observing accesses to the S-Box made during the program's run we're able to recover keys and data used for the encryption. This algorithm was implemented as a Microsoft Windows application running on Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.

Security Analysis of the Telegram IM

Author
Tomáš Sušánka
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
This thesis is devoted to an analysis of the Telegram Messenger and the related MTProto protocol. It studies the cryptographic background of MTProto, the Android client source code and the generated network traffic. Additionally, it compares the application to its official documentation. Finally it discusses potential vulnerabilities and various attempts to exploit them.

The Impossible Differential Cryptanalysis

Author
Peter Poljak
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
In our diploma thesis we focused on the impossible differential cryptanalysis as a benchmark to test weaknesses of ciphers. Because of its relative novelty, compared to linear and differential analysis, this analysis is not so well-known and there are few-to-none simple tutorials on how to do it. We set to provide exactly this simple how to tutorial. We chose Baby Rijndael cipher to test this technique. We performed a successful attack on 4 rounds of Baby Rijndael and provided a step-by-step tutorial. We found out that we need only 13436 units of time instead of 32768 needed for brute-force attack. We confirmed the usefulness of this technique and with the provided how to simplified an access to its workings.

Protecting Sensitive Data in Memory in .NET

Author
Viktor Dohnal
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
Applications frequently handle sensitive information, such as passwords and encryption keys, which are typically stored in volatile memory alongside other data. This thesis investigates the efficacy and implementation of memory protection techniques within the .NET ecosystem. The findings have been applied to the analysis of the KeePass password manager, which led to a vulnerability discovery. The vulnerability allows an attacker to recover the master password from memory, even when a workspace is locked or KeePass is no longer running.

Security Analysis of BestCrypt Volume Encryption

Author
Juraj Horňák
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Summary
This diploma thesis deals with the analysis of software used to encrypt volumes of fixed or removable disks - BestCrypt Volume Encryption. The analysis is focused on the security aspects of application's boot code. The thesis describes results obtained by performing a reverse analysis of the code, especially the derivation of the encryption key from user's password and the process of encryption/decryption. The correctness of application's cryptographic primitives is verified by implementing a program for sector decryption.

Security aspects of the Intel Management Engine

Author
Michal Funtán
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis describes Intel Management Engine, part of most chipsets developed by the Intel Corporation. First part introduces architecture and boot process of the system. Modules which take part on booting was analyzed using reverse engineering and the system integrity check was validated. In the second part of this work, the driver of the hardware cryptographic module was analyzed using reverse engineering and implemented cryptographic functions was described. In the last part, acquired results was evaluated from the perspective of computer system security.

Analysis of Crypters and Their Detection

Author
Jakub Kaloč
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Summary
The aim of this thesis is an analysis and description of different techniques used by crypters whose main functionality is the protection of malware from being detected and analyzed. The thesis introduces the reader to the application of the knowledge of reverse engineering to analyzing malware and to the use of information from this analysis in creation and improvement of the protection against malware. The theoretical part of this thesis presents selected tools for malware analysis and creation of detection rules. It also presents the framework used to logically structure individual techniques which can be found in malware. This framework is also used as the background structure of this thesis. Within individual chapters the thesis focuses on techniques of selected categories of the framework which are used by the crypters. The practical part of the thesis builds on the theory presented in previous chapters. First, the analysis of samples of real obfuscators and crypters used for malware protection is performed. The analysis is focused on parts where the sample uses thematically relevant techniques. At the end of the practical part, the information obtained from the analysis is used to create detection rules which describe individual crypters or the analysed techniques.

Improvement of the ciphersuite selection in SSL/TLS

Author
Otto Hollmann
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jan Baier
Summary
The primary focus of this thesis is centered around the process of selecting suitable cipher suites from the available options present in cryptographic libraries. The choice of a correct cipher suite and its respectable parameters has a considerable impact on the overall security of a system and the time required to break into that system. The thesis is focused mainly on the OpenSSL library which has two different interfaces for cipher suites configuration. The result of this thesis is a proposal and an implementation of a unified OpenSSL interface which allows all cipher suites to be enabled using the original cipher_list interface. Moreover, an option to limit validity of a cipher alias to selected versions of the protocol and to move a cipher alias or cipher suite to the beginning of the list was added. Furthermore, the server-side cipher string was extended to support equal-preference groups and to allow preference flags to be entered. The configuration of the preference flags is similar to the -prioritize_chacha option. This allows for the correct cipher suite to be selected based on the preference settings of both the server and client. All modifications were designed to be backward compatible.

Attacks on Event Tracing for Windows: Techniques and Countermeasures

Author
Matěj Havránek
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Peter Kálnai, Ph.D.
Summary
Event Tracing for Windows (ETW) is a system monitoring platform integrated into Microsoft Windows. Aside from system monitoring tools, it is also heavily used by security software. In recent years there is a growing number of attacks on system monitoring tools, primarily in order to conceal other malicious activity. This thesis explores current techniques to blind or disable ETW, analyzes a recent attack targetting system monitoring on Windows and discusses ways to detect and prevent similar attacks in the future.

Security Analysis of BestCrypt

Author
Jakub Souček
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Smítka
Summary
The thesis provides a security analysis of BestCrypt. BestCrypt is a software that allows users to encrypt their files and folders. The analysis focuses on the key generation process, the cryptographic processes and the overall security of the application.

Security Analysis of the Signal Protocol

Author
Jan Rubín
Year
2018
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis provides a security analysis of the Signal Protocol. The protocol's cryptography, functionality, and structure are discussed. The source codes of the official implementation are analyzed and the protocol's state is compared with the documentation. Finally, the protocol's potential security vulnerabilities are examined and their mitigation or removal is formulated.

Analysis of cryptovirus

Author
Jan Řečínský
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Summary
The goal of this diploma thesis is to analyze the infamous malware CBT-Locker, which received significant attention of the media in the recent years. The thesis first introduces the principles of Tor, Bitcoin and the tools used to analyze the CBT-Locker code. Next, the thesis discusses in detail the examination of a functional CBT-Locker code.

Linear Cryptanalysis of Anubis

Author
Šárka Hatašová
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
This master thesis deals with design and verification of a reduced model of the Anubis cipher. The reduced model is subjected to various types of attacks by using linear cryptanalysis. Results of attacks are discussed in detail and associated with possible impact on the Anubis.

Security analysis of Drive Snapshot

Author
Michal Bambuch
Year
2021
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This thesis addresses the security analysis of Drive Snapshot. It presents the results of the reverse analysis of the key parts of the program, describes the used cryptographical algorithms, and evaluates the application security. During the security analysis, several security vulnerabilities were discovered that could weaken the used cryptography or compromise the security of passwords or created backups.

Browser fingerprinting - techniques and countermeasures

Author
Samuel Hanák
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Summary
This thesis presents a number of browser fingerprinting techniques and explains how they work. Possible defenses against some of them are proposed and explained. Building on the previous work, the implementation of the proposed defenses in the Privoxy proxy server and their testing using available tools is then described.

Reverse analysis of the UEFI modules PEI and DXE

Author
Luigino Camastra
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
This thesis describes reverse engineering of UEFI modules. UEFI phases and their main responsibilities while booting an operating system are introduced. In the second part of this work, options for dumping the UEFI firmware image and which tools are used for acquiring PEI and DXE modules are described. Furthermore, main functionalities of the obtained modules are reported. Finally, the UEFI modules are compared with the documentation and checked whether they adhere to security conventions.

Linear Cryptanalysis of the GOST Cipher

Author
Jakub Labant
Year
2015
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
The aim of this paper is to examine the security of cipher GOST vulnerable to attack using linear cryptanalysis techniques. Firstly, it deals with describing the structure of the cipher GOST, followed by researches of already carried out attacks, description of linear cryptanalysis techniques and finally the actual attack on the cipher with a reduced number of rounds. At the end of work we summarize the results obtained for a 3 rounds cipher GOST.

Memory Explorer for .NET

Author
Michal Žůrek
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This thesis aims to design and implement a computer program that allows reverse engineering of the memory of a process running on .NET technology and locating and manipulating objects in the memory of a process. The thesis describes the .NET technology and its generally available implementations. In the thesis, existing tools for listing objects in the .NET process memory are described. The thesis describes behaviour of the Garbage Collector, which is used to manage memory in the .NET environment. The thesis contains a description of obfuscators available for obfuscating .NET programs and an evaluation of their impact on the obfuscated program. The thesis includes a description of possible approaches to analyze .NET process memory. It contains a detailed description of the Event Pipe approach, which was used in the tool developed as a part of this thesis. Finally, the thesis evaluates achieved results when the tool was used to analyze the memory of testing programs, commonly used programs, and obfuscated programs.

Portabler: Support for Execution of Windows Applications From Portable Media

Author
Kamil Kopp
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Summary
In this work, we are dealing with portable programs. We find out differences between portable and installed programs. We are dealing with purely local resources like Windows registry and local filesystem. After that, we are describing the methods of reverse engineering in software and finding out which of these methods could be useful in converting installed application to portable. Subsequently, we are creating design of application that could convert installed application to portable ones and we are describing its important parts. After that, we are implementing application based on design in Visual C++. We are describing details of implementation including registry simulation and file redirection. We are testing application in real environment. Finally, we are discussing results and other facts found.

Protection Against Fingerprinting in Privoxy

Author
Jiří Sixta
Year
2018
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis presents current methods of browser fingerprinting. It proposes possible ways to protect against selected methods. The thesis then introduces proxy software Privoxy, in which it implements the chosen protection methods and verifies the influence of the solution on the web browser's anonymity and performance.