Information Security (version for Czech students)

Theses

Bachelor theses

Analysis of the CTU Teaching Survey's Anonymity

Author
Eliška Helikarová
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Valenta, Ph.D.
Summary
The bachelor's thesis deals with an anonymity analysis of the Anketa CTU application, an online survey system used by the Czech Technical University for an anonymous course and instructor evaluation. The application falls into the category of anonymous survey systems, meaning the data contained in the survey questionnaires submitted by students should not be linked to the student's identity. The thesis examines this property, its implementation within the application, and discusses possible threats and pitfalls that could potentially compromise the users' privacy. The chosen approach for the anonymity analysis involves a threat analysis using the LINDDUN privacy threat modeling framework. The threat modeling process consists of studying and describing the application using both the publicly available information as well as the source code files and other parts of the system which are not accessible to the general public. After the information gathering phase, the next step is to create data flow diagrams of the system which depict individual system components and data flows. The individual parts of the system, as well as the system as a whole, are then examined for privacy threats that fit into any of the LINDDUN threat categories. The listed threats are then evaluated by their impact on the students' anonymity. The thesis describes the application's inner workings as well as a JWT misconfiguration and other vulnerabilities discovered within the system. Finally, the thesis proposes suitable mitigation strategies and anonymity-enhancing solutions.

Analysis of the Zlib's CVE-2022-37434 Vulnerability

Author
Vojtěch Krejsa
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
In early August 2022, a critical vulnerability identified as CVE-2022-37434 was discovered in the widely used Zlib compression library. The vulnerability is described as a heap buffer overflow. Some sources even argue that it could be exploited to execute arbitrary code. However, there is no available evidence confirming this claim. In this thesis, a detailed analysis of the vulnerability focusing on its exploitability to code execution is performed. The analysis is performed on the Ubuntu 22.04 LTS operating system with the glibc 2.35 memory manager and on Windows 10, version 22H2, with its default memory manager. The analysis results confirm that the vulnerability can indeed be exploited to code execution. In this thesis, it is described how it can be achieved. For demonstration purposes, virtual environments have been prepared.

ZigBee Protocol Security Analysis in IoT Devices

Author
Tomáš Rosenbaum
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Jiří Dostál, Ph.D.
Reviewers
Ing. Viktor Černý
Summary
This bachelor thesis deals with the security analysis of the ZigBee protocol and the IEEE 802.15.4 protocol on which the ZigBee protocol is built. It explains the basic functioning of both protocols and their security extensions and weaknesses in detail. It also discusses how to create a test network using the CC2652P coordinator, smart bulb, switch and Home Assistant application. The work results in an application that allows easy security analysis of devices and networks, which can be extended simply. The application is written in Python using the Scapy library. It uses the CC2531 coordinator to eavesdrop on communications. The proposed application is used to analyze the created test network whose security is evaluated in the work.

Custom OpenSSL provider based on CNG

Author
Ladislav Marko
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Summary
This thesis takes a closer look at OpenSSL providers and how to implement them. The thesis goes through the process of implementing a provider that offloads certificate operations to other algorithm implementations then OpenSSL ones. The selected implementation of algorithms is the Windows Cryptography API: Next Generation. The final provider allows for TLS 1.3 connection using client certificate loaded from the system certificate store of operating system Windows.

Web Application for Submission of GCSE Projects

Author
Ondřej Cach
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Jiří Dostál, Ph.D.
Reviewers
Ing. Michal Šoch, Ph.D.
Summary
This bachelor's thesis deals with the design of GCSE project submissions system at the Secondary School of Electrical Engineering and Higher Vocational School Pardubice. The objective of the thesis is to implement a web application for the submission of GCSE projects considering the security and cryptographic verification of the work. Software engineering methods are used to analyze requirements and use cases. Furthermore, the design of the web application including a security model for non-repudiable submission of GCSE project files using trusted timestamping is developed. The previous analysis and design are followed by the implementation of the web application, which is resolved using a Single Page Application, written in React, on the frontend, interacting with REST API, using Laravel framework, on the backend. The result of this work is a fully working web application that allows a high school to effectively manage the GCSE projects of students.

Crypto-currency miner detection from extended IP flow data

Author
Richard Plný
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Karel Hynek, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Summary
This bachelor thesis addresses cryptomining from the security perspective with an emphasis on abusive mining. It explores the possibilities of detection of cryptominers in high-speed computer networks using a flow-based monitoring approach. A setup for continuous traffic capture is proposed and used for creating datasets with real-world miners' traffic. Furthermore, a detection method is proposed, capable of operation on high-speed networks. The proposed solution was implemented as a group of NEMEA modules. Moreover, it was deployed and evaluated on the national network CESNET2 operated by CESNET.

Physical unclonable functions on ESP32

Author
Ondřej Staníček
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Jiří Buček, Ph.D.
Reviewers
Ing. Filip Kodýtek, Ph.D.
Summary
This thesis analyzes the possibility of implementing a static random access memory (SRAM) physical unclonable function (PUF) on the ESP32 microcontroller. First, literature research on the topic of PUFs is provided with focus on SRAM PUFs. A discussion on which properties the SRAM PUFs possess is presented. Two power-control methods of SRAM memory on the ESP32 are proposed. An analysis of behavior of startup SRAM bit values depending on operating temperature and power-off time is conducted for both methods. Their suitability for the PUF implementation is discussed based on the experimental results. Then, an implementation of SRAM PUF with stable response reconstruction is presented. Two different bit preselection methods are tested and a simple repetition error correction code (ECC) is used to stabilize the responses. The presented PUF design combines the two power-control methods to achieve faster and more reliable response extraction. Reliability testing revealed that it is possible to reach 100 % success rate of response reconstruction across the temperature range of -40 to +70 °C. The responses can be used as cryptographic keys to secure the ESP32 platform. Finally, the proposed PUF design is implemented in an easy-to-use ESP32 library.

Deobfuscation of VBScript-based Malware

Author
Matěj Havránek
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jakub Souček
Summary
VBScript is a desktop and web based scripting language that is often used by malicious software. Authors of such sofware often attempt to conceal its true functionality and prevent others from reading the source code by using obfuscations. This thesis focuses on analyzing these obfuscations, exploring ways of reverting them and implementing a tool to improve readability of obfuscated programs using both static and dynamic deobfuscation methods.

Interpretability of machine learning-based results of malware detection using a set of rules

Author
Jan Dolejš
Year
2021
Type
Bachelor thesis
Supervisor
Mgr. Martin Jureček, Ph.D.
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Summary
Machine learning methods have been quite successful in a variety of applications. Antivirus companies use them for quick and reliable malware detection, providing their users with a safer environment from ceaseless daily threats. However, machine learning methods such as deep neural networks are often considered black boxes as the reasoning behind their decisions may often be unclear. Their interpretability is important and helps understand potential errorful decisions. This thesis studies rule-learning algorithms and explores their potential to interpret the outcomes of machine learning algorithms. Two publicly available datasets with Portable Executable file attributes and tailor-made implementations of rule-learning algorithms were used throughout the work. Results showed that algorithm RIPPER is mostly successful at this task; it achieved high accuracies while maintaining compact sets of rules, making rule-learning algorithms a useful alternative to signature-based methods.

Detection of Active Directory attacks

Author
Lukáš Kotlaba
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Simona Buchovecká
Reviewers
Ing. Miroslav Prágl, MBA
Summary
Organizations that use Active Directory for managing identities have to protect their data from adversaries and security threats. This thesis analyses known attacks targeting Active Directory and the possibilities of detection based on Windows Security auditing. The implementation part focuses on designing detection rules covering the analyzed attack scenarios. The rules were designed and implemented in Splunk; tested and evaluated by performing the attacks in a virtual environment. The rules, or the detection principles used in them, can serve as a baseline for implementation of Active Directory security monitoring in organizations, regardless of the chosen technology. The appendix contains the designed rules set in the form of Analytic Stories, extending the content of an existing application Splunk ES Content Update. The Stories are supplemented by related searches providing context useful for investigation.

Survey and example of trusted platform (TPM)

Author
Andrea Holoubková
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Jiří Buček, Ph.D.
Summary
The bachelor thesis focuses on survey of solutions to implement a trusted platform. A more detailed description is devoted to the standards of Trusted Computing Group (TCG) and GlobalPlatform organizations. It concerns a Trusted Platform Module (TPM) security chip and an integrated secure processor zone called Trusted Execution Environment (TEE). Part of the bachelor thesis is also a practical demonstration of using a TPM chip on a regular PC computer under the Linux operating system. Practical part is devoted to encryption of external media (USB disk) and storing the key in the TPM.

Extension of reputation database with information from Passive DNS

Author
Maxmilián Tomáš
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Tomáš Čejka, Ph.D.
Summary
DNS (Domain Name System) is a domain name system for translation between domain names and IP addresses. Collection of data from DNS system can be useful for network security. It can help block malware spreading, detect infected hosts, or expand blacklists with malicious domains. The result of this thesis is a system for saving the history of mapping of domain names and IP addresses. The proposed PassiveDNS system imports data from DNS system that are captured from real network communications. Imported data is stored in an aggregate form to avoid the depletion of hardware resources. The system interface allows to access the translation history between individual domain names and specific IP addresses. The system can help detection systems to extend their own databases. The resulting system is integrated into the related projects developed by CESNET a.l.e.

Analysis of the Rescue File of BestCrypt Volume Encryption

Author
Jan Vojtěšek
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Summary
This thesis focuses on reverse engineering and security analysis of a disk encryption application called BestCrypt Volume Encryption. It provides a detailed description of a previously undocumented binary file format used for rescue procedures. Several vulnerabilities and bugs were found during the performed security analysis. Each of those vulnerabilities is discussed in detail and an example of how this vulnerability might affect the security of regular users is given. The author also cooperated with the developers of BestCrypt Volume Encryption in order to fix or at least mitigate those vulnerabilities. A tool that makes it possible to mount encrypted volumes on some Unix-like systems is also presented.

SSL/TLS Filtering Support for Privoxy

Author
Václav Švec
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Summary
The thesis deals with the topic of proxy servers in relation to HTTP and HTTPS protocols and describes the ways of filtering HTTPS communication. Different ways of HTTPS filtering are presented, as well as the features of these filters and the proxy server procedures for controlling of HTTP/HTTPS connections. The second part of this thesis implements a SSL extension for Privoxy. This extension allows filtering HTTPS communication using variety of filtering features of the original program. Achieved results are evaluated and other possible improvements are suggested.

The person responsible for the content of this page: Ing. Zdeněk Muzikář, CSc.