Theses

Mgr. Martin Jureček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Information Security

This work introduces and demonstrates innovative progress in the algebraic analysis of the small-scale variants of the stream cipher E0 from the Bluetooth standard. We design the small-scale variants and represent them using a set of polynomial equations. Our work reveals a possible linear relation between the number of keystream bits and the size of the small-scale E0 variants, improving the performance of the used solvers. Our best run finds the initial configuration in $178.5$ seconds for the 22-bit E0 version. Using local sensitivity hashing, we improved the computational time of the SAT solver from 453.1 seconds to 85.3 seconds for the 19-bit E0 version.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Information Security

Applications frequently handle sensitive information, such as passwords and encryption keys, which are typically stored in volatile memory alongside other data. This thesis investigates the efficacy and implementation of memory protection techniques within the .NET ecosystem. The findings have been applied to the analysis of the KeePass password manager, which led to a vulnerability discovery. The vulnerability allows an attacker to recover the master password from memory, even when a workspace is locked or KeePass is no longer running.

Thesis on DSpace

Mgr. Martin Jureček, Ph.D.

Ing. Matouš Kozák

Department of Information Security

Malware is one of the most significant security threats today. Early detection is important for effective malware protection. Machine learning has proven to be a useful tool for automated malware detection. However, research has shown that machine learning models are vulnerable to adversarial attacks. This thesis discusses adversarial learning techniques in malware detection. The aim is to apply some existing methods for generating adversarial malware samples, test their effectiveness against selected malware detectors, and compare the evasion rate achieved and their practical applicability. The thesis begins with an introduction to adversarial machine learning, followed by a description of the portable executable file format and a review of publications that focus on generating adversarial malware samples. The techniques used to generate malware samples for experimental evaluation are then presented. Finally, the experiments performed are described, including observation of the time required to generate samples, changes in sample size after using the generator, testing effectiveness against antivirus programs, combining the use of multiple generators to generate samples, and evaluation of the results. Five generators were selected for the experiments: Partial DOS, Full DOS, GAMMA padding, GAMMA section-injection and Gym-malware. The results showed that applying optimised modifications to previously detected malware can lead to incorrect classification of the file as benign. It was also found that generated malware samples can be successfully used against detection models other than those used to generate them, and that using combinations of generators can create new samples that evade detection. Experiments show that the Gym-malware generator, which uses a reinforcement learning approach, has the greatest practical potential. This generator achieved an average sample generation time of 5.73 seconds and the highest evasion rate of 67%. When used in combination with itself, the evasion rate improved to 78%.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Tomáš Luňák

Department of Information Security

We introduce in this thesis a ranking list of the ten most common vulnerabilities in Internet of Things devices. The main aim was to provide ranking lists created from public data with a transparent creation methodology because ranking lists with these requirements currently do not exist. For example, the popular project OWASP published the most recent ranking list in 2018, and other existing up-to-date ranking lists do not provide a transparent creation methodology and used data sources. We introduce in this thesis a ranking list of the ten most common vulnerabilities in Internet of Things devices. Furthermore, we propose a similar ranking list only for camera devices. Also, we present the most common vulnerability for different smart device categories. In addition, the scraping tool for vulnerability collection was implemented in the framework Scrapy, and an analysis of three vulnerabilities in the context of the Internet of Things devices was performed. The selected vulnerability categories are Access Control, Overflow, and Password Management.

Thesis on DSpace

Ing. Dominik Soukup

Ing. Simona Fornůsek, Ph.D.

Department of Information Security

This diploma thesis deals with the problem of classification of primarily encrypted network traffic by applying machine learning algorithms. Machine learning is a subfield of artificial intelligence which relies heavily on sufficiently large and general datasets. The first goal is to analyze methods that not only improve such classification over time, but also iteratively build the updated dataset. The second goal is to create a prototype of a software framework capable of doing so, while also being able to evaluate the classification. In the analysis part, the reader is introduced to the active learning method and analyzes and discusses the state-of-the-art and relevance of the methods to the network traffic domain. The design part defines the requirements and designs the solution architecture. The final part of the thesis is focused on experiments. The output of the work is a prototype of the software framework and an evaluation of various active learning methods for the network traffic domain.

Thesis on DSpace

doc. Ing. Tomáš Čejka, Ph.D.

Ing. Simona Fornůsek, Ph.D.

Department of Information Security

This thesis deals with design and implementation of the tool for online packet analysis of network traffic. Main goal is to provide necessarily informations for administrator to ensure, that he can set defence mechanisms for mitigation of DDoS attacks. Tool provides overview of actual structure of the network traffic. It can also identify and recommend mitigation rules to suppress DDoS attack, based on characteristics of volumetric DDoS attacks. Tool for saving data for analysis is using special probability data structures, called sketch, which can effectively store great amount of data with low memory requirements. Performance and functionality of the tool was tested in lab over test data with speed reaching up to 100 Gb/s.

Thesis on DSpace

Ing. Petr Socha

Dr.-Ing. Martin Novotný

Department of Information Security

Rainbow, a layered multivariate quadratic digital signature, is a candidate for~standardization by National institute of standards and technology (NIST). In~this paper, we present a CPA side-channel attack on the submitted 32-bit reference implementation. We evaluate the attack on an STM32F3 ARM microcontroller. After a successful attack, we propose countermeasures against side-channel attacks. Countermeasures are implemented and evaluated using leakage assessment.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Department of Information Security

This diploma thesis is about attacks on e-commerce websites. It focuses on a method called web skimming, which uses modifications of website source code and steals customers' payment card data directly from the browser. This work analyzes vulnerabilities that are abused for infiltration of websites, the ways how to hide malicious code in the website source code and the methotds of stealing payment data. It proposes ways to defend against web skimming attacks and implements a browser add-on to prevent these attacks.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Information Security

This thesis addresses the security analysis of Drive Snapshot. It presents the results of the reverse analysis of the key parts of the program, describes the used cryptographical algorithms, and evaluates the application security. During the security analysis, several security vulnerabilities were discovered that could weaken the used cryptography or compromise the security of passwords or created backups.

Thesis on DSpace

Ing. Karel Hynek, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Information Security

This master thesis deals with the problematics of IoT malware and the possibilities of its detection in computer networks using flow-based monitoring concepts. We exhibit solutions for each of the identified critical aspects of IoT malware network behavior separately. Furthermore, we propose a novel method to discover infected devices using a combination of network indicators. The proposed detection method was implemented in the form of a software prototype capable of processing real network traffic as part of the NEMEA system. The final solution was evaluated both on anonymized captures and up-to-date malware samples.

Thesis on DSpace

Ing. Pavel Kubalík, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Information Security

Error-control codes are used in digital communication systems to protect data against noise during transmission. There are many methods to achieve this kind of protection, all are mathematical in nature. A set of teaching materials in the Wolfram Mathematica computing system has been developed in the past to demonstrate some of these methods. The aim of this work is to extend the set by adding some more advanced codes.

Thesis on DSpace

Ing. Simona Fornůsek, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Information Security

Active Directory is a central point of administration and identity management in many organizations. Ensuring its security is indispensable to protect user credentials, enterprise systems, and sensitive data from unauthorized access. Security monitoring of Active Directory environments is typically performed using signature-based detection rules. However, those are not always effective and sufficient, especially for attacks similar to legitimate activity from the auditing perspective. This thesis applies machine learning techniques for detecting two such attack techniques - Password Spraying and Kerberoasting. Several machine learning algorithms are utilized based on features from Windows Event Log and evaluated on data originating from a real Active Directory environment. Best approaches are implemented as detection rules for practical use in the Splunk platform. In experimental comparison with signature-based approaches, the proposed solution was able to improve detection capabilities, and at the same time, reduce the number of false alarms for both considered attack techniques.

Thesis on DSpace

Ing. Karel Hynek

Ing. Tomáš Čejka, Ph.D.

Department of Information Security

This thesis presents a review of flow-based network threat detection, with the focus on brute-force attacks against popular web applications, such as WordPress and Joomla. A new dataset was created that consists of benign backbone network traffic and brute-force attacks generated with open-source attack tools. The thesis proposes a method for brute-force attack detection that is based on packet-level characteristics and uses modern machine-learning models. Also, it works with encrypted HTTPS traffic, even without decrypting the payload. More and more network traffic is being encrypted, and it is crucial to update our intrusion detection methods to maintain at least some level of network visibility.

Thesis on DSpace

Ing. Josef Kokeš

prof. Ing. Róbert Lórencz, CSc.

Department of Information Security

This thesis presents a detailed examination of application backdoors hidden in Portable Executable files and proposes novel anomaly-based methods for their heuristic detection. Four application backdoors used in large-scale supply chain attacks were reverse-engineered and shown to exhibit anomalous properties that could be utilized in the search for similar backdoors. These anomalous properties serve as the basis for three heuristic detections that were implemented and had their performance evaluated on a dataset composed of both benign and backdoored applications.

Thesis on DSpace

Ing. Josef Kokeš

Ing. Tomáš Zahradnický, Ph.D.

Department of Information Security

The AES cipher is the most widely used symmetric block cipher. It is used daily in secure communication protocols and in data storage. There is a certain area where the usage of this cipher doesn't please us -- unwanted software. It might be ransomware encrypting our precious data and demanding money for decryption. It might be a botnet client using secure communication to coordinate the next attack. In these situations we would find it handy to have a tool to reveal these encrypted data to us. In this thesis we propose an algorithm to serve that purpose. By observing accesses to the S-Box made during the program's run we're able to recover keys and data used for the encryption. This algorithm was implemented as a Microsoft Windows application running on Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.

Thesis on DSpace

Ing. Ivo Petr, Ph.D.

Mgr. Martin Jureček

Department of Information Security

The elliptic curve discrete logarithm problem (ECDLP) is one of the most important problems in asymmetric cryptography. In recent years, several papers were concerned with the use of summation polynomials for solving the ECDLP efficiently. In this thesis, we summarize the state-of-the-art algorithms based on summation polynomials, and use these algorithms to solve the ECDLP over prime fields. A detailed complexity analysis of said algorithms is presented and verified by extensive tests. After a comparison of the presented algorithms with the well-known Pollard's $\rho$-algorithm we have come to a conclusion; the algorithms presented in this thesis are not yet practical and more research needs to be done.

Thesis on DSpace

Ing. Jiří Kašpar

Department of Computer Systems

This master's thesis deals with methods of authentication, authorization, and session management in the HTTP protocol that are used every day by Internet users. The main emphasis is placed on security of individual methods and their security weaknesses. Furthermore, an extension to the Burp Suite tool was created. This tool is used for web application testing by many security specialists worldwide. The main benefit of the created extension is easy management of authentication, authorization, and other tokens contained in HTTP messages, requests and responses, as well as the ability to manage multiple sessions at the same time, speeding up the automated web application scanning several times.

Thesis on DSpace

Ing. Josef Kokeš

Department of Computer Systems

This thesis provides a security analysis of the Signal Protocol. The protocol's cryptography, functionality, and structure are discussed. The source codes of the official implementation are analyzed and the protocol's state is compared with the documentation. Finally, the protocol's potential security vulnerabilities are examined and their mitigation or removal is formulated.

Thesis on DSpace

Ing. Tomáš Čejka, Ph.D.

doc. Ing. Hana Kubátová, CSc.

Department of Computer Systems

Network attacks, especially DoS and DDoS attacks, are a significant threat to all providers of services or infrastructure. The most potent attacks can paralyze even large-scale infrastructures of worldwide companies. The objective of DDoS attacks is usually to flood the target network device or even the network itself with a large number of packets. Such attack results in nondeterministic discarding of network packets. DDoS mitigation strategy based on the recognition of malicious packets is a complex task due to the similarity between legitimate and malicious packets. This thesis proposes a design of a mitigation heuristic which utilizes the knowledge of the so-called reputation score of network entities. The primary objective of this thesis is to integrate the proposed heuristic into a scrubbing center developed by CESNET a.l.e.

Thesis on DSpace

Mgr. Rudolf Bohumil Blažek, Ph.D.

Department of Computer Systems

This thesis deals with the issue of obfuscation for the programming language Python 3. Existing solutions and approaches are further analyzed and discussed. The thesis focuses on the design of a new modular tool with separate obfuscation modules. In following parts the implementation itself is described and overall properties are summarized.

Thesis on DSpace

Ing. Tomáš Hégr

Department of Computer Systems

Car-to-infrastructure (C2I) is an ad-hoc communication scheme used within Inteligent Transportation Systems. Green Light Optimal Speed Advisory (GLOSA) is one of the main C2I applications. It increases an overall traffic flow continuity by helping drivers to avoid unnecessary stops at traffic intersections. Main goal of this thesis is to design and implement an enhanced algorithm for calculating a recommended approaching speed to an intersection. It also describes its integration in GreenLight, a mobile application implementing driver-side part of GLOSA. Furthermore, the thesis identifies common security threats to GLOSA systems and to the GreenLight application. It also proposes several methods for determining direction in which the driver intends to go through an intersection. This will allow for an automatic selection of the proper light signal for which a recommended speed should be calculated.

Thesis on DSpace

Ing. Josef Kokeš

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

In this thesis we deal with the methods of differential cryptanalsis applied to the Baby Rijndael cipher. In the first two chapters, we demonstrate the similarness of the Rijndael and Baby Rijndael ciphers. Then we discuss the basic principles of differential cryptanalysis. These are the precomputation of differential characteristics and their later usage for key extraction. We focus on the possibility of merging and clustering of the differential characteristics. We discuss the parameters which have an impact on the overall success of key extraction. Finally we estimate the memory and time complexity of our attack in comparison with the brute force approach and we compare our results to results of other works. In our attack we were able to extract secret key in 26 % cases on average in better time than the brute force attack.

Thesis on DSpace

prof. Ing. Róbert Lórencz, CSc.

Ing. Jiří Buček, Ph.D.

Department of Computer Systems

This thesis deals with Physical Unclonable Functions (PUFs) on FPGAs. First, we provide a literature research concerning PUFs in general and their various constructions with a focus on PUFs suitable for FPGAs. Then we introduce PUF design proposed in our previous work which is based on ring oscillators and we discuss its properties. The proposed PUF is analysed and tested at varying temperature and voltage. Based on the results of the experiments, we propose suitable modifications of the PUF design in order to improve the quality of its output.

Thesis on DSpace

prof. Ing. Róbert Lórencz, CSc.

Ing. Jiří Buček, Ph.D.

Department of Computer Systems