|
|
Lawful Interception: Identity Detection
Polčák, Libor ; Baggili, Ibrahim (referee) ; Hudec,, Ladislav (referee) ; James, Joshua I. (referee) ; Švéda, Miroslav (advisor)
Komunikace předávaná skrze Internet zahrnuje komunikaci mezi pachateli těžké trestné činnosti. Státní zástupci schvalují cílené zákonné odposlechy zaměřené na podezřelé z páchání trestné činnosti. Zákonné odposlechy se v počítačových sítích potýkají s mnoha překážkami. Identifikátory obsažené v každém paketu jsou koncovým stanicím přidělovány po omezenou dobu, nebo si je koncové stanice dokonce samy generují a automaticky mění. Tato dizertační práce se zabývá identifikačními metodami v počítačových sítích se zaměřením na metody kompatibilní se zákonnými odposlechy. Zkoumané metody musejí okamžitě detekovat použití nového identifikátoru spadajícího pod některý z odposlechů. Systém pro zákonné odposlechy následně nastaví sondy pro odposlech komunikace. Tato práce se převážně zabývá dvěma zdroji identifikačních informací: sledováním mechanismu pro objevování sousedů a detekcí identity počítače na základě přesností měření času jednotlivých počítačů. V rámci dizertačního výzkumu vznikly grafy identit, které umožňují spojování identit s ohledem na znění povolení k odposlechu. Výsledky výzkumu je možné aplikovat v rámci zákonných odposlechů, síťové forenzní analýzy i ve vysokoúrovňových programově řízených sítích.
|
|
|
Advanced Tools for Legal Interception on Network Probe
Vrána, Roman ; Polčák, Libor (referee) ; Bartoš, Václav (advisor)
This thesis describes design and implementation of one of the parts of lawful interception system for intercepting network traffic. Designed system will be used for processing traffic with at maximum throughput of 100 Gbps. Resulting system will use hardware acceleration with Software Defined Monitoring (SDM) features. Software itself is designed to be able to process as many netwrok frames as possible even without hardware acceleration.
|
|
|
Creating Metadata during Interception of Instant Messaging Communication
Bárta, Stanislav ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the lawful interception of instant messaging communication and meta-information construction (IRI reports) during an interception. This thesis deals with XMPP, IRC, and OSCAR protocols. Format of messages has been described for each protocol. An application that is able to create IRI messages has been developed and tested in proposed testbed. The work also deals with possible problems that may happen during interceptions.
|
|
|
Fake Data in Computer Networks
Hranický, Radek ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis describes basic principles of lawful interception systems in computer networks and it contains an analysis of various methods of their deception. It also contains a description and implementation of two software tools. The first one is designed to demonstrate an attack on the lawful interception system. The goal is to deceive the system by hiding a transmitted message in a noise, in order to make the law enforcement agency interpret a fake message as the real one. The purpose of the second tool is to obtain the original message from data captured by the interception system.
|
|
|
Identification of Useful Data for Lawful Interception
Holomek, Tomáš ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the identification of useful data in lawful interception. First part summarizes the standards related to computer networks and lawful intercepts. Next part of the project focuses mainly on the HTTP application protocol, which is described in version 1.1. The work also specifies the classes into which the data traffic can be divided according to the importance to law enforcement agency. It introduces several methods of distribution of data streams into the proposed classes. Finally, the implementation of this methods has been tested for usability in network lines used today.
|
|
|
Hiding Data in Computer Networks
Hrebíček, Martin ; Halfar, Patrik (referee) ; Polčák, Libor (advisor)
This diploma thesis deals with hiding data in the Internet traffic. It contains a description of the law interception. Various possibilities of hiding data are mentioned. The practical part of this thesis consists of an application that hides the data of HTTP and HTTPS protocols in a fake VoIP call. The application consists of two parts: a client and a server. Data transmitted between the client and the server parts are masked as multimedia data of the VoIP call. When a user or Internet server does not transmit any data, random data are transmitted between client and server parts in order to simulate the VoIP call. Then, the thesis focuses on detection of the attack.
|
|
|
Acceleration of Network Traffic Encryption
Koranda, Karel ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with the design of hardware unit used for acceleration of the process of securing network traffic within Lawful Interception System developed as a part of Sec6Net project. First aim of the thesis is the analysis of available security mechanisms commonly used for securing network traffic. Based on this analysis, SSH protocol is chosen as the most suitable mechanism for the target system. Next, the thesis aims at introduction of possible variations of acceleration unit for SSH protocol. In addition, the thesis presents a detailed design description and implementation of the unit variation based on AES-GCM algorithm, which provides confidentiality, integrity and authentication of transmitted data. The implemented acceleration unit reaches maximum throughput of 2,4 Gbps.
|
|
|
Content of Communication Interception Probe
Zima, Štefan ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis is focused on creation of tool for intercepting content of network communication. It discusses the legal issue of surveillance and techniques for acceleration of processing incoming traffic in the Linux operating system. The aim of this thesis are implementation techniques using PF_RING library. The application implementation in language C is then tested on commodity hardware using the traffic generator.
|
|
|
Identity Detection in TCP/IP Architecture
Holkovič, Martin ; Matoušek, Petr (referee) ; Polčák, Libor (advisor)
This work deals with detection of users within computer networks on different layers of the TCP/IP architecture. These identities are identified by protocols running on the appropriate layers of the given architecture. PPPoE and SLAAC protocols were chosen as protocols that are used for network layer address assignments. The second type of protocol is the application protocol SMTP. We analysed communication using the chosen protocols in order to create metadata about the corresponding communication. The results of the analysis are finite state machines. Based on these finite state machines, software for legal interception was designed and implemented. Implemented software was tested on samples of data, in a specialized laboratory, and in a production network.
|
|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
guest ::
