|
|
Client Tools for Accessing DNS Registry
Škorvaga, Vojtěch ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
This document describes the work solving the extension of a set of registration utilities for registering domains in application Fred (free registry for enum and domains). I added library and programs written in Java and C language that enable communication between central register and clients via XML protocol EPP (RFC 5730) and SSL/STL layer. I used libxml2 library for processing XML and OpenSSL library for processing SSL/STL in C language. In Java I created system of automated creation XML files form XML schema. System is based on ANTLR. This work was solved in cooperation with CZ.NIC (domain registrators).
|
|
|
Middleware for HW/SW Co-Design
Hons, Petr ; Husár, Adam (referee) ; Masařík, Karel (advisor)
This thesis deals with design and implementation of new version of Middleware server and communication library. New version uses design pattern Reactor to handle multiple requests from different sources. Thesis describes platform-independent solution of logging, executing and controlling processes, storage of filesystem paths and design of plugin architecture to enhance server flexibility. Communication library described in this thesis allows network communication using XML protocol, SSL encryption using OpenSSL library and encapsulation of messages from users. This library is used by other projects, which communicates with Middleware server. There was created an implementation according to design. Implementation was tested by Lissom team and is now used actively.
|
|
|
Cluster Solution for HA OpenVPN
Dokoupil, Jiří ; Kašpárek, Tomáš (referee) ; Halfar, Patrik (advisor)
The aim of this bachelor's thesis is to analyze the possibilities for running the OpenVPN daemon in a cluster and to implement such a solution. At first, the thesis analyzes current technologies and possible approaches to this matter. Next there's one possible solution described more and implemented. In the end there are results being analyzed, mostly by describing the tests, that took place with the implemented solution.
|
|
|
Comparison of Cryptographic Libraries in Linux Environment
Bartoš, Milan ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
Bachelor's thesis deals with the comparison of the three cryptographic libraries used in the Linux environment. These are GnuTLS/nettle, NSS and OpenSSL. These are compared in terms of support for basic cryptographic functionality (symmetric and asymmetric ciphers, hash algorithms, SSL/TLS), working with hardware tokens and SSL/TLS. Libraries are also compared in terms of API design with a focus on stability and work with certificates and the possibility of more independent use of the library in a single process.
|
|
|
Cryptography Acceleration Using GPU
Potěšil, Josef ; Čejka, Rudolf (referee) ; Lampa, Petr (advisor)
The reader will be familiar with selected concepts of cryptography consited in this work. AES algorithm was selected in conjunction with the description of architecture and software for programming graphic cards (CUDA, OpenCL), in order to create its GPU-accelerated version. This thesis tries to map APIs for communication with crypto-coprocessors, which exist in kernels of Linux/BSD operating systems (CryptoAPI, OCF). It examines this support in the cross-platform OpenSSL library. Subsequently, the work discusses the implementation details, achieved results and integration with OpenSSL library. The conclusion suggests how the developed application could be used and briefly suggests its usage directly by the operating system kernel.
|
|
|
Anonymous communication on the internet
Hořejš, Jan ; Babnič, Patrik (referee) ; Rosenberg, Martin (advisor)
The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.
|
|
|
Digital certificates and certificate authorities
Lepa, Ondřej ; Hajný, Jan (referee) ; Člupek, Vlastimil (advisor)
This diploma thesis deals with certification and certification authorities, certification path PKI and principles of its validation and security. Also deals with structure of certificate itself and possible misuse of included information. Moreover, possibility of misues of third party certificates and proclamation of untrusted certificate to client's system.
|
|
|
Design of security infrastructure for electronic archive
Doležel, Radek ; Lattenberg, Ivo (referee) ; Zeman, Václav (advisor)
This master's thesis deals with design of security infrastructure for electronic archive. In theoretical part is disscus about technical resources which are based on security services and protocols and methods which are used for protection. On basics of theoretical part is designed model of security infrastructure and it is built in laboratory. Model of security infrastructure is based on Open Source Software and as safety storages for private user authentication data are used cryptographic USB tokens. This master's thesis includes design and construction of real infrastructure of secured electronic archive. In each part of master's thesis is put main emphases on security and clear explanation from the beginning of desing of model of security infrastructure for electronic archive to finish of construction.
|
|
|
Lab of public key infrastructure
Slavík, Petr ; Lambertová, Petra (referee) ; Burda, Karel (advisor)
The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
|
|
|
Network infrastructure attacks and their mitigation using an IPS/IDS Snort
Olexa, Martin ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This paper gives an insight to detection and prevention systems regarding a network infrastructure. First part of the paper concentrates on key concepts in an information systems security and describes examples of attacks with tools used to mitigate them. A broader description is reserved for IDS/IPS systems with a focus on the Snort software. Second part of the paper analysis a sample attack abusing a vulnerable version of the OpenSSL library. This attack is used to describe a process of getting the necessary information, creating a Snort rule and testing the fixed vulnerability. Aim of this paper is to provide a manual and theoretical background regarding implementing an IDS/IPS solution in a computer network through an example attack.
|
guest ::
