|
|
User verification based on smart-phones
Bělík, David ; Malina, Lukáš (referee) ; Hajný, Jan (advisor)
The main aim of this diploma thesis is to get acquainted with the area of secure authentication and authorization of users in smartphones on the Android platform. Individual types of encoding, authentications, authentication devices and characteristics of QR codes are decribed in the chapters. In the practical part of this thesis the applications are created with an implemented authentication scheme, which is being developed at FEKT VUT in Brno. The client part of the application, that generates QR code, as well as the server part, that verifies the authenticity of the data, are set up.
|
|
|
Using of the attack "Pass the hash attack" for the compromising of high privileged accounts.
Jakab, Vojtěch ; Rosenberg, Martin (referee) ; Babnič, Patrik (advisor)
The master thesis deals with the attack "‘pass the hash"’ on high privileged accounts. Within the theoretical part is discussed creating hashes and its use. Next is a descrip- tion of the authentication in Windows operating system. There are also pointed out weaknesses in the design of authentication mechanisms. The last part deals with the individual attack and security options for mitigating the impacts. In the practical part are tested available tools for retrieving hashes from the files of the operating systems and tools which allow the attack itself. The output of this section is selection of the appropriate tools to demonstrate the attack in a proposed real environ- ment. The last topic is about designing the experimental environment, demostration of the attack with the possibility of getting through the network. The last steps deal with mitigating the impact of the attack.
|
|
|
Group signature schemes
Smrž, Jan ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
Digital signatures are widespread in IT nowadays. In some cases there is emphasized the security of signer identity when signing an electronic message. For this type of signature group digital signatures are suitable. In this thesis basic cryptographic functions are presented which are used for group digital signatures. The principle of group signatures is explained, its advantages and nowadays use. Further are explained electronic election and it dis- and advantages. The practical part is a design and implementation of system suitable for electronic election allowing anonymity of voters using group digital signatures.
|
|
|
Cryptography on Computationally Limited Devices
Hampl, Dalibor ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The thesis focuses on cryptographic algorithms of low performance devices, and mutual authentication of authentication server and user using smart cards. In the first part of this thesis the cryptography, cryptographic primitives, cryptographic goals, security models and cryptographic algorithms of low performance devices are presented. The second part focuses on low performance devices as RFID tags, NFC technology, microcontrollers and smart cards (.NET cards, java cards, MIFARE cards). The practical part deals with the comparison of chosen low performance devices and measure the time required for encryption and decryption using different cryptographic algorithms on Gemalto .NET Smart Card V2+. This thesis describes and explains the three authentication schemes for mutual authentication of remote server and user using smart cards. The new authentication scheme, which is based on the second related scheme, attempts to eliminate possible security attacks and keeps efficiency. For all four authentication schemes the application is implemented to test required time for authentication of server and user using smart cards.
|
|
|
Portal for the support of cryptography instruction
Forman, Tomáš ; Doležel, Radek (referee) ; Zeman, Václav (advisor)
The main goal of this master's thesis is building of web portal for presentation basic cryptography algorithms. Those algorithms would be explained in the theoretical page in the first place. After that, they would be demonstrated by scripts. One part of this project is designing simplified theoretical element for basic impletion portal of information. Next part is creating web portal by one of the free available CMS´s systems. Programming language JAVA would be used as an instrument for creating demonstration scripts. For creating animations will be used the Flash animation tool. Target of formed web portal is creating community of expert public. It would make new articles, scripts and knowledge. This way, the portal would be kept current. The section which would include failure the most widely used algorithms and instructions how to eliminate it will be part of portal.
|
|
|
Software support for cryptography system training based on discrete logarithm
Kříž, Jiří ; Zeman, Václav (referee) ; Burda, Karel (advisor)
Current needs of human communication came to status, when most of transferred messages are considered as private and transition over non-secured communication lines in open form is not possible. That originated a lot of different methods for securing of messages and transfers in ciphered form. Two mainstreams were established, symmetric cryptography and asymmetric cryptography. Second of mentioned groups is based on usage of two information – keys, when one of then is broadly known and is public and second, well protected and private. Using a public key it is possible to establish a cryptogram of message, but for deciphering it is necessary to know private key. Asymmetric methods are based on mathematical problems, for which there is not an effective computing algorithm. This thesis are focused for asymmetric cryptosystems based on discrete logarithm problem, where ciphering of message using public key is very easy and quick, but deciphering without knowledge of private key is extremely time consuming process. Work describes a mathematical base of discrete logarithm problem, its’ properties and methods developed for solving of this problem. Descriptions of particular cryptosystems are given, i.e. ElGamal cryptosystem, Diffie-Hellman protocol and DSA. Second part of thesis is focused for web application developed as study support of discrete logarithm problem and of cryptosystems using this problem. It describes functional and graphical interface, work with it and options given to user working with application. Mentions also lessons for user which should help with understanding of described problems and practicing.
|
|
|
Hash functions and their usage in user authentication
Piller, Igor ; Stančík, Peter (referee) ; Hajný, Jan (advisor)
This thesis concerns with hash functions and their usage in authentication. It presents basics of hash functions theory and construction elements. In particular the thesis focuses on LMHash, MD4, MD5 and SHA family hash functions, which are compared from the security point of view. The thesis describes in general the most frequently used hash function attacks, points out the weaknesses of current construction and mentions the future perspective of hash functions. Furthermore the thesis outlines the area authentication and describes usage of hash functions in the area. Practical part of the thesis contains an implements of a general authentication framework implemented in programming language C#. The result is client and server applications, in which two selected authentication methods were successfully tested. The result implementation is flexible with respect to the possible future use of other authentication methods.
|
|
|
Password deposition techniques in operating systems
Pavlík, Martin ; Růčka, Lukáš (referee) ; Hajný, Jan (advisor)
This master thesis deals with ways to store passwords in current operating systems. Specifically, this work focuses on Windows, Linux, BSD and OS X. These systems are examined for ways of hashing passwords and on resistance of resulting hashes against various attacks. First (theoretical) section describes the procedures and algorithms that are needed for user authentication. This part also describes methods of hash storing. At the end of the theoretical part are generally described some possible attacks against hash functions. In second (practical) part is described and tested tools for obtaining hashes of the investigated operating systems. Subsequently practical attacks were conducted against obtained hashes by using appropriate tools. Furthermore there are presented results of the attacks. In the conclusion of the work there is a comparison of tools and methods which were used to obtain plaintext passwords from operating systems.
|
|
|
Hash functions - characteristics, implementation and collisions
Karásek, Jan ; Sobotka, Jiří (referee) ; Lambertová, Petra (advisor)
Hash functions belong to elements of modern cryptography. Their task is to transfer the data expected on the entry into a unique bite sequence. Hash functions are used in many application areas, such as message integrity verification, information authentication, and are used in cryptographic protocols, to compare data and other applications. The goal of the master’s thesis is to characterize hash functions to describe their basic characteristics and use. Next task was to focus on one hash function, in particular MD5, and describe it properly. That means, to describe its construction, safety and possible attacks on this function. The last task was to implement this function and collisions. The introductory chapters describe the basic definition of hash function, the properties of the function. The chapters mention the methods preventing collisions and the areas were the hash functions are used. Further chapters are focused on the characteristics of various types of hash functions. These types include basic hash functions built on basic bit operations, perfect hash functions and cryptographic hash functions. After concluding the characteristics of hash functions, I devoted to practical matters. The thesis describes the basic appearance and control of the program and its individual functions which are explained theoretically. The following text describes the function MD5, its construction, safety risks and implementation. The last chapter refers to attacks on hash functions and describes the hash function tunneling method, brute force attack and dictionary attack.
|
|
|
Design of user authentication for small and medium networks
Hajný, Jan ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main focus of this Master’s thesis is user authentication and access control in a computer network. I analyze the TCP/IP model in connection with security and describe main stepping stones of authentication protocols (mainly hash functions). The authentication protocol analysis follows. I begin with LANMAN protocol analysis for the reason of a security comparison. The NTLM, Kerberos and Radius follows. The focus is on the Kerberos which is chosen as a main authentication protocol. This is also a reason why the modification used in MS domains is described. The implementation and functional verification is placed in the second part which is more practical. The virtualization technology is used for an easier manipulation. The result is a computer network model requiring user authentication and minimizing the possibility of an attack by unauthorized clients.
|
guest ::
