|
|
Secure and Usable Password Manager
Haderka, Martin ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
Login credentials are an indivisible part of internet users. Credentials are a mechanism that provides proof of an authorised person and, at the same time, prevents personal data abuse by unknown users. The number of passwords that a user has to remember has increased significantly in recent years. There are tools (password managers) available that simplify this problem and are easily accessible. However, the adoption of password managers is still weak. The goal of this thesis is to identify problems that affect the usability of password managers and attempt to offer a solution to these problems. The analysis also includes an inspection of security and usability vulnerabilities that current password managers suffer from. In the last part, an example of password manager is designed and implemented, which provides important functions and should be accessible and easy to use by all Internet users.
|
|
|
Databáze vysílání Československé televize
Fiala, Vojtěch ; Firc, Anton (oponent) ; Rozman, Jaroslav (vedoucí práce)
Tato práce se zabývá vytvořením databáze vysílání Československé televize za pomoci technologie optického rozpoznávání znaků. Cílem práce je vytvořit databázi, která bude přístupná skrze jednoduché webové rozhraní, ve kterém bude možné prohlížet jednotlivé pořady, jejich popisy a mezi pořady vyhledávat. Vyhledávání bude možné i podle osob, co se na pořadech podílely. Jako systém optického rozpoznávání znaků byl použit Tesseract, získané pořady byly nahrány do SQLite databáze a pro webové rozhraní byl použit Flask. Jako zdrojové materiály byly použity naskenované strany Týdeníku Československé televize a zpracovány byly roky 1966 až 1992. Výsledky práce umožňují uživatelům nahlédnout do historie vysílání televize v Československu a mohou sloužit například pro účely historiků.
|
|
|
Pokyny pro bezpečné programování- React
Solich, Filip ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
Tato práce se zabývá psaním bezpečných aplikací v JavaScriptové knihovně React. Cílem této práce je vytvořit příručku pro programátory, aby s její pomocí byli schopni detekovat části webových aplikací, které mohou být zneužité k útoku na aplikaci. Je zde popsáno jak a na co je třeba si pří psaní webových aplikací dát pozor, jaké jsou nejlepší praktiky programování v knihovně React, díky kterým se programátor dokáže vyhnout bezpečnostním chybám v kódu aplikace a jak případné chyby opravit. Jsou zde popsány i samotné druhy útoků a jak mohou útoky na zranitelnou aplikaci probíhat. Znalost průběhu útoku pomůže programátorovi lépe přemýšlet o slabých článcích aplikace a tím také odhalit bezpečnostní problém v aplikaci dříve než útočník.
|
|
|
Detekce podvodných výstupních uzlů sítě Tor
Firc, Anton ; Zobal, Lukáš (oponent) ; Polčák, Libor (vedoucí práce)
Hlavným cieľom tejto bakalárskej práce je štúdium a implementácia systému pre detekciu podvodných výstupných uzlov siete Tor. Práca obsahuje informácie o už existujúcich riešeniach pre detekciu podvodných výstupných uzlov a techniky použité na detekciu podvodných výstupných uzlov. Ďalej sa práca zaoberá návrhom systému pre detekciu podvodných výstupných uzlov narúšajúcich šifrovanú HTTPS komunikáciu pri prístupe na akúkoľvek z celosvetovo najnavštevovanejších stránok na Internete. Popisuje spôsob implementácie a testovania navrhnutého detekčného nástroja. Takisto sa zaoberá detekciou podvodných výstupných uzlov za použitia implementovaného nástroja a popisuje incident pri ktorom bol odhalený a reportovaný podvodný výstupný uzol.
|
|
|
Applicability of Deepfakes in the Field of Cyber Security
Firc, Anton ; Homoliak, Ivan (oponent) ; Malinka, Kamil (vedoucí práce)
Deepfake technology is still on the rise, many techniques and tools for deepfake creation are being developed and publicly released. These techniques are being used for both illicit and legitimate purposes. The illicit usage yields the need for development and continuous improvement of detection tools and techniques as well as educating broad public about the dangers this technology presents. One of the unexplored areas of the illicit usage is using deepfakes to spoof voice authentication. There are mixed opinions on feasibility of deepfake powered attacks on voice biometrics systems providing the voice authentication, and minimal scientific evidence. The aim of this work is to research the current state of readiness of voice biometrics systems to face deepfakes. The executed experiments show that the voice biometrics systems are vulnerable to deepfake powered attacks. As almost all of the publicly available models and tools are tailored to synthesize the English language, one might think that using a different language might mitigate the mentioned vulnerabilities, but as shown in this work, synthesizing speech in any language is not that complicated. Finally measures to mitigate the threats posed by deepfakes are proposed, like using text-dependent verification because it proved to be more resilient against deepfakes.
|
|
|
User Location Interpretation Based on Location Data
Ligocká, Alexandra ; Hynek, Jiří (oponent) ; Firc, Anton (vedoucí práce)
The topic of this thesis is to investigate the problem of processing user location data with the aim of mining semantically interesting places. Geolocation data represents great potential for advertising systems, recommending regional news, reaching users for targeted advertising, suggesting popular locations, location-based suggestions, and much more. This work explores key principles in geolocation data acquisition, processing and interpretation. The thesis further investigates the feasibility and challenges involved in extracting a user's home and work location from raw GPS data collected from GPS-enabled devices. Additionally, it explains the need for semantic enrichment of users' locations. The main challenges discussed include identification of stops from GPS traces, identifying locations with a higher level of significance for users, extracting visited places and their semantic enrichment and interpretation using current map bases.
|
|
|
Testing the Robustness of a Voice Biometrics System against Deepfakes
Reš, Jakub ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
Topic of this paper is a methodology of testing the robustness of a voice biometric system against deepfakes. The main problem currently lies in insufficient coverage of testing against the presentation attack using deepfakes in ISO/IEC standards. The aim of this thesis is to cover the hole, resulting from emergence of deepfake technology, by proposing an extended methodology, based on the existing one, that focuses on fixing the issue. The solution of proposed problem started by studying the state of the art for deepfakes and standard practices of biometric system testing. Second, I proposed and documented a method of testing the voice biometric system. The test was designed as a scenario, where the Phonexia voice biometric system is used as a remote verification tool for the voice-as-a-password use-case. For the purpose of demonstration, the online publicly available dataset was used. On top of test design, I set a non-standard metric for the test evaluation to show possibilities of focus on different kinds of deepfakes. After carrying out tests and evaluating results, I formulated the procedure into a generic repeatable methodology, containing practices and recommendations. The contribution of this work lies in incorporating deepfakes into the existing standard methodologies of testing a biometric systems, hence forming and demonstrating a repeatable methodology.
|
|
|
Security Implications of Deepfakes in Face Authentication
Šalko, Milan ; Goldmann, Tomáš (oponent) ; Firc, Anton (vedoucí práce)
Deepfakes, media generated by deep learning that are indistinguishable to humans from real ones, have experienced a huge boom in recent years. Several dozen papers have already been written about their ability to fool people. Equally, if not more, serious, may be the problem of the extent to which facial and voice recognition systems are vulnerable to them. The misuse of deepfakes against automated facial recognition systems can threaten many areas of our lives, such as finances and access to buildings. This topic is essentially an unexplored problem. This thesis aims to investigate the technical feasibility of an attack on facial recognition. The experiments described in the thesis show that this attack is not only feasible but moreover, the attacker does not need many resources for the attack. The scope of this problem is also described in the work. The conclusion also describes some proposed solutions to this problem, which may not be difficult to implement at all.
|
|
|
Secure Coding Guidelines for PHP
Holý, Tomáš ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
With the wide range of web applications and services available today, web security has become one of the most important aspects of modern web development. Attackers from all around the world are constantly looking for security vulnerabilities to exploit, and it is up to the web developers to protect their applications from these attacks. Failing to do so can lead to service disruptions, source code leaks, or data breaches that compromise user data. The goal of this thesis is to provide an introduction to web security and a set of programming guidelines every PHP developer should be familiar with to provide a minimum acceptable level of security. This thesis covers modern security standards, tools and practices, as well as the most common security vulnerabilities and how to prevent them. The outcome of this thesis is a free educational web application offering secure coding guidelines for PHP, available at php.tomasholy.dev.
|
|
|
Resilience of Biometric Authentication of Voice Assistants against Deepfakes
Šandor, Oskar ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
With the rise of deepfake technology, imitating the voice of strangers has become a lot easier. It is no longer necessary to have a professional impersonator to imitate the voice of a person to possibly deceive a human or machine. Attackers only need a few recordings of a person's voice, regardless of the content, to create a voice clone using online or open-source tools. In that case, he or she can create recordings with content that the person may have never said. These recordings can be misused, for example, for unauthorized use of voice-assistant devices. The aim of this work is to determine whether voice assistants can recognize synthetized recordings (deepfakes). Experiments conducted in this thesis show that deepfakes created in a matter of minutes can spoof speaker recognition in voice assistants and can be used to carry out several attacks.
|
host ::
RSS.