|
|
Long term signature implementation
Vrábel, Tomáš ; Dostálek, Libor (advisor) ; Beneš, Antonín (referee)
Today there exist two standards for electronic sigatures. None of them is discussing validity of signature in long period of time. This problem is solved by CAdES standard, described in ETSI TS 101 733 or RFC 5126. Presenty there is no satisfying implementation of CAdES standard. The aim of this diploma work is to analyse and implement CAdES standard using open-source library OpenSSL. The work begins with introduction of PKI standards and problem of electronic signatures. The work continues with analyses of CAdES standard and analyses of the implementation of CAdES standard. Finally, this work is describing the implementation of standard CAdES using OpenSSL library and also possiblities of further development. A part of the implementation is a command line utility that allows users to create and verify long term signatures according to CAdES standard easily. The implementation was created with respect to possibility of extending current OpenSSL distribution.
|
|
|
Cipher framework
Bureš, Filip ; Lukeš, Dan (advisor) ; Beneš, Antonín (referee)
The aim of this bachelor thesis is to create a scripting language and a program (language interpreter), which on basis of these scripts encrypts and decrypts texts. The program is as independent on a concrete operating system as possible. The programming language used to create this program is C (C++ if necessary). The thesis is primarily aimed to substitution and transposition ciphers, the computational difficulty of which does not eliminate practical use of the interpreter for their implementation. Part of the program is the possibility, that users can create their own libraries of functions, which could be used for writing scripts. One of the assumed uses of this system is its use as a basic instructional material for elementary and/or popularizing seminars about encrypting. The interpreter makes it possible to observe the processing of the chosen script and the values of variables (debugging tool). User and programmer documentation (incl. formal language syntax description) is included.
|
|
|
Centralized management of user access rights in large organizations with heterogeneous structure
Balada, Jakub ; Vohnoutová, Marta (advisor) ; Beneš, Antonín (referee)
Each platform, a database, a group of applications etc. have its own management, its own user list and list of user rights, its own security policy and so on. The administration is demanding, application control and data access make demands both on system administrators, data owners, and common users. This situation is not suitable even for a general security policy of an organization. That is why the Identity and Access Management is implemented. The Identity Management solves a central user management including their user roles. User accounts as well as other user information in subordinate systems and applications are created, modified and deleted exclusively through the Identity Management. On the other hand, the Access Management is the single source of information about user access rights for systems and applications. This diploma thesis describes in detail a system of hierarchy of user access rights, a way, particular user access rights are approved, and a way of their activations. The solution described, is a part of a real large project made for a big state authority.
|
|
|
Methods and possibilities of anonymous communication
Tomisová, Martina ; Beneš, Antonín (advisor) ; Novotný, Miroslav (referee)
The thesis discusses communication methods which provide anonymity to their participants. Basic concepts such as the concept of anonymity are explained in the first part of the thesis. Well known and practically used communication methods and their evaluation techniques are described together with suggestions of a few new methods. The thesis covers both methods that can be called as almost purely theoretical, which can be hardly implemented in the real world, and methods that are widely used in the today's networks. Each method is firstly explained and then evaluated from various aspects of security with regards to the confidentiality of the identity of the users to its practicality and feasibility. Both the possibilities of the attackers and the victims are examined. Last parts of the thesis is devoted to the techniques of evaluation of the communication methods. This problem is nontrivial since the methods differ from each other quite much and hence it is hard to find metrics that would match them all. Such a general metric is not invented in the thesis, at least not a computationally simple one. The conclusion of the thesis attempts to summarize the possibilities and limits of anonymous communication and its evaluation.
|
|
|
Long term signature implementation
Vrábel, Tomáš ; Beneš, Antonín (referee) ; Dostálek, Libor (advisor)
Today there exist two standards for electronic sigatures. None of them is discussing validity of signature in long period of time. This problem is solved by CAdES standard, described in ETSI TS 101 733 or RFC 5126. Presenty there is no satisfying implementation of CAdES standard. The aim of this diploma work is to analyse and implement CAdES standard using open-source library OpenSSL. The work begins with introduction of PKI standards and problem of electronic signatures. The work continues with analyses of CAdES standard and analyses of the implementation of CAdES standard. Finally, this work is describing the implementation of standard CAdES using OpenSSL library and also possiblities of further development. A part of the implementation is a command line utility that allows users to create and verify long term signatures according to CAdES standard easily. The implementation was created with respect to possibility of extending current OpenSSL distribution.
|
|
|
SPAM wars
Sabolčák, Peter ; Lukeš, Dan (referee) ; Beneš, Antonín (advisor)
The system of electronic mail is currently a target of a massive abuse by sending of unsolicited messages, called a SPAM. The extent of the attacks brings the whole electronic mail system to the very limits of usability. A broad range of various techniques to mitigate SPAM was created within several last years. However, every technique is later successfully adapted by SPAM senders. The goal of the diploma thesis is to perform analysis of currently available techniques of SPAM mitigation and to assess their e ectiveness and reasons of failure. Utilizing the gained knowledge the author should design and practically realize a new method of SPAM mitigation based on the idea of rising the price of sending of an unsolicited email. A practical test of the realized method should be a part of the work.
|
|
|
Cryptographical support of SAP application server
Fabian, Vitězslav ; Děcký, Martin (referee) ; Beneš, Antonín (advisor)
SAP application server uses external library to provide requiered cryptographical functions. Those libraries are called through standard GSS-API interface. Main result of this work is practical implementation of specific library that supports above mentioned interface. This is done by C language written dynamic library implementation that supports standard GSS-API v.2 interface. For authentisation X.509 certificate was chosen and for coded cryptographic operations OpenSSL library was chosen. Library and all of its components is portable and open source.
|
|
|
Centralized management of user access rights in large organizations with heterogeneous structure
Balada, Jakub ; Vohnoutová, Marta (advisor) ; Beneš, Antonín (referee)
Each platform, a database, a group of applications etc. have its own management, its own user list and list of user rights, its own security policy and so on. The administration is demanding, application control and data access make demands both on system administrators, data owners, and common users. This situation is not suitable even for a general security policy of an organization. That is why the Identity and Access Management is implemented. The Identity Management solves a central user management including their user roles. User accounts as well as other user information in subordinate systems and applications are created, modified and deleted exclusively through the Identity Management. On the other hand, the Access Management is the single source of information about user access rights for systems and applications. This diploma thesis describes in detail a system of hierarchy of user access rights, a way, particular user access rights are approved, and a way of their activations. The solution described, is a part of a real large project made for a big state authority.
|
|
|
Methods and possibilities of anonymous communication
Tomisová, Martina ; Novotný, Miroslav (referee) ; Beneš, Antonín (advisor)
The thesis discusses communication methods which provide anonymity to their participants. Basic concepts such as the concept of anonymity are explained in the first part of the thesis. Well known and practically used communication methods and their evaluation techniques are described together with suggestions of a few new methods. The thesis covers both methods that can be called as almost purely theoretical, which can be hardly implemented in the real world, and methods that are widely used in the today's networks. Each method is firstly explained and then evaluated from various aspects of security with regards to the confidentiality of the identity of the users to its practicality and feasibility. Both the possibilities of the attackers and the victims are examined. Last parts of the thesis is devoted to the techniques of evaluation of the communication methods. This problem is nontrivial since the methods differ from each other quite much and hence it is hard to find metrics that would match them all. Such a general metric is not invented in the thesis, at least not a computationally simple one. The conclusion of the thesis attempts to summarize the possibilities and limits of anonymous communication and its evaluation.
|
|
|
Cipher framework
Bureš, Filip ; Beneš, Antonín (referee) ; Lukeš, Dan (advisor)
The aim of this bachelor thesis is to create a scripting language and a program (language interpreter), which on basis of these scripts encrypts and decrypts texts. The program is as independent on a concrete operating system as possible. The programming language used to create this program is C (C++ if necessary). The thesis is primarily aimed to substitution and transposition ciphers, the computational difficulty of which does not eliminate practical use of the interpreter for their implementation. Part of the program is the possibility, that users can create their own libraries of functions, which could be used for writing scripts. One of the assumed uses of this system is its use as a basic instructional material for elementary and/or popularizing seminars about encrypting. The interpreter makes it possible to observe the processing of the chosen script and the values of variables (debugging tool). User and programmer documentation (incl. formal language syntax description) is included.
|
guest ::
RSS feed.