|
|
Content of Communication Interception Probe
Zima, Štefan ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis is focused on creation of tool for intercepting content of network communication. It discusses the legal issue of surveillance and techniques for acceleration of processing incoming traffic in the Linux operating system. The aim of this thesis are implementation techniques using PF_RING library. The application implementation in language C is then tested on commodity hardware using the traffic generator.
|
|
|
Identity Detection in TCP/IP Architecture
Holkovič, Martin ; Matoušek, Petr (referee) ; Polčák, Libor (advisor)
This work deals with detection of users within computer networks on different layers of the TCP/IP architecture. These identities are identified by protocols running on the appropriate layers of the given architecture. PPPoE and SLAAC protocols were chosen as protocols that are used for network layer address assignments. The second type of protocol is the application protocol SMTP. We analysed communication using the chosen protocols in order to create metadata about the corresponding communication. The results of the analysis are finite state machines. Based on these finite state machines, software for legal interception was designed and implemented. Implemented software was tested on samples of data, in a specialized laboratory, and in a production network.
|
|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
|
|
Correlation of Inbound and Outbound Traffic of Tor Network
Coufal, Zdeněk ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
Communication in public networks based on the IP protocol is not really anonymous because it is possible to determine the source and destination IP address of each packet. Users who want to be anonymous are forced to use anonymization networks, such as Tor. In case such a user is target of lawful interception, it presents a problem for those systems because they only see that the user communicated with anonymization network and have a suspicion that the data stream at the output of anonymization network belong to the same user. The aim of this master thesis was to design a correlation method to determine the dependence of the data stream at the input and the output of the Tor network. The proposed method analysis network traffic and compares characteristics of data streams extracted from metadata, such as time of occurence and the size of packets. This method specializes in correlating data flows of protocol HTTP, specifically web server responses. It was tested on real data from the Tor network and successfully recognized dependency of data flows.
|
|
|
HTTP-Request-Based Identification
Jeleň, Jakub ; Pluskal, Jan (referee) ; Polčák, Libor (advisor)
This bachelor thesis deals with the identification using HTTP requests in network traffic. It explains principles of HTTP communications and identification. Additionally the application design is created, which identifies web browser and then this application is implemented. The application is designed as a separate module which can be integrated into projects Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace. Then are executed experiments with that tool to verify the functionality and utility of this tool.
|
|
|
Extended Functionality of Honeypots
Soóky, Peter ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
Bakalářska práce pod názvem Rozšířené funkce honeypotů je zaměřena na vývoj bezpečnostních systémů určitých typů nazvaných honeypoty. Po představení principů technik honeypotů se zabýva s výhodami ich používaní v porovnaní s inými bezpečnostními systémy. Následne popisuje rozdelení typů honeypotu a ich charakteristiky. Další část je věnován obeznámení nástrojů CONPOT a GLASTOPF. Cílem práce je navrhnút a implementovat rozšíření těchto nástrojů zaměrem ich vylepšení. Součástí popisů jednotlivých rozšíření je představení a analýza problému, implementace a testování navrhnutých rozšíření. Použití rozšíření poskytují užívatelům těchto honeypotů zvýšenú bezpečnost a širší okruh využití. V závěre jsou popsány možnosti dalšího rozšíření.
|
|
|
Detection and Analysis of P2P Network BitTorrent Sync
Kutlák, Martin ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
Bachelor's thesis is focused on issues with detection of the P2P network BitTorrent Sync in network traffic. In the theoretical part of this work is introduced architecture of the P2P networks, BitTorrent Sync protocol and possible methods for P2P network detection. On the base of this knowledge is designed tool for detection of BitTorrent Sync network traffic. In the practical part of this thesis is presented implementation of the whole monitoring system. In the end of practical part are presented results of conducted tests with monitoring system.
|
|
|
SDN Controlled According to User Identity
Holkovič, Martin ; Ryšavý, Ondřej (referee) ; Polčák, Libor (advisor)
The aim of this work is to connect dynamic identity management system developed under the project Sec6Net with a control of SDN network. The controller Pyretic is used for network control, which allows application development by using the match-action rules. Interface between the identity management system and controller Pyretic is designed and implemented in both systems. To prove the concept, selected use cases related to security, routing and accounting are created. The use cases are implemented as applications for Pyretic controller. All programs were tested in networking laboratory according to the possibilities. The main contribution of this work is to simplify and improve the management of computer networks while providing new capabilities to administrators of these networks and ultimately their users.
|
|
|
Identities in Tunelled Networks and during Network Address Translation
Šeptun, Michal ; Marek, Marcel (referee) ; Polčák, Libor (advisor)
This thesis introduces the design and implementation of the extension of the system for lawful interception. The system is developed as a part of the Sec6Net project at FIT BUT and provides a platform for research activities in determining identities in computer networks. Parts which has the task of monitoring changes in a user's identity will be extended, so that the system is able to determine the identity even in the tunneled and translated networks. It describes the problems encountered during implementation and their solutions. There are described mechanisms for tunneling networks, mainly virtual private networks and transition mechanisms for IPv6, IP addresses and NAT variants. In the end the tests of the individual modules are described.
|
|
|
Lawful Interception in Software Defined Networks
Franková, Barbora ; Ryšavý, Ondřej (referee) ; Polčák, Libor (advisor)
This thesis covers utilization of software defined networks for lawful interception purposes. Based on specific implementation of lawful interception system SLIS developed by Sec6Net group, suggests improvements aiming at more precise identification of intercepted users and better effectivity of system resources. First aim is achieved by implementation of a new module for dynamic identification component while the other one alters configuration mechanism for probes and OpenFlow switches.
|
guest ::
