|
|
Cryptographic coprocessors for IoT microcontrollers communication protection
Český, Michal ; Zeman, Václav (referee) ; Slavíček, Karel (advisor)
This bachelor thesis outlines the issue of how communication can be secured within the IoT. The microcontroller itself can also be used for this purpose, however, security will never be assured as it will be when using a hardware cryptographic co-processor. To generate the keys and certificate, the ATECC608B coprocessor is chosen which holds the necessary "secrets" used to secure the communication. As a demonstration of the cryptographic coprocessor functionality, the ESP32 microcontroller is connected to the AWS server where all the connections to the server are established using the cryptographic coprocessor.
|
|
|
Intelligent Energy Measurements for Homeowners' Association Using 5G Networks
Horčička, Patrik ; Možný, Radek (referee) ; Mašek, Pavel (advisor)
Theoretical analysis of IoT communication technologies LPWAN. A more detailed analysis of 5G-IoT technologies in the licensed frequency band, such as NB-IoT and LTE Cat-M. List of supported application protocols for IoT devices (MQTT, CoAP, LwM2M, DLMS/COSEM) with more detailed information about DLMS/COSEM. Quectel UMTS \& LTE EVB kit with BG770A-GL module was used to create the first reference 5G-IoT device. Measuring of radio properties in two locations. Creation of TLS tunnel for communication between Virtual computer and RPI designed for DLMS/COSEM data.
|
|
|
Safe Communication App for Windows Phone
Vícha, Tomáš ; Veľas, Martin (referee) ; Herout, Adam (advisor)
The aim of this thesis is to describe the application development for secure communication between two users. The description begins with the analysis of already existing solutions, continues with the design of the user interface and the determination of requirements. There is also described a selection of suitable technologies and stages of application development together with its testing. The result of this work is an user-friendly application for the Windows Phone platform that performs end-to-end encryption of individual messages.
|
|
|
Detection of Timing Side-Channels in TLS
Koscielniak, Jan ; Malík, Viktor (referee) ; Vojnar, Tomáš (advisor)
Protokol TLS je komplexní a jeho použití je široce rozšířené. Mnoho zařízení používá TLS na ustanovení bezpečné komunikace, vzniká tak potřeba tento protokol důkladně testovat. Tato diplomová práce se zaměřuje na útoky přes časové postranní kanály, které se znovu a znovu objevují jako variace na už známé útoky. Práce si klade za cíl usnadnit korektní odstranění těchto postranních kanálů a předcházet vzniku nových vytvořením automatizovaného frameworku, který pak bude integrován do nástroje tlsfuzzer, a vytvořením testovacích scénářů pro známé útoky postranními kanály. Vytvořené rozšíření využívá program tcpdump pro sběr časových údajů a statistické testy spolu s podpůrnými grafy k rozhodnutí, zda se jedná o možný postranní kanál. Rozšíření bylo zhodnoceno pomocí nových testovacích skriptů a byla předvedena jeho dobrá schopnost rozlišit postranní kanál. Rozšíření spolu s testy je nyní součástí nástroje tlsfuzzer.
|
|
|
Securing IP PBX against attacks and resistance testing
Kakvic, Martin ; Šedý, Jakub (referee) ; Šilhavý, Pavel (advisor)
This diploma thesis focuses on attacks on PBX Asterisk, FreeSWITCH and Yate in LTS versions. In this work was carried out two types of attacks, including an attack DoS and the attack Teardown. These attacks were carried out using two different protocols, SIP and IAX. During the denial of service attack was monitored CPU usage and detected if its possible to establish call and whether if call can be processed. The Security of PBX was build on two levels. As a first level of security there was used linux based firewall netfilter. The second level of security was ensured with protocols TLS and SRTP.
|
|
|
Software support of teaching of cryptography protocols
Marek, Tomáš ; Lambertová, Petra (referee) ; Burda, Karel (advisor)
Document contains informations about authentication, encryption, data integrity and data authenticity. Next part includes description of well know cryptography protocols, their functions and also their weaknesses. All of these acquired informations were used in concept and final software support for teaching of cryptography protocols, which is able to run on clasic web-browser. Thats why the application was designed as web PHP pages using JavaScript and AJAX, which ensures plaform and OS architecture independency. Besides the descripted and ilustrated part of application there are also interactive parts and animations. The last period contains description of education software and its functions. Source code can be found on the appended CD.
|
|
|
Analysis of data transfer security issues at particular OSI model layers
Kňazovický, Pavel ; Růčka, Lukáš (referee) ; Sobotka, Jiří (advisor)
The aim of this Bachelor's thesis is the analysis of secured data transfer protocols. The very first part is dedicated to the short description of the reference model ISO/OSI. The second one is focused to the secured protocols at particular layers of ISO/OSI model, of which SSL/TLS protocol is closely analysed in the third part. The last part is about often used attacks in the area of computer networks and their services and the basic protection against them is also mentioned.
|
|
|
Hardware accelerated data transfer using TLS protocol
Zugárek, Adam ; Pokorný, Jiří (referee) ; Smékal, David (advisor)
This paper describes implementation of the whole cryptographic protocol TLS including control logic and used cryptographic systems. The goal is to implement an application in the FPGA technology, so it could be used in hardware accelerated network card. The reason for this is new supported higher transmission speeds that Ethernet is able to operate on, and the absence of implementation of this protocol on FPGA. In the first half of this paper is described theory of cryptography followed by description of TLS protocol, its development, structure and operating workflow. The second half describes the implementation on the chosen technology that is also described here. It is used already existing solutions of given cryptographic systems for the implementation, or at least their parts that are modified if needed for TLS. It was implemented just several parts of whole protocol, such are RSA, Diffie-Hellman, SHA and part of AES. Based on these implementations and continuing studying in this matter it was made conclusion, that FPGA technology is inappropriate for implementation of TLS protocol and its control logic. Recommendation was also made to use FPGA only for making calculations of given cryptographic systems that are controlled by control logic from software implemented on standard processors.
|
|
|
Safe Cryptography Algorithms
Mahdal, Jakub ; Hanáček, Petr (referee) ; Chmelař, Petr (advisor)
This thesis brings a reader an overview about historical and modern world of cryptographic methods, as well evaluates actual state of cryptographic algorithm progressions, which are used in applications nowadays. The aim of the work describes common symmetric, asymmetric encryption methods, cryptographic hash functions and as well pseudorandom number generators, authentication protocols and protocols for building VPNs. This document also shows the basics of the successful modern cryptanalysis and reveals algorithms that shouldn't be used and which algorithms are vulnerable. The reader will be also recommended an overview of cryptographic algorithms that are expected to stay safe in the future.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
guest ::
