|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
|
|
Lawful Interception: Identity Detection
Polčák, Libor ; Baggili, Ibrahim (referee) ; Hudec,, Ladislav (referee) ; James, Joshua I. (referee) ; Švéda, Miroslav (advisor)
Komunikace předávaná skrze Internet zahrnuje komunikaci mezi pachateli těžké trestné činnosti. Státní zástupci schvalují cílené zákonné odposlechy zaměřené na podezřelé z páchání trestné činnosti. Zákonné odposlechy se v počítačových sítích potýkají s mnoha překážkami. Identifikátory obsažené v každém paketu jsou koncovým stanicím přidělovány po omezenou dobu, nebo si je koncové stanice dokonce samy generují a automaticky mění. Tato dizertační práce se zabývá identifikačními metodami v počítačových sítích se zaměřením na metody kompatibilní se zákonnými odposlechy. Zkoumané metody musejí okamžitě detekovat použití nového identifikátoru spadajícího pod některý z odposlechů. Systém pro zákonné odposlechy následně nastaví sondy pro odposlech komunikace. Tato práce se převážně zabývá dvěma zdroji identifikačních informací: sledováním mechanismu pro objevování sousedů a detekcí identity počítače na základě přesností měření času jednotlivých počítačů. V rámci dizertačního výzkumu vznikly grafy identit, které umožňují spojování identit s ohledem na znění povolení k odposlechu. Výsledky výzkumu je možné aplikovat v rámci zákonných odposlechů, síťové forenzní analýzy i ve vysokoúrovňových programově řízených sítích.
|
|
|
Advanced Tools for Legal Interception on Network Probe
Vrána, Roman ; Polčák, Libor (referee) ; Bartoš, Václav (advisor)
This thesis describes design and implementation of one of the parts of lawful interception system for intercepting network traffic. Designed system will be used for processing traffic with at maximum throughput of 100 Gbps. Resulting system will use hardware acceleration with Software Defined Monitoring (SDM) features. Software itself is designed to be able to process as many netwrok frames as possible even without hardware acceleration.
|
|
|
Portation of Lawful Interception System to the Microprobe
Dražil, Jan ; Korček, Pavol (referee) ; Viktorin, Jan (advisor)
The Microprobe is an embedded device for intercepting of network communication. It is a part of the Sec6Net Lawful Intercept System (SLIS). It would be useful to run the Microprobe as a~standalone device. Without it, the microprobe requires connection to SLIS infrastructure which is a~prerequisite to run the Microprobe. The goal of this thesis is to describe ways how to transfer SLIS to the Microprobe architecture.
|
|
|
Creating Metadata during Interception of Instant Messaging Communication
Bárta, Stanislav ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the lawful interception of instant messaging communication and meta-information construction (IRI reports) during an interception. This thesis deals with XMPP, IRC, and OSCAR protocols. Format of messages has been described for each protocol. An application that is able to create IRI messages has been developed and tested in proposed testbed. The work also deals with possible problems that may happen during interceptions.
|
|
|
Fake Data in Computer Networks
Hranický, Radek ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis describes basic principles of lawful interception systems in computer networks and it contains an analysis of various methods of their deception. It also contains a description and implementation of two software tools. The first one is designed to demonstrate an attack on the lawful interception system. The goal is to deceive the system by hiding a transmitted message in a noise, in order to make the law enforcement agency interpret a fake message as the real one. The purpose of the second tool is to obtain the original message from data captured by the interception system.
|
|
|
Fast Recognition of Application Protocol
Adámek, Michal ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis focuses on methods for fast recognition of application protocols. Fast recognition is recognition with minimal delay from the time of capturing the first data packet sent from the source node. This thesis describes possible techniques and methods for recognition of application protocols and basic information and description of reference system for lawful interception in computer networks. Furthermore, the thesis describes analysis, design and implementation phase of a tool for fast recognition of application protocols. The conclusion of this thesis describes the results of tests performed by the tool and shows its limitations and possible extensions.
|
|
|
Identification of Useful Data for Lawful Interception
Holomek, Tomáš ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the identification of useful data in lawful interception. First part summarizes the standards related to computer networks and lawful intercepts. Next part of the project focuses mainly on the HTTP application protocol, which is described in version 1.1. The work also specifies the classes into which the data traffic can be divided according to the importance to law enforcement agency. It introduces several methods of distribution of data streams into the proposed classes. Finally, the implementation of this methods has been tested for usability in network lines used today.
|
|
|
Acceleration of Network Traffic Encryption
Koranda, Karel ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with the design of hardware unit used for acceleration of the process of securing network traffic within Lawful Interception System developed as a part of Sec6Net project. First aim of the thesis is the analysis of available security mechanisms commonly used for securing network traffic. Based on this analysis, SSH protocol is chosen as the most suitable mechanism for the target system. Next, the thesis aims at introduction of possible variations of acceleration unit for SSH protocol. In addition, the thesis presents a detailed design description and implementation of the unit variation based on AES-GCM algorithm, which provides confidentiality, integrity and authentication of transmitted data. The implemented acceleration unit reaches maximum throughput of 2,4 Gbps.
|
|
|
Identity Detection in TCP/IP Architecture
Holkovič, Martin ; Matoušek, Petr (referee) ; Polčák, Libor (advisor)
This work deals with detection of users within computer networks on different layers of the TCP/IP architecture. These identities are identified by protocols running on the appropriate layers of the given architecture. PPPoE and SLAAC protocols were chosen as protocols that are used for network layer address assignments. The second type of protocol is the application protocol SMTP. We analysed communication using the chosen protocols in order to create metadata about the corresponding communication. The results of the analysis are finite state machines. Based on these finite state machines, software for legal interception was designed and implemented. Implemented software was tested on samples of data, in a specialized laboratory, and in a production network.
|
guest ::
