|
|
Readiness of Anonymous Credentials for Real Environment Deployment
Casanova-Marqués, Raúl ; Dzurenda, Petr
Attribute-based Credentials (ABCs) are a promising technology for protecting users' privacy and digital identity. We can use ABCs in a multitude of contexts. For instance, we can prove the validity of transportation tickets, demonstrate the legal age, prove the health status, or prove access rights in the company environment. All of this, we can do without disclosing complete personal identity. Nevertheless, ABCs generally require computational power that some wearable devices cannot cope with. In this paper, we present our implementation of a privacy-enhancing authentication system based on ABCs technology. The system is suitable for deployment in real-world scenarios and uses a wide range of differently powerful user devices (e.g., smart cards, smartphones, and wearables). Based on our implementation results, we also discuss the implementations aspects of ABCs, their readiness, and usability in real-world applications.
|
|
|
Access Control System Using Multi-factor Authentication
Cvrček, Tadeáš ; Dzurenda, Petr
A secure user authentication process is a key prerequisite for ensuring the security of the entire electronic system. On the other hand, current systems usually deploy many constrained devices with limited computational power, memory space and cryptographic support. This makes it hard to deploy secure cryptographic mechanisms in this environment. In this article, we present our multifactor authentication system using a reader with a secure module represented with MultOS smart card and an Android smart phone acting as a user authentication device. The system supports NFC (Near Field Communication) communication interface for intermediating communication between smart phone and reader, supports additional authentication factors (e.g. PIN code or fingerprint) and is easily implementable even on very constrained devices such as smart cards.
|
|
|
Secure deployment and testing of oVirt platform
Vágner, Vojtěch ; Martinásek, Zdeněk (referee) ; Dzurenda, Petr (advisor)
Virtualizační platforma oVirt nabízí široké spektrum možných konfigurací. Avšak žádná z~těchto konfigurací není bezpečnou bez předchozího zásahu v kontextu slepého nasazení platformy. Bezpečné konfigurace jsou definovány bezpečnostními standardy, se kterými je daná konfigurace v souladu. Jelikož oVirt je komunitní projekt, není lehké tento typ softwaru certifikovat v oblasti bezpečnostních standardů. Certifikace v oblasti bezpečnostních standardů je drahou záležitostí. Naštěstí, oVirt sdílí stejný základ s produktem Red~Hat~Virtualization, vůči kterému jsou určité bezpečnostní standardy aplikovatelné (FIPS 140-2, DISA STIG, Common Criteria). Most mezi Red~Hat~Virtualization a oVirt dává možnost bezpečných konfigurací i pro oVirt. Záměr této práce je následně určit, které konfigurace jsou podporovány danými standardy, tedy bezpečné, a jak ověřit, že jsou přítomné v dané nasazené platformě. To je realizováno pomocí skriptu ve formě Ansible Playbook, který zahrnuje Ansible Role. Každá role v rámci skriptu obhospodařuje evaluaci shody pro daný bezpečnostní standard.
|
|
|
Copyright protection of electronic documents
Zachoval, Tadeáš ; Dzurenda, Petr (referee) ; Člupek, Vlastimil (advisor)
The bachelor thesis is focused on the copyright protection of electronic documents. The thesis consists of a theoretical part and a practical part. The theoretical part describes the electronic document and various types of files that can be encountered while working on a computer and consider them as electronic documents. The fundamental part of the theoretical part is the analysis of various copyright protection methods for electronic documents. In the practical part was created a Python application based on mentioned analysis. The application implements selected methods of copyright protection.
|
|
|
Hiding and obfuscation of malware to avoid antivirus detection
Rybár, Matej ; Dzurenda, Petr (referee) ; Casanova-Marqués, Raúl (advisor)
Počas hodnotenia bezpečnosti je pomerne nezvyčajné, aby bol niekto presvedčený, že antivírusový softvér neposkytuje úplnú bezpečnosť. Keď penetračný tester narazí na antivírusový softvér, sú chvíle, kedy musí konať rýchlo. Z týchto a iných dôvodov boli vyvinuté rôzne spôsoby obchádzania antivírusového softvéru. Niektoré z týchto prístupov obsfukácie majú za cieľ uniknúť statickej analýze úpravou a manipuláciou s formátom Portable Executable, čo je štandardizovaný formát spustiteľného súboru Windows. Niekoľko typov malvéru mení formát súboru PE, aby sa zabránilo statickej detekcii antivírusu. Táto práca sa zaoberá formátom súborov PE, detekciou malvéru a statickou detekciou obfukačných techník. Výsledkom tejto práce je scantime crypter Persesutor, ktorý zašifruje vstupný súbor a následne po spustení zašifrovaný súbor dešifruje a načítá v pamäti.
|
|
|
Web application of attribute-based authentication system
Klampár, Roman ; Malina, Lukáš (referee) ; Dzurenda, Petr (advisor)
This bachelor thesis deals with the creation of web applications for the issuer and verifier entities of an Attribute-Based Credentials system Adopsio. The web applications were implemented using the microframework Flask, the Vue.js framework, and the PostgreSQL database. The issuer application allows the creation of new digital certificates containing signed attributes. The second application is the verifier entity, for which a graphical user interface is created to manage the authentication script.
|
|
|
Advanced Filtering of Digital Evidence
Chudáček, Ondřej ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
This thesis focuses on the implementation of advanced filtering of digital evidence stored on an open source cloud storage NextCloud. The contents of the thesis are law analysis regarding the storage of digital evidence in NextCloud, design of NextCloud, homomorphic encryption and its possible usages, attribute based searchable encryption and its usages and implementation of a simple stand-alone filtration client. Experts on digital evidence were asked about the choice of filtration criteria as a part of the thesis. The key feature of the thesis is a description of implementation of filtration inside NextCloud which has been extended to contain five new filtration criteria. The result has been submitted to performance and functional tests.
|
|
| |
|
|
Anonymous certificates for user authentication
Hlinka, Jan ; Malina, Lukáš (referee) ; Dzurenda, Petr (advisor)
Topic of this thesis is privacy protection when using anonymous certificate authentication. Today’s most common case of oversharing private data is proving Covid vaccination or Covid test results. This thesis describes and implements system that is using anonymous certficates. The system solves mentioned issues of current CovidPass authentication methods. The implementation is done on the Android platform in case of the user application and verifier application is run on Raspberry PI, which works as an access terminal.
|
|
|
Modern Privacy-Preserving Cryptography Protocols
Hlučková, Pavla ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
This thesis examines the intersection of two modern and growing branches of cryptography, namely privacy enhancing technologies and post-quantum cryptography. It describes selected privacy enhancing schemes (PETs) and families of post-quantum cryptography. In more detail, it focuses on group signatures based on mathematical problems that are difficult or intractable for both conventional and quantum computers. Furthermore, the thesis surveys the state of the art and compares the efficiency of mentioned schemes based on available data. The main part of this thesis is an implementation of a hash-based group signature and its comparison with lattice-based and code-based group signature implementations which were obtained directly from cryptographers active in this field. The post-quantum group signatures are subsequently compared to classic group signature schemes implemented by using the libgroupsig library.
|
guest ::
