|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
|
|
Identification of Useful Data for Lawful Interception
Holomek, Tomáš ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the identification of useful data in lawful interception. First part summarizes the standards related to computer networks and lawful intercepts. Next part of the project focuses mainly on the HTTP application protocol, which is described in version 1.1. The work also specifies the classes into which the data traffic can be divided according to the importance to law enforcement agency. It introduces several methods of distribution of data streams into the proposed classes. Finally, the implementation of this methods has been tested for usability in network lines used today.
|
|
|
Acceleration of Network Traffic Encryption
Koranda, Karel ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with the design of hardware unit used for acceleration of the process of securing network traffic within Lawful Interception System developed as a part of Sec6Net project. First aim of the thesis is the analysis of available security mechanisms commonly used for securing network traffic. Based on this analysis, SSH protocol is chosen as the most suitable mechanism for the target system. Next, the thesis aims at introduction of possible variations of acceleration unit for SSH protocol. In addition, the thesis presents a detailed design description and implementation of the unit variation based on AES-GCM algorithm, which provides confidentiality, integrity and authentication of transmitted data. The implemented acceleration unit reaches maximum throughput of 2,4 Gbps.
|
|
|
Identity Detection in TCP/IP Architecture
Holkovič, Martin ; Matoušek, Petr (referee) ; Polčák, Libor (advisor)
This work deals with detection of users within computer networks on different layers of the TCP/IP architecture. These identities are identified by protocols running on the appropriate layers of the given architecture. PPPoE and SLAAC protocols were chosen as protocols that are used for network layer address assignments. The second type of protocol is the application protocol SMTP. We analysed communication using the chosen protocols in order to create metadata about the corresponding communication. The results of the analysis are finite state machines. Based on these finite state machines, software for legal interception was designed and implemented. Implemented software was tested on samples of data, in a specialized laboratory, and in a production network.
|
|
|
Identities in Tunelled Networks and during Network Address Translation
Šeptun, Michal ; Marek, Marcel (referee) ; Polčák, Libor (advisor)
This thesis introduces the design and implementation of the extension of the system for lawful interception. The system is developed as a part of the Sec6Net project at FIT BUT and provides a platform for research activities in determining identities in computer networks. Parts which has the task of monitoring changes in a user's identity will be extended, so that the system is able to determine the identity even in the tunneled and translated networks. It describes the problems encountered during implementation and their solutions. There are described mechanisms for tunneling networks, mainly virtual private networks and transition mechanisms for IPv6, IP addresses and NAT variants. In the end the tests of the individual modules are described.
|
|
|
Lawful Interception: Identity Detection
Polčák, Libor ; Baggili, Ibrahim (referee) ; Hudec,, Ladislav (referee) ; James, Joshua I. (referee) ; Švéda, Miroslav (advisor)
Komunikace předávaná skrze Internet zahrnuje komunikaci mezi pachateli těžké trestné činnosti. Státní zástupci schvalují cílené zákonné odposlechy zaměřené na podezřelé z páchání trestné činnosti. Zákonné odposlechy se v počítačových sítích potýkají s mnoha překážkami. Identifikátory obsažené v každém paketu jsou koncovým stanicím přidělovány po omezenou dobu, nebo si je koncové stanice dokonce samy generují a automaticky mění. Tato dizertační práce se zabývá identifikačními metodami v počítačových sítích se zaměřením na metody kompatibilní se zákonnými odposlechy. Zkoumané metody musejí okamžitě detekovat použití nového identifikátoru spadajícího pod některý z odposlechů. Systém pro zákonné odposlechy následně nastaví sondy pro odposlech komunikace. Tato práce se převážně zabývá dvěma zdroji identifikačních informací: sledováním mechanismu pro objevování sousedů a detekcí identity počítače na základě přesností měření času jednotlivých počítačů. V rámci dizertačního výzkumu vznikly grafy identit, které umožňují spojování identit s ohledem na znění povolení k odposlechu. Výsledky výzkumu je možné aplikovat v rámci zákonných odposlechů, síťové forenzní analýzy i ve vysokoúrovňových programově řízených sítích.
|
|
|
Lawful Interception in Software Defined Networks
Franková, Barbora ; Ryšavý, Ondřej (referee) ; Polčák, Libor (advisor)
This thesis covers utilization of software defined networks for lawful interception purposes. Based on specific implementation of lawful interception system SLIS developed by Sec6Net group, suggests improvements aiming at more precise identification of intercepted users and better effectivity of system resources. First aim is achieved by implementation of a new module for dynamic identification component while the other one alters configuration mechanism for probes and OpenFlow switches.
|
|
|
Portation of Lawful Interception System to the Microprobe
Dražil, Jan ; Korček, Pavol (referee) ; Viktorin, Jan (advisor)
The Microprobe is an embedded device for intercepting of network communication. It is a part of the Sec6Net Lawful Intercept System (SLIS). It would be useful to run the Microprobe as a~standalone device. Without it, the microprobe requires connection to SLIS infrastructure which is a~prerequisite to run the Microprobe. The goal of this thesis is to describe ways how to transfer SLIS to the Microprobe architecture.
|
|
|
Creating Metadata during Interception of Instant Messaging Communication
Bárta, Stanislav ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
This thesis deals with the lawful interception of instant messaging communication and meta-information construction (IRI reports) during an interception. This thesis deals with XMPP, IRC, and OSCAR protocols. Format of messages has been described for each protocol. An application that is able to create IRI messages has been developed and tested in proposed testbed. The work also deals with possible problems that may happen during interceptions.
|
|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
guest ::
