Conference Program

General partner of the conference: S.ICZ a.s.

1st June 2017

Partner of the day: GREYCORTEX s.r.o.
08.0009.00Registration
09.0009.05Opening Ceremony
09.0509.45Steven Furnell (Plymouth University, United Kingdom)
Build it and they will come? Questioning our provision of security technologies
09.4510.20Edgar R. Weippl (Vienna University of Technology, Austria)
Empirical in information security: peering, net Neutrality and Privacy
10.2010.55Gergely Biczók (CrySyS Lab, Hungary)
Games of Cyber-Warfare
10.5511.15Coffee Break
11.1511.45Marián Novotný (ESET, Slovakia)
Analysis and detection of Shadow Brokers exploits
11.4512.15Radim Polčák (Masaryk University, Czech Republic)
The Battle is Lost, Now Let Us Go and Fight: The Unresolvable Paradoxes of the Law of Cyber-Defence
12.1512.40Tesleem Fagade, Theo Tryfonas (University of Bristol, United Kingdom)
Malicious Insider Threat Detection: A Conceptual Model
12.4013.00Radek Hranický, Lukáš Zobal, Vojtěch Večeřa, Petr Matoušek (Brno University of Technology, Czech Republic)
Distributed Password Cracking in a Hybrid Environment
Partner of the lunch: AUROTON COMPUTER, spol. s r.o.
13.0014.00Lunch
Visit the brewery for foreign participants. Afternoon part of the program will be in Czech
19.0022.30Coctail Party v/in Moravská Banka vín/Moravian Bank of Wine (víno/vine Makudera, Prušánky) Partner of Coctail Party: HILLSTONE Networks, Ltd.

 

2nd June 2017

Partner of the day: FLOWMON NETWORKS a.s.
08.4509.05Jakub Kothánek, Jaroslav Kothánek (Západočeská univerzita v Plzni)
Forenzní zkoumání počítačů a mobilních telefonů (presentation in Czech)
09.0509.25Pavol Sokol, Dalibor Choma, Tomáš Bartoš (Pavol Jozef Šafárik University in Košice, Slovak Republic)
Data honeypotu jako digitální důkaz (presentation in Slovak and English)
09.2509.50Radim Ošťádal (Masaryk University, Czech Republic)
Red/Blue team exercises: preparation and lessons learned
09.5010.10Kálmán Hadarics, Krisztina Győrffy, Bálint Nagy, László Bognár, Anthony Arrott, Ferenc Leitold)
Mathematical Model of Distributed Vulnerability Assessment
10.1010.30Daniel Peters, Patrick Scholz, Jan Nordholz, Florian Thiel, Jean-Pierre Seifert (Physikalisch-Technische Bundesanstalt, Germany)
Software Security Frameworks and Rules for Measuring Instruments under Legal Control
10.3011.00Pavel Minařík (Flowmon)
Network Security Monitoring Using Flow Data
11.0011.10Coffee Break
11.1011.40Stanislav Špaček, Pavel Čeleda, Martin Drašar, Martin Vizváry (Masaryk University, Czech Republic)
Analyzing an Off-the-Shelf Surveillance Software: Hacking Team Case Study
11.4012.00Libor Dostálek (University of South Bohemia, Czech Republic)
Comparison of authentication mechanisms for mobile devices
12.0012.20Marián Svetlík (Forensic Science Institute, Czech Republic)
Evidental Weight of Collected Data in Case of an Incident
12.2012.40Michal Dvořák, Martin Drahanský (Brno University of Technology, Czech Republic)
Security of Hand Geometry
12.4013.00Zdeněk Martinásek, Jan Hajný, Lukáš Malina, Denis Matoušek (Brno University of Technology, Czech Republic)
Hardware-Accelerated Encryption with Strong Authentication
13.0014.00Farewell Banquet (beer – Pivovar Starobrno) Partner of Farewell Banquet: I3 Consultants, s.r.o.

 

Steven Furnell

Steven Furnell

Bio

Steven Furnell is a professor of information systems security and leads the Centre for Security, Communications & Network Research at Plymouth University. He is also an Adjunct Professor with Edith Cowan University in Western Australia and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His research interests include usability of security and privacy technologies, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 270 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005).

Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and is a member of related working groups on security management, security education, and human aspects of security. He is also a board member of the Institute of Information Security Professionals, and chairs the academic partnership committee and southwest branch. Further details can be found at www.plymouth.ac.uk/cscan, with a variety of security podcasts also available via www.cscan.org/podcasts. Steve can also be followed on Twitter (@smfurnell).

Web page: http://cscan.org/?page=staffprofile&id=1

 

Build it and they will come? Questioning our provision of security technologies

While organisations often provide (and indeed invest in) security technologies, they can frequently find that there does not appear to be a commensurate reduction in related incidents. However, the reason for this is often unrelated to the effectiveness of the technology itself, but rather the fact that it depends upon people in some way.

This presentation considers the challenge of bridging the gap between simply providing technologies, and actually having solutions that are used effectively. Some of the challenges relate to ensuring sufficient the clarity around how to use the technology, whereas others are more related to user satisfaction with the resulting experience. The discussion will draw upon a number of user-facing examples, with a particular focus upon authentication technologies, which are amongst the most frequently encountered aspects of security form the user perspective.

Edgar Weippl

Edgar Weippl

Bio

Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is Research Director of SBA Research and associate professor (Privatdozent) at the Vienna University of Technology and teaches at several universities of applied sciences (Fachhochschulen). His research focuses on applied concepts of IT-security; he is on the editorial board of Elsevier's Computers & Security journal (COSE), general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.

After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded together with A Min Tjoa and Markus Klemen the research center SBA Research.

Web page: https://www.sba-research.org/

 

Empirical in Information Security: Peering, Net Neutrality and Privacy

Over the last years, there is an increasing number of descriptive works observing and describing complex phenomena, e.g., the efficiency of different spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. These studies are characterized by large sets of samples.

Future research will focus on networks and cloud systems; the research methodology will be empirical systems security: (1) passively observing large systems and (2) active probing that stimulates revealing behavior of the systems. The research contribution lies in observing, describing and inferring the behavior of complex systems that cannot be directly observed and have a large impact on users.

In this presentation we will look at how we can measure whether ISPs implement peering, if they adhere to net neutrality and we will also look at aspects of privacy.

Gergely Biczó

Gergely Biczó

Bio

Gergely Biczók is an assistant professor at the Laboratory of Cryptography and System Security (CrySyS Lab) at the Budapest University of Technology and Economics. He obtained his PhD from the same university in 2010. He was a postdoctoral researcher at both the Future Internet Research Group of the Hungarian Academy of Sciences and the Norwegian University of Science and Technology. Also, he was a Fulbright visiting scholar to Northwestern University and a research fellow at Ericsson Research. His current research focuses on the economic aspects of networked systems including security and privacy with application areas ranging from cyberwar through social networks to connected vehicles. He currently holds a János Bolyai Research Scholarship from the Hungarian Academy of Sciences and represents Hungary in the IFIP Technical Committee 11 (security and privacy).

Presentation: Games of Cyber-Warfare

Involvement of nation-states in cyber-warfare has been gaining notoriety in recent years as evidenced by two developments. First, mainstream media has been reporting about cyber attacks of visible stature such as the Stuxnet incident in Iran, the hacking of the Ukrainian power grid or the much-publicized interference with the US presidential elections. Second, recognizing the powerful capabilities as well as the grave danger of weapon-grade cyber-attacks, major military organizations of nation-states and alliances are devising and implementing strategic plans for cyber-security and cyber-warfare. Given both its potential impact on national security and its high visibility, cyber-warfare has been a much researched topic in the (military) policy literature. Surprisingly, this is not the case from the techno-economic modeling standpoint.

In this presentation, we develop a simple game-theoretical model allowing for a joint analysis of both cyber-war (defence vs. attack) decisions as well as the investment decisions of nation-states. Capturing the unique characteristics of cyber vulnerabilities, we show how the incentives can create a Prisoner's Dilemma situation where the equilibrium is cyber-war. We also show how competition over the same pool of zero-day vulnerabilities may further inflame investment in cyber-war. We discuss the implications our analysis and present directions for future research on this topic.

Marián Novotný

Marián Novotný

Bio

Marian Novotny received his PhD in Computer Science from Faculty of Sciences of Pavol Jozef Šafárik University in Košice. In his PhD thesis he focused on design and analysis of security protocols. He is currently working as a specialized software engineer at ESET, where he is responsible for design, analysis and implementation of network intrusion detection systems. These detection systems are integrated in ESET products under names Network Attack Protection, Botnet Protection, Home Network Protection.

Analysis and detection of Shadow Brokers exploits

A group of hackers named Shadow Brokers leaked alleged U.S. National Security Agency exploits on Good Friday, April, 2017. The exploits abused the vulnerabilities in implementation of Server Massage Protocol (SMB) protocol in main versions of MS Windows OS. The most famous exploit called EternalBlue provides reliable kernel mode remote code execution in the SMB service without the need of authentication. Microsoft patched the vulnerabilities in March 2017 in the cumulative security update: MS 2017-10. However, Windows XP - still used by millions of users worldwide – had remained unpatched. Therefore, it brings the opportunities to cybercriminals to use the exploits for spreading malware. On Friday, May 12, 2017, a ransomware attack known as WannaCry began to spread across the globe at unprecedented scale and speed.

In the lecture we will explain the particular exploits along with their components and related vulnerabilities focusing on EternalBlue. We will show the network communication during the exploitation and we will discuss the possibilities of detection of the exploits on network level. We will try to explain in more details how WannaCry ransomware spread worldwide.

Radim Polčák

Radim Polčák

Bio

Radim Polcak is the head of the Institute of Law and Technology at the Law Faculty at Masaryk University. He teaches and publishes in cyberlaw and legal philosophy at Masaryk University and lectures as a guest at law schools in the EU and U.S. Radim is the general chair of the Cyberspace annual international congress; editor-in-chief of the Masaryk University Journal of Law and Technology; head of the Editorial Board of the Review of Law and Technology (Revue pro právo a technologie) and a member of the editorial boards and governing bodies of ICT-law focused scientific journals and international conferences around the EU. He is a founding fellow of the European Law Institute, a founding fellow of the European Academy of Law and ICT, a panellist at the .eu ADR arbitration court and a member of various governmental, security and scientific expert and advisory bodies and project consortia around the EU and Australia. Radim authored or co-authored over 150 scientific papers, books and articles namely on topics related to cyberlaw and legal philosophy.

The Battle is Lost, Now Let Us Go and Fight: The Unresolvable Paradoxes of the Law of Cyber-Defence

One of fundamental aspects of the rule of law is that the state is entitled to take only actions that are expressly prescribed or allowed by the law. Legal rules that provide state bodies with justified causes of various activities use highly differentiated scale of particularity of respective black-letter provisions. Rules of administrative law that regulate e.g. the issue of building permits are highly particular, while the provisions regulating the acquisition and use of heavy arms are rather of very general nature.

The reason for such difference is mainly to be found in overall conditions under which the respective rules apply in actual practice. Building permits are being issued permanently which means that the state is permanently meddling here with individual rights (e.g. property rights, freedom of will etc.) On the contrary, the mere acquisition of tanks and howitzers meddles with any individual rights only very seldom. Even more seldom are then the situations when the state is authorised to actually use such heavy arms anywhere outside training facilities.

It might look like a paradox, because a howitzer can certainly do much more damage to one’s property than a building permit. However, the scope of situations when the state is authorised to meddle with one’s property with a howitzer, is so limited that the actual risk of disproportionate infringement of rights is here almost none. In result, there exists a direct relation between the strength of measures that are available to the state, the level of particularity of their legal regulation and the scope of situations when they can be used. The more powerful the respective measure is, the more limited are the possibilities of its use and the more general are the formulations of the applicable black-letter rules.

Cyber-defence is by its nature very different. There is, similarly to kinetic defence, a need for extremely powerful measures that would serve the purpose of defending the sovereignty of respective state. However, the mere acquisition and maintenance of such weapons is often inevitably linked with frequent infringements of individual rights that must happen in no relation to any actual threat. In other words, the acquisition of measures of cyber-defence requires infringements of rights comparable as to their scale to the use of a howitzer and as to their frequency to the use of a building permit.

The paper aims to explore the new and ideally unresolvable regulatory paradox of cyber-defence that arises of a combination of factors that have no real match in the current law. The paper uses the analogy with military intelligence to outline possible ways of design and establishment of functional cyber-defence framework while preserving precious and fragile principle of the rule of law, nationally and internationally.

Aneta Coufalíková

Aneta Coufalíková

Bio

Capt. Coufalíková is the Chief of Information support cell at the Ministry of Defence. Her work focuses on security awareness spreading and on increasing of information and communication systems administrators' preparedness to cyber threats and attacks. After graduating with a PhD from the University of Defence in Brno, Aneta joined the CIRC Centre as a system engineer. She authored articles for a journal A Report from 2012 to 2014. She co-operates with the University of Defence and leads lectures on cyber defence for students and also for stuff.

The CIRC Centre – Case study

During our monitoring of communication and information systems, we are confronted with cyber security events and incidents almost on a daily basis. In this presentation, we will take a look at those we are dealing with most frequently. Our experience with solving a ransomware issue will be described more deeply.

Miroslav Bartoň

Miroslav Bartoň

Bio

Capt. Bartoň is the Chief of Digital Forensics cell at the Ministry of Defence. After he had completed Master’s degree at the University of Defence in Brno (Cybernetics and military robotics field of study), he started his professional career at 21st Tactical Air Force Base in Čáslav. He was responsible for the proper running of critical systems, which were used for air navigation. Later, he further developed gained experience with rapid problem analysis and response at CIRC Centre, where he went through several technical posts as a security analyst. Supervising military IP range for a long time, he has awareness of volume and types of everyday internet attacks. Not only simple script kiddies‘ blind attempts but also those more sophisticated and targeted on the Czech MoD. He regularly attends major international NATO cyber security exercises. He also participates in their organization and technical preparation.

Digital forensics and ransomware incidents; current trends in ransomware

Cpt. Bartoň will expand on the lecture of his colleague Capt. Coufalíková by demonstration of dealing with incident: a ransomware infection of a workstation. How can digital forensics help with an identification of attack vector, analysis of ransomware behaviour and recovering of user’s data.