Program konference SPI 2009
Jednacím jazykem byla angličtina, po dobu konference byl zabezpečen simultánní překlad.
|5 May 2009|
|Partner of the day: Monet+, a.s.|
|9:00||11:10||Dobromir Todorov: Security for Unified Communications
BT Global Services, United Kingdom
||Anne-Marie Eklund Löwinder: DNSSEC the .SE way: Overview, deployment and lessons learned|
The Internet Infrastructure Foundation (.SE), Sweden
for IDET exhibition visit - assembly point is before Morava hall
(second red building on the left side of exhibition centre)|
|14:00||16:00||IDET exhibition visit (facultative - information will be given in Czech)|
ATS-Telcom Praha, ICZ, LAVET, Rohde&Schwarz, TTC Telekomunikace
|16:20||18:30||Richard Clayton: Searching for evil, and what we find|
University of Cambridge, United Kingdom
|19:00||22:30||Welcome Reception in Moravian Banking-house of Wine (Partner centrum-vinný sklep, Hlinky 106, Brno)|
Oracle Czech, s.r.o.
|6 May 2009|
|Partner of the day: GiTy a.s.|
Roman Sekanina, Milan Daněk: Building CIRC Capability in the Czech Army|
Risto Vaarandi: Security Event Processing with SEC|
Republic of Estonia
Lorenz Müller: A system to Assure Authentication and Transaction Security|
David Perry: Protection Against Network Attacks|
Trend Micro, USA
Carlos Javier Hernandez-Castro, Arturo Ribagorda Garnacho: Video CAPTCHAs|
Carlos III University, Spain
Theodore Tryfonas, Paula Thomas: Integrating Competitor Intelligence Capability within the Software Development Lifecycle|
University of Bristol and University of Glamorgan, United Kingdom
Martin Ondráček, Ondřej Ševeček: Security Analysis of the New Microsoft MAC Solution|
SODATSW, Gopas, Czech Republic
Ivan Svoboda: Risk-Based Adaptive Authentication|
RSA, Czech Republic
Petr Růžička: Solving (not only) L2 Security Problems|
CISCO SYSTEMS, Czech Republic
Petr Svojanovský, Jitka Kreslíková, Luděk Novák: Process Improvement Towards Information Security|
Brno University of technology, ANECT, Czech Republic
Ladislav Slíva: Fortifying Wireless Networks|
T-Systems, Czech Republic
Jitka Polatová: Low-level approach to information security|
SODATSW spol. s r.o. - partner presentation|
ČD - Telematika a.s. - partner presentation|
T-Systems Czech Republic a.s. - partner presentation|
Trend Micro - partner presentation|
RSA - partner presentation|
Cisco Systems (Czech Republic) s.r.o. - partner presentation|
AutoCont CZ a.s. - partner presentation|
COMGUARD a.s. - partner presentation|
ForeFront Knowledge quiz, Microsoft - partner presentation|
ATS-TELCOM PRAHA a.s. - partner presentation|
SODATSW spol. s r.o.
|7 May 2009|
|Partner of the day: McAfee|
||Petr Švenda: Cryptographic Protocols in Wireless Sensor Networks|
Masaryk University, Czech Republic
||Pavel Čeleda, Martin Rehák, Vojtěch Krmíček, Karel Bartoš: Flow Based Security Awareness Framework for High-Speed Network|
Masaryk University, Technical University in Prague, Czech Republic
Jan Vykopal, Tomáš Plesník, Pavel Minařík: Validation of the Network-based Dictionary Attack Detection|
Masaryk University, Czech Republic
Pavel Tůma: DNSSEC in the Czech Republic|
CZ.NIC, Czech Republic
||Jaroslav Kadlec, Radek Kuchta, Radimír Vrba: Measuring of the Time Consumption of the WLAN's Security Functions|
Brno University of Technology, Czech Republic
Masaryk University, Czech Republic
David Jaroš, Radek Kuchta, Radimír Vrba: Possibility to Apply a Position Information as Part of a User's Authentication|
Brno University of Technology, Czech Republic
Daniel Joščák: Hash Function Design. Overview of the Basic Components in SHA-3 Competition|
Charles University, Czech Republic
Daniel Kouřil, Michal Procházka: Experiments with the Massive PKI Deployment and Usage|
Masaryk University, Czech Republic
Název příspěvku: The Death of the Pattern File - Safe in the Cloud
Bio: David Perry is the Global Director of Education for Trend Micro, a computer antivirus software company. He represents Trend Micro at industry, government, customer and reseller events worldwide.
He is a leading authority on computer virus prevention with more than 25 years in the technical support and education field. He has appeared at numerous industry trade shows, been featured on hundreds of television and radio broadcasts and in print media interviews, and is well recognized in the antivirus industry. He is one of the most quoted experts in the field of computer viruses, malware and security education.
He has worked in the field since 1991, and in the computer industry since 1979. He has been a top rated industry speaker at events like RSA, EICAR, AVAR and has even spoken in the White House. Perry was also on hand in Washington D.C. at the end of 1999 during the Y2K vigilance, providing his services as a computer virus expert for the President's Task Force on Y2K Issues.
Stručný obsah: The world of malicious code has changed beyond all recognition. From it's early days, when amateurs and students produced as few a five new viruses per month, we now arrive at a situation where virtual factories produce as many as fifty thousand new unique samples of malware per day. Add to this an almost universal criminal intent, growing concerns of cyber warfare and almost universal internet connectivity and you have a very bad situation.
We have responded to this with a large arsenal of new strategies and technologies. Moving much of the protection back end and part of the front end into the internet cloud, promises a way to keep the end user and the enterprise safer, faster, and (this is quite important) to stop the growth in solution size that threatens so much productivity.
How will this happen? Join David Perry from Trend Micro for a tour of the threat, a view of the solution, and some very uncommon philosophies that will protect you starting right now.
Název příspěvku: Security for Unified Communications
Bio: Dobromir Todorov is a Unified Communications Architect at BT Global Services and has 15 years of IT experience. His areas of interest include UC, IT Security, and Internetworking. Dobromir holds a Master's degree in Computer Engineering, Microsoft MCSE, Cisco CCIE, and (ISC)2 CISSP; he is also one of the subject matter experts that created the CompTIA Security+ exam. He has authored two books on Operating Systems and Security. His recent book entitled Mechanics of User Identification and Authentication provides a deep dive into the technical and security aspects of identity management. Dobromir is a regular speaker at the RSA Security Conference, and other international events. He lives with his family near Reading, UK.
Obsah jeho poslední knihy: http://www.iamechanics.com/Resources-ToC.html
Stručný obsah: Unified Communications is the new paradigm of IT promising to go much beyond just e-mail, voice, instant messaging and presence and allow users, organisations and applications to communicate seamlessly. On the flipside, security needs to balance and protect personal and organisational assets. The session expands on how well positioned we are to do that today and what more we need tomorrow. The session includes overview of Identification and Authentication in the UC world, presence and Instant Messaging protection, signalling and media path security, audio and video communications security.
|Anne-Marie Eklund Lowinder
Název příspěvku: DNSSEC the .SE way: Overview, deployment and lessons learned
CV: Quality & Security Manager responsible for the security, stability and robustness of the implementation, planning and long-term strategic management of the Swedish ccTLD, .se. Specialist running projects such as DNSSEC and other security efforts aiming at developing and advancing the security of the Internet infrastructure in Sweden. Member of the boards of the Swedish ISOC Chapter, ISOC-SE, and the Swedish Network Users' Society, SNUS.
Stručný obsah: DNS Security Extensions (DNSSEC) is a more secure way of doing look-ups of Internet addresses for e.g. web and e-mail. In contrast to the usual domain name system (DNS), look-ups with DNSSEC are signed cryptographically, which makes it possible to ensure that they originate from the right nameserver and that the content has not been altered or tampered with during transmission. .SE-DNSSEC is a supplemental service to .SE's domain name service. The objective of the service is for the domain name registrant to be able to secure his/her domains with DNSSEC. .SE started the deployment 2005, and we've learned a lot during the time.
Název příspěvku: A system to assure authentication and transaction security
Bio: Dr. Lorenz Müller is Chief Technology Officer of AXSionics AG in Switzerland. AXSionics builds an authentication and transaction security system for the Internet. Lorenz Müller is one of the founders of the company and he cares about the security architecture and the intellectual property of AXSionics.
Lorenz Müller began his career as a mathematician and physicist at the University of Bern and at CERN where he achieved his PhD in high energy physics in 1983. He continued his high energy physics research at the Stanford University in the SLC collaboration and later at the CERN in the UA2 collaboration. In 1990 he entered as research fellow the Ascom Tech AG, a Swiss IT company. Shortly after he joined the institute for applied mathematics and computer science of the University of Berne. He became the group leader of the Neuroinformatics research group.
At the University of Berne he also started some personal interest work in the domain of cryptography, computer security and biometrics. In 1998 he was appointed as the head of research of the department of technology at the University of Applied Science Berne. Besides the management part of this position he continued together with his colleague, Dr. Marcel Jacomet, to develop secure communication models for the Internet communication. Several patents, prices and awards resulted out of this work and in 2003 the company AXSionics was founded. Lorenz Müller led the startup company as chairman through the first two financing rounds and joined the company then as Chief Technology Officer.
Stručný obsah: The security of transactions over the Internet is jeopardized by new kind of sophisticated criminal attacks mainly focusing on the local computer system of the end user (Man-in-the-middle, Man-In-The-Browser, Malicious Software). The authentication of the end user alone is no more sufficient to protect E-business transactions. Attackers are able to modify the content of messages before they are protected by SSL/TLS security measures. Today a user can never be sure that the information he or she sees on the own computer screen is indeed the information sent to or received from the business partner. To achieve a secure communication channel between two business partners mutual authentication of the principals, authenticity, secrecy, integrity and freshness of the exchanged messages and to some extend provability of the content is necessary. At least for the crucial business arrangements future E-Commerce relations will need such secure communication opportunities. A secure channel can only be established using fully trusted infrastructure at both endpoints.
The AXS-Authentication System is a realisation of such a trusted infrastructure that allows partners to exchange short confirmation messages over open networks and unprotected local computers. In contrary to the so called Trusted Computing approach the AXS-AS does not try to secure the local computer but establishes a secure channel through this computer into a trusted dedicated device, the AXS-Card. The AXS-Card acts like a digital notary between the E-business operator and the client. It allows the secure authentication of both partners and the confirmation of transaction data.
Název příspěvku: Searching for evil, and what we find
CV: Dr Richard Clayton ran the team that developed one of the earliest Internet access packages for Windows. In 1995 his company was bought by Demon Internet, then the largest UK ISP and he worked for Demon until 2000. He then went back to the University of Cambridge and obtained a PhD on "Anonymity and Traceability in Cyberspace". Since then he stayed on as an academic; his recent work being a series of papers that study the econometrics of phishing.
He was one of the authors of "Security Economics and the Internal Market", the ENISA-commissioned report that was published in January 2008. This sets out a series of recommendations for the EU and member states on information security issues. It is based on the principles of "security economics" -- a powerful way of thinking about security, which is more concerned with the economic incentives of participants than in specifying particular hardware or software solutions.
Stručný obsah: Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools. I will describe one thread of research that draws together techniques from fields as diverse as signals intelligence and sociology in searching for artificial communities.
Online evildoers divide roughly into two categories -- those who don't want their websites to be found, such as those who go "phishing" (building fake websites to steal financial credentials), and those who welcome being listed by search engines. The latter category runs from fake auction escrow sites through dodgy ecommerce stores to post-modern Ponzi schemes. A few of them buy adverts, but many set up fake communities in the hope of having victims driven to their sites for free. How can these reputation thieves be detected?
I will describe what we are learning about these different types of criminals and the
extent to which they are being dealt with, or in many cases, completely overlooked.
Název příspěvku: Cryptographic Protocols in Wireless Sensor Networks
Bio: Petr Švenda graduated from Faculty of Informatics at Masaryk University in Brno (2004) and is finishing now his doctoral studies here (2009). His research interests fall within the broader area of IT security, especially security of cryptographic smart cards, design of protocols for wireless sensor networks (PhD thesis) and the protection of information privacy. He was on a research internship in 2008/2009 at Technische Universitat Dresden with work focused on creation of secure storage for network logs generated by anonymity service with respect to the EU Data Retention directive. He has a longstanding involvement in projects of National Security Authority in the field of cryptographic smart card security. He provided consultation and software development for academical, government and industrial organizations in ČR and abroad.
He is the co-author of the books "From Problem to Solution: Wireless Sensor Networks Security" (Nova Science Publishers, 2008) and "Evoluční hardware: Od automatického generování patentovatelných invencí k sebemodifikujícím se strojům" (Academia, 2009) and author of more than 10 articles published in peer-reviewed journals and international conferences. He participated in several grant projects including EU projects like Privacy and Identity Management for Community Services (PICOS) project (7th EU Framework Programme) and Future of Identity in the Information Society (FIDIS) NoE (6th EU Framework Programme).
He works as a research assistant at Department of Computer Systems and Communication of Faculty of Informatics at Masaryk University in Brno and participates in teaching of courses oriented on practical computer security and cryptography.
Stručný obsah: The talk will introduce the technology of wireless sensor networks with a special focus on its security issues. This relatively young technology started to evolve together with the advance in miniaturization of electronic devices, decreasing costs and general spread of wireless communication. Data sensed by the miniature devices in a target area (e.g., temperature, pressure, movement) are locally processed and then transmitted to end user who obtains the possibility to continuously monitor target environment. The usage of the technology starts from medical monitoring of the patients over agriculture and industrial monitoring or early warning emergency systems, ending with uses for military purposes as well - that is where the technology originally started.
The goal of the talk will be not only to show the principles of a basic technology and range of an open security questions originating from the differences of new technology with respect to classical networks, but also convince the audience about the necessity to implement security techniques early in the design stage with security level adequate to the intended network usage. We will cover the issue of design of a key distribution and establishment protocols secure against the partial network compromise in more details, possibility for its automated generation for particular scenario based on evolutionary algorithms. Opposite direction will be covered as well - automated search for attacker's strategies with applications to secure routing and key capture attacks.