Conference Program

20 May 2015

Partner of the day: ICZ a.s.
08.0009.00Registration
09.0009.05Opening Ceremony
09.0509.45Yogachandran Rahulamathavan, and Muttukrishnan Rajarajan (City University London, United Kingdom):
A Theoretical Model to Measure the Data Breach Risk in the Cloud
09.4510.15Vlastimil Klíma, Martin Baroš (Cryptelo, Czech Republic):
Data protection in clouds
10.1510.30Martina Hupková, Martin Baroš (Cryptelo, Czech Republic):
Encrypted cloud storage for modern business
10.3010.45Coffee Break
10.4511.25Levente Buttyán (Budapest University of Technology and Economics, Hungary):
Targeted Attacks: Challenges and Possible Solutions
11.2512.05Graham Steel (Cryptosense):
Developing Secure Applications with Crypto APIs
12.0512.45Radim Polčák (Masaryk University, Czech Republic):
Strategic issues in the implementation of European and national legal regulatory framework of cybersecurity
12.4513.10Marco Fratti (Independent consultant):
The Virtual Computer – Means for Securing the Cloud – practical demonstration
13.1013.50Lunch
13.5014.30Václav Bartoš (CESNET, Czech Republic):
Heartbleed Detection at CESNET using Extended Flow Monitoring
14.3015.10Tomáš Košňar (CESNET, Czech Republic):
Comprehensive IP Traffic Monitoring with FTAS System
15.1015.30Jan Pluskal, Petr Matoušek, Ondrej Ryšavý a kol. (Brno University of Technology, Czech Republic):
Netfox Detective: A tool for advanced network forensics analysis
15.3015:45Přestávka na kávu – 1. část souteže o ceny ve znalosti piv a vín
Coffee break – the first part of the competition on price in the knowledge of beers and wines
15.4516.25Marián Novotný (ESET, Slovak Republic):
Implementation vulnerabilities in SSL/TLS
16.2516.55Jakub Čegan, Martin Vizváry (Masaryk University, Czech Republic):
Lessons Learned from KYPO – Cyber Exercise & Research Platform Project
16.5517.25Example of using the cybernetic polygon (KYPO)
17.2517.45Tomáš Hrabovský (AKIS): 
CIS security solutions for Department of Defense
17.4518.00Představení společnosti DATASYS (only in Czech)
18.0018.15Představení společnosti GORDIC (only in Czech)
18.1518.30Přestávka – 2. část souteže o ceny ve znalosti piv a vín
Coffee break ­– the second part of the competition on price in the knowledge of beers and wines
18.4018.55Pěší přesun do Moravské banky vín
Pedestrians move to the Moravian Wine Bank
19.0022.30Coctail Party v/in Moravská Banka vín/Moravian Bank of Wine (víno/wine Makudera, Prušánky)

 

21 May 2015

Partner of the day: SEFIRA spol. s r.o.
08.5509.30Mike Just (Heriot-Watt University, United Kingdom):
Reducing the password burden: Investigating the effectiveness of data-driven authentication on mobile devices
09.3009.50Pavol Sokol, Patrik Pekarčík, Tomáš Bajtoš (Pavol Jozef Šafárik University in Košice, Slovak Republic):
Data collection and data analysis in honeypots and honeynets
09.5010.10Marián Svetlík (Risk Analysis Consultants, Czech Republic):
The Application of Standards and Best Practices in Digital Forensic
10.1010.30Roman Nedzelský (University of Economics Prague, Czech Republic):
Hybrid cloud computing: Security Aspects and Challenges
10.3010.50Tomáš Dragoun (Masaryk University, Czech Republic):
Classification of applications by network behavior
10.5011.05Coffee Break
11.0511.35Tomáš Rosa (Raiffeisenbank Czech Republic):
Coping with the Paradigm Twist in Between Algebraic Cryptology and Stochastic Biometrics
11.3511.55Libor Dostálek (University of South Bohemia, Czech Republic):
Authentication and authorization applications in 4G networks
11.5512.15Lukáš Malina, Petr Dzurenda, Jan Hajný (Brno University of Technology, Czech Republic):
Testing of DDoS Protection
12.1512.35Martin Drahanský, Ondřej Kanich (Brno University of Technology, Czech Republic):
Vulnerabilities of Biometric Systems
12.3512.55Radim Kolář, Lukáš Semerád (Brno University of Technology, Czech Republic):
Bimodal Eye Imaging System for Biometric and Medical Applications
13.0014.00Farewell Banquet (beer Pivovar Starobrno)
Partner of Farewell Banquet: I3 Consultants, s.r.o.

 

Levente Buttyán

Levente Buttyán

Biography

Levente Buttyán received the M.Sc. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 1995, and earned the Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in 2002. In 2003, he joined the Department of Networked Systems and Services at BME, where he currently holds a position as an Associate Professor and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). He has done research on the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). Recently, he has been involved in the analysis of some high profile targeted malware, such as Duqu, Flame (aka sKyWIper), MiniDuke, and TeamSpy. Since then his research has been focused on countermeasures to targeted attacks.

Levente Buttyán has carried out research in various international research projects (e.g., UbiSecSens, SeVeCom, EU-MESH, WSAN4CIP), in which he had task leader and work package leader roles. He published several refereed journal articles and conference/workshop papers. He also co-authored a book on Security and Cooperation in Wireless Networks published by the Cambridge University Press in 2008. Besides research, he has been teaching courses on network and computer security in the MSc program at BME, and gave invited lectures at various places. He is also providing consulting services, and he has co-founded spin-off companies Tresorit, Ukatemi Technologies, IT-SEC Expert, and Avatao.

Targeted attacks: challenges and possible solutions

Information stealing malware has been increasingly used in recent years in targeted cyber espionage activities. We will overview Duqu and Flame as examples, and touch upon several other malware used in similar attacks. The common in these attacks is that they all targeted important organizations, they were able to remain undetected by traditional security mechanisms for years, and they used advanced infection techniques, often exploiting zero-day vulnerabilities in systems. Then, we identify the challenges that these targeted attacks represent for the computer security community, and we give an overview of the research projects that we run in the CrySyS Lab to address those challenges. In particular, we report on our results of testing new anti-APT tools with custom developed samples, we introduce our ROSCO system that provides reputation information on digitally signed objects, such as certificates and executable code, we present our cloud based system to detect compromised hosts, and we also give an overview on our PLC honeypot projects. These are all efforts aiming at improving the detection of ongoing targeted attacks.

Muttukrishnan Rajarajan

Muttukrishnan Rajarajan

Biography

Muttukrishnan Rajarajan is a Professor of Security Engineering at City University London, UK. His research expertise are in the areas of Cloud security, mobile security, intrusion detection and privacy preserving techniques.

He has chaired several international conferences in the area of information security and involved in the editorial boards of several security and network journals. He is also a Visiting Fellow at the British Telecommunications UK and is currently actively engaged in the UK Governments Identity Assurance programme.

He has published well over 200 academic conference and journal papers and is a regular speaker at high profile Data Privacy events. He is a Senior Member of IEEE, Member of ACM and Advisory board member of the Institute of Information Security Professionals UK.

More details can be found at http://www.city.ac.uk/people/academics/muttukrishnan-rajarajan.

How do we Trust the Cloud when we know nothing about it?

Cloud computing has been recognised as an important new paradigm to support small and medium size businesses and general IT applications. The advantages of Cloud computing are multifold including, but not limited to, better use and sharing of IT resources, unlimited scalability and flexibility, high level of automation, reduction of computer and software costs, and access to several services. As a result, the adoption of Cloud computing is spreading in a fast way. However, despite its advantages and rapid growth, Cloud computing brings several security, privacy and trust issues that need immediate action.

Trust is a very important concept for cloud computing given the need for consumers in the cloud to select cost effective, trustworthy, and less risky services. The issue of trust is also important for service providers to decide on the infrastructure provider that can comply with their needs as well as to verify if infrastructure providers continue to maintain their agreements during deployment time of service providers. In this talk we will propose different trust models we have developed over the years with industrial partners in Europe and discuss the Cloud Security Alliances recently identified top 10 securty vulnerabilities in the Cloud and how they map to some real attack vectors in the Cloud.

Mike Just

Mike Just

Biography

Dr. Mike Just is an Associate Professor of Computer Science at Heriot-Watt University (Edinburgh, UK). He earned his PhD from Carleton University in 1999 and worked in both the private and public sectors from 1998 till 2008. In 2003 he designed the Government of Canada's online account recovery solution, used by more than 6 million citizens and businesses. He returned to academia in 2008, working at Edinburgh, Masaryk and Glasgow Caledonian universities, before his move to Heriot-Watt in 2015. He is primarily interested in computer security, and in applying human-computer interaction (HCI) and machine learning (ML) techniques to solve computer security problems. He is currently investigating improved approaches to mobile device security and to network security administration.

You can find more information about Mike at http://www.justmikejust.co.uk.

Reducing the password burden: Investigating the effectiveness of data-driven authentication on mobile devices

Research suggests that two-thirds of people do not lock their smartphones. In addition, nearly half of the people who do lock their devices find the authentication step to be annonying and inconvenient. This represents a significant failure for current solutions that are supposed to protect today's mobile devices. In this talk I will discuss some improved solutions that use the rich set of sensors on a mobile device to identify who is using the device. If the device can recognize the owner of the phone, then there should be no need to authenticate with a PIN or password. However, it can be tricky to implement such a solution to balance features such as accuracy, resource consumption, security, and user expectations. In this talk I will review a number of areas investigated by my research group to build such sensor-based, data-driven solutions, and their effect on smartphone security.

Graham Steel

Graham Steel

Biography

Graham Steel holds a masters in mathematics from the University of Cambridge and a Ph.D. in informatics from the University of Edinburgh. He has been a researcher at INRIA, the French national agency for computer science research, since 2008. Based in Paris, he recently cofounded a spin-off company, Cryptosense, which provides vulnerability analysis tools for cryptographic systems to an international clientele in particular in the financial, industrial and government sectors. In addition to international conference and journal publications, his research results have featured in Wired magazine, The Economist and The New York Times.

Developing Secure Applications with Crypto APIs

Making secure use of cryptographic APIs has become a core competence in software development. But how secure are the standard APIs, in particular in the light of recent revelations regarding activities of some national security agencies in weakening cryptographic standards?

In this talk we will first look at some of the cryptographic standards, whose security is the subject of speculation and try to separate rumour from fact. Then we'll examine some of most widely encountered crypto APIs, evaluating them on two important axes: facilities for flexible, secure key management and provision of modern cryptographic primitives. We'll look at strategies for using cryptographic APIs securely and testing the security of third party cryptographic equipment.

Radim Polčák

Radim Polčák

Biography

Radim Polcak is the head of the Institute of Law and Technology (ILT) at the Faculty of Law, Masaryk University. He teaches and publishes in ICT law, energy law and legal theory at Masaryk University and lectures at law schools and judicial training institutions in Europe and the US. Radim is also the general chair of the Cyberspace annual international symposium; editor-in-chief of the Masaryk University Journal of Law and Technology (MUJLT); editor-in-chief of the Review of Law and Technology (Revue pro právo a technologie) and a member of the editorial boards and governing bodies of ICT-law focused scientific journals and international conferences in the Czech Republic and around the EU and Asia.

He is a panelist at the .eu ADR arbitration court, a member of the Council of the European Law Institute, a member of the European Academy of ICT and Law, head of observer delegations of the ILT at UNCITRAL and UNODC and a member of various governmental and scientific expert and advisory bodies.

Strategic issues in the eimplementation of European and national legal regulatory framework of cybersecurity

The Czech Cybersecurity Act has not even entered into force, but it already became obvious that its implementation will soon raise a number of strategic questions. In particular, it turned out to be quite questionable how to define critical information and communication infrastructure or whether to approach its security as an object-based or rather process-based issue. It might also be questionable how to set the scope of legal regulatory framework and what actual regulatory model might be the most efficient, whereas the law should in this case apply on public and private entities at the same time. Up to that, there is a need to develop a coherent structure of functional and institutional elements that would systematically cover not just the needs on the national level, but that could serve at the same time regions and the EU or international community.

Tomáš Rosa

Tomáš Rosa

Biography

Tomáš Rosa graduated from the Dept. of Computer Science of the Faculty of Electrical Engineering of the Czech Technical University in Prague (CTU), in a combined study programme with the Faculty of Mathematics and Physics of Charles University in Prague. He received the Best Doctoral Work Award of the Rector of CTU for 2004. As a chief cryptologist, he worked on TOP SECRET information protection projects under Czech Act no. 148/1998 Coll.

He belongs to the group of pioneering researchers in the area of applied cryptanalysis which he promotes as a natural counterpart to the well-known paradigm of applied cryptography. He also helped to improve several world-wide standards, e.g. the SSL/TLS protocol and the EMV payment scheme. As an information security expert with Raiffeisenbank CZ, he is focused on security of embedded applications and devices.

Coping with the Paradigm Twist in Between Algebraic Cryptology and Stochastic Biometrics

Contemporary cryptography and cryptanalysis relies mainly on algebraic techniques, while the probabilistic approach is applied in very particular selected cases only. Conclusions based on exploratory statistics are even rarer and these are usually perceived as helping arguments. Biometrics, on the contrary, is inevitably based on statistical signal analysis of sensor data. On one hand, this creates many interesting opportunities. On the other hand, it demands paying increased attention when substituting or replacing classic cryptographic schemes with biometric methods.

We start this lecture by introducing biometrics as a signal detection problem where we also point out the contrasts to the conventional cryptography. Next, we will describe various types of mathematical attacks on biometrics together with several practical examples, while we also pay attention to penetration tests. From the question of registration templates protection, we will get to the bio-cryptography as a promising way on how to combine the "stiff" algebraic structures of cryptography on one side with the statistical methods of biometrics on the other one. We will see we have already solved a similar transition with respect to using quantum mechanical effects for information protection on the elementary physical level. So we have something to start with, but a direct comparison of biometrics and quantum mechanics is unfeasible, therefore we again need to pay a great attention to several preconditions.

We have to always respect biometrics is just a statistical analysis of measurement data for a chosen physiological or behavioral characteristic and, from the security viewpoint, this all makes sense only if we presume scanning these data from a living subject. Even though we can, in principle, consider connections in between cryptography and biometrics, the strength of the algorithm must never rely solely on the secrecy of the particular values of a given characteristic for a given person (e.g. the model of their voice, iris code, vein pattern, etc.). We show this approach, which is unfortunately still used quite often, is clearly pointless by a practically feasible general scenario of so-called biometric skimming.

Vlastimil Klíma

RNDr. Vlastimil Klíma

Biography

RNDr. Vlastimil Klíma graduated from the Faculty of Mathematics and Physics of the Charles University in Prague. He devoted all his thirty years professional life to cryptology. He has been working for government, army, private companies and as a consultant now. In the Czech Republic, he is founder of the area of the side channel cryptanalysis. He has written more than 300 papers and lectures. In the world he is known by proposing the fastest MD5-collision searching method and by revealing weaknesses in OpenPGP and SSL/TLS. He proposed a new concept of hash functions and block ciphers DN (HDN). He is co-author and inventor of the fastest hash function (BMW) in the second round of the competition SHA-3.

Website: http://cryptography.hyperlink.cz

Martin Baroš

Martin Baroš

Biography

Martin Baroš, CEO at Cryptelo, is responsible for leading expansion and bringing ideas for company's security products. He studied Charles University - Faculty of Mathematics and Physics. He was part of developer teams created application for financial and bank sector. He also lead team developed part of core banking features for Air Bank. Decided to focus on security, because he likes challenges and hates to give up.

Data Protection in Clouds

In the paper we present the main principles of solving the issue of data protection in clouds. Furthermore, we demonstrate possible security and cryptographic weaknesses, and suggest principles of ideal data protection, while simultaneously pointing out the disadvantages of ideal solutions using a concrete example.

Furthermore, we present our vision in the area of further evolution of mobile devices in the context of cloud repositories, as well as anticipated trends of data protection in them. In selected chapters concerning data protection we put currently available solutions available in the market and compare the level of protection they provide. We point out concrete correct implementation, as well as incorrect application of cryptographic concepts or other closely related security risks. Wherever relevant, we point out concrete instances (whether from a cryptographic or implementation perspective) where the given solution is failing, and finally we evaluate the impact on the security of the whole system.

Subsequently, we compare - using practical cryptographic examples - the performance of the traditional platform for implementation of cryptographic concepts (Java) to the new platform of natively supported web explorers (JavaScript). Taking into account current as well as predicted boom of mobile technologies, we conduct comparative tests even on selected mobile devices. We chose representatives both from the area of telephones and tablets. In the area of mobile devices, we compared the approach to the implementation of cryptographic algorithms on the native language platform and the implementation of algorithms using JavaScript library. The comparison is carried out with a representative volume of data, which grows in the course of the test, in order to define the key limits or benefits of the individual platforms, as applicable. In closing, the statistical results are summarized to make them usable as support for basic orientation when selecting target implementation platforms of cryptographic design. The aim of comparing the mobile platforms is to provide basic information as guidance in the decision-making process, as to whether it is possible to use the native code of the platform for the implementation of the intended solution or, alternatively, use HTML 5 enhanced by JavaScript. The latter alternative is promising as a feasible solution for all mobile and desktop platforms, save for certain limitations that we focus on as well.

Marián Novotný

Marián Novotný

Biography

Marian Novotny received his PhD in Computer Science from Faculty of Sciences of Pavol Jozef Šafárik University in Košice. In his PhD thesis he focused on design and analysis of security protocols. He is currently working as network security algorithm designer at ESET, where he is responsible for design, analysis and implementation of network intrusion detection systems. These detection systems are integrated in ESET products under names Botnet Protection and Vulnerability Shield.

Implementation vulnerabilities in SSL/TLS

SSL/TLS protocol has become a standard way for establishing a secure communication channel in internet applications. In recent years several vulnerabilities related to SSL/TLS protocol were disclosed. We will discuss differences between design and implementation vulnerabilities and try to summarize design flaws in SSL/TLS. However, we will focus on the implementation vulnerabilities and explain in more details the vulnerabilities discovered in Schannel and OpenSSL libraries such as Heartbleed (CVE-2014-0160), WinShock (CVE-2014-6321 including ECDSA certificate verification bypass vulnerability) and the Freak attack (CVE-2015-0204 in OpenSSL and CVE-2015-1637 in Schannel).

The talk is based on our experiences obtained during implementation and testing network detections of SSL/TLS vulnerabilities. We will present how difficult it is to exploit the mentioned vulnerabilities, demonstrate some exploitation and try to evaluate their impact. Finally, we will discuss security risks that design, implementation and realization of SSL/TLS protocol have brought to us.

Václav Bartoš

Václav Bartoš

Biography

Václav Bartoš is a PhD. student at the Faculty of Information Technology, Brno University of Technology, where he received his master's degree. He works as a researcher at CESNET. His research focuses on network monitoring and traffic analysis.

Heartbleed Detection at CESNET using Extended Flow Monitoring

Today networks are usually monitored using flow monitoring technology. It provides detailed information about the traffic on netwrok and transport layers. The presentation will show the monitoring infrastructure of the academic network CESNET2. Probes deployed in this network are able to extend the flow data by information extracted from application layer of several protocols. Such information allows to detect even such types of malicious traffic which exhibit no distinguishable characteristics on network and transport layers. An example of utilization of such data will be shown on detection of attacks on the Heartbleed vulnerability during April last year.

Tomáš Košňar

Tomáš Košňar

Biography

Tomáš Košňar works for CESNET association since 1996 and specialises in the area of infrastructure and IP traffic monitoring. He is simultaneously adviser of managing director of CESNET association in the field of network applications and services. Tomáš currently represents CESNET association in NIX.CZ - association operating Neutral Internet Exchange in the Czech Republic and also serves as a member of board of managers in CZ.NIC - association operating .cz domain registry and National CSIRT of the Czech Republic.

Comprehensive IP Traffic Monitoring with FTAS System

System FTAS is designed for large-scale continuous flow-based IP traffic monitoring. It is primarily developed and operated for needs of CESNET e-Infrastructure (national ICT infrastructure for research and development in the Czech Republic) and for needs of connected infrastructures and networks. This contribution contains selected examples of solutions of typical user requests in the area of finding and visualisation of traffic of interest its statistical post-processing or its periodical reporting as well as requests in the area of on-the-fly and ex-post anomaly and attack detection.




Abstracts

 

Martina Hupková, Martin Baroš (Cryptelo, Czech Republic)

Encrypted cloud storage for modern business

This paper directly supplements the lecture Privacy in the Cloud, which demonstrates the ideal, or optimal cryptographic design and the possibilities of implementing it in relation to the issue of data protection in the cloud. The paper presents the application of selected data protection concepts in practice using the example of encrypted cloud storage for businesses, and the impact these concepts have on the user once implemented. We introduce the requirements for modern cloud storage, as they arise in the character, activities and structures of modern companies. The level of development in technology, society, thinking and communication is a factor reflected in the nature of business. Specifically, this takes into account the increasing mobility of people (employees) and knowledge, different forms of employment, globalization and internationalization.

The central concern of this paper is the human factor – the user, working with sensitive data, also poses a potential threat to the loss of such data – whether purposeful or inadvertent. Where is the boundary between user-friendliness or ease-of-use and the maximum possible data security in cloud encryption? The decision is based on an awareness of the need to protect corporate data and its realistic value. Is some data worth maximum protection – such that the data cannot be accessed either by an attacker, the encrypted system creator, or at request of police and state security forces? We introduce an encrypted cloud, based on a combination of symmetric (AES-256) and asymmetric encryption (elliptic curves), in which it’s impossible to backup data and loss of the data is a better choice for the owner than providing them to a third party.

 

Marco Fratti (Independent consultant)

The Virtual Computer – Means for Securing the Cloud – practical demonstration

Secure Cloud Computing techniques must provide the essential services of identification, authentication and content access control. In addition, in case of content sharing between two parties or among multiple parties the content owner must be able to grant sharing rights only to legitimate and authorized peers.

All the existing and widely known solutions rely on a common paradigm: a one-to-one correspondence between each party of a content sharing group and a single Cloud Computing provider (DropBoxTM, Google DriveTM, etc.).

According to an Intel Survey on IT Professionals’ Confidence in Cloud Security it appears that the three greatest concerns are:

  1. Inability to measure security services of the Cloud Computing provider
  2. Lack of control over data
  3. Confidence in provider’s security capabilities

Therefore, improved solutions are required for ensuring secure and reliable content management in the Cloud Computing context.

 

Jan Pluskal, Petr Matoušek, Ondrej Ryšavý a kol. (Brno University of Technology, Czech Republic)

Netfox Detective: A tool for advanced network forensics analysis

Network forensics is a process of capturing, collecting and analysing network data for the purposes of information gathering, legal evidence, or intrusion detection. The new generation internet opens novel opportunities for cybercrime activities and security incidents using network applications. Security administrators and LEA (Law Enforcement Agency) officers are challenged to employ advanced tools and techniques in order to detect unlawful or unauthorized activities. In case of serious suspicion of crime activity, network forensics tools and techniques are used to find out legal evidences in a captured network communication that prove or disprove suspect’s participation on that activity.

Today, there are various commercial or free tools for network forensics analysis available, e.g., Wireshark, Network Miner, NetWitness, Xplico, NetIntercept, or PacketScan. Many of these tools lack the ability of successful reconstruction of communication when using incomplete, duplicated or corrupted input data. Investigators also require an advanced automatic processing of application data that helps them to see real contents of conversation that include chats, VoIP talks, file transmission, email exchange etc.

Our research is focused on design and implementation of a modular framework for network forensics with advanced possibilities of application reconstruction. The proposed architecture consists of (i) input packet processing, (ii) an advanced reconstruction of L7 conversations, and (iii) application-based analysis and presentation of L7 conversations. Our approach employs various advanced reconstruction techniques and heuristics that enable to work even with corrupted or incomplete data, e.g. one-directional flows, missing synchronization, unbounded conversations, etc.

The proposed framework was implemented in a tool Netfox Detective developed by our research group. This paper shows its architecture from functional and logical point of view and its application on reconstruction of web mail traffic, VoIP and RTP transmissions.

 

Jakub Čegan, Martin Vizváry (Masaryk University, Czech Republic)

Lessons Learned from KYPO – Cyber Exercise & Research Platform Project

Cyber attacks became a significant threat for a critical information infrastructure of a state. In order to face them it is necessary to study them, understand them, and train personnel to recognize them. For this purpose we developed a KYPO - Cyber Exercise & Research Platform for simulation of numerous cyber attacks. In this paper we present the KYPO framework and first experience gained from Capture the Flag game training.

 

Tomáš Hrabovský (AKIS)

CIS security solutions for Department of Defense

 

Pavol Sokol, Patrik Pekarčík, Tomáš Bajtoš (Pavol Jozef Šafárik University in Košice, Slovak Republic)

Data collection and data analysis in honeypots and honeynets

Honeypots and honeynets are unconventional security tools to study techniques, methods, tools, and goals of attackers. Therefore, data analysis is an important part of honeypots and honeynets. In paper we focus on analysis of data collected from different honeypots and honeynets. We discuss framework to analyse honeypots’ and honeynets’ data. Also, we outline a secure way to transfer collected data from honeypots to the analysis itself. At last, we propose a framework for analysis of attack based on data collected by honeypots and honeynets.

 

Marián Svetlík (Risk Analysis Consultants, Czech Republic)

The Application of Standards and Best Practices in Digital Forensic

Paper describes today situation in area of forensic examination and forensic experts management, registration and usage of forensic experts in our legal judicial system. Insufficiency of valid "Expert and Interpreters Act" is described and real situation in general processes in fighting crime using traces and forensic examination for judicial decisions is described. Mentioned problems are the main reasons why we have not await any miracles in real forensic examinations and why overall level of forensic reports is problematic and low.

From general theory of systems a new approach for “Management system of forensic examination” is described and key role of forensic sciences is defined.

 

Roman Nedzelský (University of Economics Prague, Czech Republic)

Hybrid cloud computing: Security Aspects and Challenges

Nowadays, the concept of hybrid clouds is constantly being discussed, private as well as public clouds. For large companies and state institutions the hybrid solution is the only way to get involved in innovation in cloud computing, because most of the data must be placed on on-premise hardware and cannot be moved to any public cloud. Even if there is no legal restriction within the hybrid scenarios, companies are afraid of information leakage or other constraints that may arise when they do not have their data under their control. On the other hand it is very tempting to take advantage of outplacement infrastructure which the user does no need to worry about, or to use the services in the field of machine learning, business intelligence, stream analytics and other SaaS features. This migration to cloud solutions (or using cloud features) is mainly from the cost savings point of view a very desirable solution. However, public cloud solutions face the problem with functionalities of some cloud services which cannot be used in combination with local, on-premise servers.

Many researches that have been carried out recently, focus only on the area of private or public clouds. This paper focuses on security within hybrid clouds for large companies and governments. It deals with the exploration of various kinds of security within the concept of IaaS and SaaS, various principles of authentication and security and also challenges in terms of security in this area. Motivation for this work were also forecasts provided by Gartner, who estimated that in 2017 most of the large companies will be using hybrid cloud scenarios. This paper compares several suppliers that are specialized in hybrid cloud solutions for government agencies. Some of them are already providing cloud services with a focus on the public sector and it is therefore appropriate to summarize these offers and compare them with emphasis on safety.

 

Tomáš Dragoun (Masaryk University, Czech Republic)

Classification of applications by network behavior

The network flow classification is an important task that is carried out by network administrators. The problem is to create mapping between unknown network flows and a set of possible classes. The aim of this paper is to use current knowledge of the problem and to evaluate, if similar methods can be used to classify applications as a whole. A class system which divides applications in 9 easy-to-understand categories was designed. Then approach was proposed, which can be used to classify applications. Data from real users was analyzed and a series of own experiments was performed in order to deduce some common behavioral characteristics for each application class. These elementary properties were expressed in a way of binary predicates, which describe the application behavior on different network levels. Predicates were verified experimentally and the usability was demonstrated with the aid of unsupervised machine learning. Behavior of any application is represented by the binary vector which can be used as the input for machine learning classifier.

 

Libor Dostálek (University of South Bohemia, Czech Republic)

Authentication and authorization applications in 4G networks

The principle of 4G mobile networks shows that users are still connected to the network. It also calls will be implemented already over the network (VoLTE). This contribution to discuss the possibility of strong authentication for applications running on mobile devices. It deals with the possibility of combining algorithm AKA with other authentication algorithms. Combination of two algorithms will be created strong multifactor authentication, which is suitable for applications demanding high secure authentication such as Internet banking or Internet access to the Government applications.

 

Lukáš Malina, Petr Dzurenda, Jan Hajný (Brno University of Technology, Czech Republic)

Testing of DDoS Protection

Distributed Denial of Service (DDoS) attacks invade networks and web services every day. Many current research projects and activities try to design various DDoS protection solutions. Nevertheless, there are more and more advanced DDoS attacks that are ingenious and powerful which may cause that many of these comprehensive DDoS protection solutions are not so efficient and do not fully mitigate advanced DDoS attacks. Accordingly, it is important to test DDoS protection solutions and reveal their limitations and bottlenecks prior to employ them into networks. This work deals with DoS and DDoS detection techniques and presents the testing procedures of DDoS protection solutions. We describe state of the art in detection techniques of current DDoS attacks. The techniques are based on signature and anomaly detection. Other alternative approaches are also evaluated and their advantages and drawbacks are discussed. Besides these detection techniques, we survey the DDoS protection solutions and special DDoS protection appliances and evaluate them.

Further, we introduce two testing procedures for observing the behaviour of network security and DDoS protection appliances during the DDoS attacks. The first testing procedure is based on a software DDoS generator that runs on common server or personal computer. The paper also presents various software DDoS generators and their specifications. The second testing procedure uses the professional stress tester Spirent Avalanche which enables to generate various types of DDoS attacks. This stress tester is able to mix legitimate traffic with DDoS attacks and emulates various communication protocols and services. We evaluate these testing procedures and present our experimental results of both approaches. We focus on the performance and modularity of these testing procedures and the range of possible DoS/DDoS attacks that can be generated.

 

Martin Drahanský, Ondřej Kanich (Brno University of Technology, Czech Republic)

Vulnerabilities of Biometric Systems

This article is focused on three vulnerabilities of biometric systems at a sensor level, presented on an example of fingerprint recognition. The first part is oriented on human diseases influencing the quality (and generally possibility) of acquired fingerprint. The second part introduces various other factors having an influence to the process of fingerprint acquisition. The last part is devoted to production of finger(print) fakes and herewith attacking the biometric systems in a spoof-use-way.

 

Radim Kolář, Lukáš Semerád (Brno University of Technology, Czech Republic)

Bimodal Eye Imaging System for Biometric and Medical Applications

This paper describes a new bimodal approach for acquisition of human eye iris and eye retina. A short state of the art is described, followed by recent references oriented on iris and retinal characteristics. The brief description of our proposed bimodal system is also described with experimental results of scanned eye’s retina and iris. The main part is focused on enhanced optical setup for the iris/retina acquirement of a human eye. This unique combination in one particular apparatus can be used for medical (ophthalmology) as well as for biometric purposes. Scan in one cycle can significantly save the work time in comparison with separate scanning of each part separately.