Global ETD Search

1	Extrakce dešifrovaného provozu z SSL spojení / Extraction of Decrypted Data from SSL Connection Pastuszek, Jakub January 2019 (has links) Cílem této práce je vyvinout aplikaci schopnou dešifrovat zabezpečená spojení a přeposlat dešifrovaná data na jinou stanici v síti pro další analýzu. Daná aplikace vybízí k nelegálním účelům, avšak zamýšleným použitím výsledného produktu jsou legální odposlechy. Pro tuto práci byla z množiny nástrojů vybrána aplikace SSLsplit díky jejím vlastnostem a výkonnosti. Toto rozhodnutí bylo na základě srovnávacích testů a porovnání vlastností. Pomocí vlastního certifikátu SSLsplit podepisuje certifikáty cílových serverů, které jsou vytvářené za běhu. Spuštěná aplikace běží v režimu transparentní proxy přímo na centrálním prvku dané sítě (routeru). SSLsplit provádí man-in-the-middle útok mezi klientem a serverem bez toho, aby to některá ze stran zaznamenala. Dále umožnuje dešifrovaný obsah odeslat na předem daný uzel v síti pro jeho další zpracování. Pro možnost snažší konfigurace SSLsplitu byla implementována integrace do netc rozhraní. Aplikace byla otestována za účelem zjištění jejich výkonnostních limitů. Výkonnostní testy výsledného řešení ukazují značný pokles počtu transakcí za sekundu (TPS) při použití SSLsplit v porovnání s pouhým přeposíláním provozu. Funkce zrcadlení významně neovlivňuje počet TPS ani neomezuje samotný SSLsplit. Výsledky ukazují, že SSLsplit je schopen reálného provozu s určitým omezením.
2	Rekonstrukce webmailového provozu / Webmail Traffic Reconstruction Slivka, Miroslav January 2015 (has links) Webmail applications are very popular these days. Besides typical usage, thanks to ciphered communication, they can be used for malicious activity like confidential data loss. This thesis discusses webmail events detection based on common webmail signatures in captured network traffic. Also there will be discussed SSL/TLS interception and decryption for further data analysis. The modules in this thesis are designed and implemented for Netfox.Framework forensics analysis tool. The Netfox project is developed at FIT BUT under security research project SEC6NET.
3	Encrypted Chat Client : Encrypted communication over XMPP Rosén, Oskar January 2015 (has links) Every day there are internet users all over the world who sends a total sum of millions of emails and instant messages and a majority of these are sent and transmitted without any form of encryption. When we send an unencrypted message it can be monitored, analyzed and even stored by organiza-tions and individuals. Therefore using encrypted communication is vital for not having our privacy violated. One of the problems that needs to be solved is to allow two persons to communicate in (near) real time through text over internet in a secure and easy way for the user, while at the same time allowing the user to have a good experience and maintaining confidentiality. The chat client should be able to communicate with other platforms than only itself and must therefore use and fol-low an existing protocol for instant messaging. To receive a true end-to-end encryption, all data needs to be encrypted and decrypted locally on the user's computer before it is sent out on the inter-net. SSL / TLS can be used as a protective layer, but it must be complemented by an extra and sepa-rate layer of encryption since SSL / TLS is not an authentic end-to-end encryption. This is because of the SSL data is decrypted when they land on the server, while true end-to-end data is only de-crypted locally on the receivers computer. This thesis have resulted in a working chat client built on the XMPP protocol with support for using OTR encryption that offers true end-to-end encryption. / Varje dag finns det internetanvändare världen över som sammanlagt skickar miljontals email och direktmeddelanden vilka majoriteten skickas och överförs utan någon form utav kryptering. När vi skickar ett okrypterat meddelande kan det bli övervakat, analyserat och till och med lagrat utav or-ganisationer och individer. Därför är användande utav krypterad kommunikation avgörande för att inte vår integritet ska kränkas. Ett utav problemen som behöver lösas är att tillåta två personer att kommunicera i (nära) realtid genom text över internet på ett säkert och enkelt sätt för användaren. Detta samtidigt som användaren har en bra användarupplevelse och bibehåller konfidentialitet. Chattklienten ska kunna kommunicera med andra plattformar än sig själv och måste därmed an-vända sig utav och följa ett existerande protokoll för direktmeddelanden. För att få en riktig end-to-end kryptering måste all data krypteras och dekrypteras lokalt på användarens dator innan det skickas över internet. SSL / TLS kan användas som ett skyddande lager, men måste kompletteras av ett extra och separat lager av kryptering då SSL / TLS inte är äkta "end-to-end" kryptering. Detta är på grund utav att SSL data är dekrypterad när det kommer till servern, medan äkta "end-to-end" kryptering endast är dekrypterat lokalt på mottagarens dator. Denna avhandling resulterade i en fungerande chattklient byggt på XMPP protokollet med stöd för OTR kryptering som erbjuder äkta "end-to-end" kryptering. Chat client Encryption SSL/TLS OTR XMPP Chattklient Kryptering SSL/TLS OTR XMPP Computer and Information Sciences Data- och informationsvetenskap
4	Une étude de l’écosystème TLS / A study of the TLS ecosystem Levillain, Olivier 23 September 2016 (has links) SSL/TLS, un protocole de sécurité datant de 1995, est devenu aujourd'hui une brique essentielle pour la sécurité des communications, depuis les sites de commerce en ligne ou les réseaux sociaux jusqu'aux réseaux privés virtuels (VPN), en passant par la protection des protocoles de messagerie électronique, et de nombreux autres protocoles. Ces dernières années, SSL/TLS a été l'objet de toutes les attentions, menant à la découverte de nombreuses failles de sécurité et à des améliorations du protocole. Dans cette thèse, nous commençons par explorer l'écosystème SSL/TLS sur Internet en énumérant les serveurs HTTPS sur l'espace IPv4; nous proposons pour cela des méthodologies de collecte et d'analyse permettant d'obtenir des résultats reproductibles et comparables entre différentes campagnes de mesure. Au-delà de ces observations, nous nous sommes intéressés en détail à deux aspects essentiels de la sécurité TLS: comment parer les attaques sur le Record Protocol, et comment implémenter des parsers sûrs et efficaces. Finalement, en se basant sur les nombreuses failles d'implémentation qui ont affecté presque toutes les piles TLS ces dernières années, nous tirons quelques enseignements concernant les difficultés liées à l'écriture d'une bibliothèque TLS de confiance / SSL/TLS, a 20-year old security protocol, has become a major component securing network communications, from HTTPS e-commerce and social network sites to Virtual Private Networks, from e-mail protocols to virtually every possible protocol. In the recent years, SSL/TLS has received a lot of attentions, leading to the discovery of many security vulnerabilities, and to protocol improvements. In this thesis, we first explore the SSL/TLS ecosystem at large using IPv4 HTTPS scans, while proposing collection and analysis methodologies to obtain reproducible and comparable results across different measurement campaigns. Beyond these observations, we focused on two key aspects of TLS security: how to mitigate Record Protocol attacks, and how to write safe and efficient parsers. Finally, building on the numerous implementation flaws in almost all TLS stacks in the last years, we propose some thoughts about the challenges in writing a secure TLS library SSL/TLS Sécurité des systèmes d'information Protocoles cryptographiques Mesures réseau Implémentation de protocoles réseau Parsers SSL/TLS IT security Cryptographic protocols Network campaigns Network protocol implementation Parsers
5	Digitální certifikáty / Digital certificates Svačina, Ondřej January 2016 (has links) This thesis is focused on the topic of digital certificates for secure communication. First of all, methods of authentication and cryptography are analyzed as a starting point. Furthermore, the thesis describes communication protocols for secure connection HTTPS and SSL/TLS, the importance of certification authorities and their characteristics. It devotes the biggest part of attention to digital certificates as such. Practical part introduces available certification authorities, including practical creation of the new certification authority and certificate. This untrusted certificate has become the key element of the questionnaire survey, which aim is to analyze knowledge level of users about secure connection through trusted certificates. After the analysis, interpretation of obtained data and verification of selected hypothesis, recommendations for domain owners, who are planning to use HTTPS, were proposed.
6	SSL/TLS configuration of swedish government agencies websites : Finding underlying factors affecting their security level Larsson, Johan January 2016 (has links) The SSL/TLS protocols over HTTPs main tasks are to encrypt communication and provide verification to the user that the website is the one it is claiming to be. With an increase in egovernment and agencies using e-services where sensitive information can travel over the Internet the need for SSL/TLS has increased and will continue to increase. This study therefore aims to provide answers to how the Swedish agencies have configured their websites in terms of SSL/TLS and why they are at their current level of security in regards to SSL/TLS. A technical survey using the tool Qualys SSL Server Test was used in order to collect the configurations. Follow up interviews with a semi-structured qualitative approach was then used to answer the second research question of what factors affect why they had their current security level. 48,77% of agencies had some sort of implementation but the majority did not use SSL/TLS. The ten most common factors which affected agencies security levels was “Projects”, “Availability”, “Attitude towards security”, “Perceived sensitivity of data”, “Consultants”, “Resources”, “Knowledge of SSL”, “Security responsibility”, “Eservice”, and “Laws or other externa influence”. SSL/TLS security government agencies identifying factors Computer and Information Sciences Data- och informationsvetenskap
7	Synchronizace kontaktů v privátním cloudu / Contact Synchronization for a Private Cloud Sendler, Jaroslav January 2014 (has links) This masters's thesis is studying the possibility of Create a synchronization tool for device running on Android. It is the ability to sync contacts from portable devices in a private cloud, which is here substituted by Directory server. For working with directory, server uses LDAP server and its implementation of OpenLDAP. The first part is aimed at the description of the structure and directory services. Following is analysis and separation requirements. The whole project is completed by proposals and implementation that relate to the safety and advanced synchronization.
8	Integration von Methoden und Verfahren zur gesicherten Übertragung von Daten und zur Authentifizierung in ein webbasiertes System Falkenreck, Jan 20 October 2017 (has links) Die Arbeit beschäftigt sich mit der Integration von Methoden und Verfahren zur gesicherten Übertragung und zur Authentifizierung. Es werden dies bezüglich Realisierungsmöglichkeiten für die Erweiterung einer bestehenden Applikation aufgezeigt und diskutiert. Die Sicherheitsanforderungen an die Anwendung werden aufgezeigt und bestehende Technologien bezüglich ihrer Verwendbarkeit für eine Authentifizierung in der Anwendung evaluiert. Die Integration der Methoden und Verfahren erfolgt prototypisch in die gewählte Anwendung. Besonderer Wert wird dabei auf die Authentifizierung von Nutzern am System und die verschlüsselte Übertragung von Daten über nicht private Netze gelegt. Die Arbeit gibt einen Einblick in die kryptographischen Grundlagen und verwendeten Verfahren und Standards. Das Anwendungsgebiet wird beschrieben und die Nutzungsstrategie der Anwendung wird dargelegt. Die Integration der Verfahren und Mechanismen in die Anwendung erfolgt unter Berücksichtigung der vorher gesetzten Ziele und der Lösungsansatz wird prototypisch implementiert und diskutiert. info:eu-repo/classification/ddc/000 ddc:000
9	Zabezpečený peer to peer komunikační systém / Secure peer-to-peer communication system Eliáš, Luboš January 2008 (has links) The main aim of this master's thesis is to implement a common, secure and peer-to-peer communication system. The system has ability to automatically establish and run a secure end-to-end connection. It has this ability even if a network address translator is in the way to the destination system, without need of any explicit configuration of this translator. The security procedures of this system are in a transparent manner masked from individual applications, which had to solve this challenge in their own way. A responsibility for a security is delegate to an application-independent subsystem working within the core of an operating system. The security of this subsystem is based on capturing the outbound and inbound IP packets and their authentication and encryption. The system was successfully implemented in MS Windows XP operating system, in programming language C++. Transfer rate of communication tunnel in different network bandwidth speeds was measured. Result shows, that in the case of use the system on standard PC sold nowadays is practically no decrease of the transfer rate in comparison to a common channel.
10	Bezpečné kryptografické algoritmy / Safe Cryptography Algorithms Zbránek, Lukáš January 2008 (has links) In this thesis there is description of cryptographic algorithms. Their properties are being compared, weak and strong points and right usage of particular algorithms. The main topics are safeness of algorithms, their bugs and improvements and difficulty of breaching. As a complement to ciphers there are also hash functions taken in consideration. There are also showed the most common methods of cryptanalysis. As a practical application of described algorithms I analyze systems for secure data transfer SSH and SSL/TLS and demonstrate an attack on SSL connection. In conclusion there is recommendation of safe algorithms for further usage and safe parameters of SSH and SSL/TLS connections.

Search results