Aplikace zákona a vyhlášky o kybernetické bezpečnosti na úřadech státní správy / Application of the act and subsequent regulation on cyber security at state administration´s offices

Pech, Jan

January 2016

The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.

Modul pro sledování politiky sítě v datech o tocích / Module for Network Policy Monitoring in Flow Data

Piecek, Adam

January 2019

The aim of this master's thesis is to design a language through which it would be possible to monitor a stream of network flows in order to detect network policy violations in the local network. An analysis of the languages used in the data stream management systems and an analysis of tasks submitted by the potential administrator were both carried out. The analysis specified resulted in the language design which represents pipelining consisting of filtering and aggregation. These operations can be clearly defined and managed within security rules. The result of this thesis also results in the Policer modul being integrated in the NEMEA system, which is able to apply the main commands of the proposed language. Finally, the module meets the requirements of the specified tasks and may be used for further development in the area of monitoring network policies.

Návrh zabezpečovacího systému areálu společnosti / A Proposal for a Security System of the Company Premises

Černý, Jan

January 2014

The content of this thesis is the complex security system proposal, specifically of PZTS system and CCTV system. The thesis is divided into three parts. The first part is analysis of the current state, the second is theoretical part and the third part is a practical part. The first part deals with the analysis of the current state of physical security and technical protection of the premises. The theoretical part deals with theoretical solutions for security system proposal. The practical part is focused on separate PZTS and CCTV systems proposal, that will meet all the requirements and standards of the customer.

Advanced EM/Power Side-Channel Attacks and Low-overhead Circuit-level Countermeasures

Debayan Das (11178318)

27 July 2021

<div>The huge gamut of today’s internet-connected embedded devices has led to increasing concerns regarding the security and confidentiality of data. To address these requirements, most embedded devices employ cryptographic algorithms, which are computationally secure. Despite such mathematical guarantees, as these algorithms are implemented on a physical platform, they leak critical information in the form of power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and so on, leading to side-channel analysis (SCA) attacks. Non-profiled SCA attacks like differential/correlational power/EM analysis (DPA/CPA/DEMA/CEMA) are direct attacks on a single device to extract the secret key of an encryption algorithm. On the other hand, profiled attacks comprise of building an offline template (model) using an identical device and the attack is performed on a similar device with much fewer traces.</div><div><br></div><div>This thesis focusses on developing efficient side-channel attacks and circuit-level low-overhead generic countermeasures. A cross-device deep learning-based profiling power side-channel attack (X-DeepSCA) is proposed which can break the secret key of an AES-128 encryption engine running on an Atmel microcontroller using just a single power trace, thereby increasing the threat surface of embedded devices significantly. Despite all these advancements, most works till date, both attacks as well as countermeasures, treat the crypto engine as a black box, and hence most protection techniques incur high power/area overheads.</div><div><br></div><div>This work presents the first white-box modeling of the EM leakage from a crypto hardware, leading to the understanding that the critical correlated current signature should not be passed through the higher metal layers. To achieve this goal, a signature attenuation hardware (SAH) is utilized, embedding the crypto core locally within the lower metal layers so that the critical correlated current signature is not passed through the higher metals, which behave as efficient antennas and its radiation can be picked up by a nearby attacker. Combination of the 2 techniques – current-domain signature suppression and local lower metal routing shows >350x signature attenuation in measurements on our fabricated 65nm test chip, leading to SCA resiliency beyond 1B encryptions, which is a 100x improvement in both EM and power SCA protection over the prior works with comparable overheads. Moreover, this is a generic countermeasure and can be utilized for any crypto core without any performance degradation.</div><div><br></div><div>Next, backed by our physics-level understanding of EM radiation, a digital library cell layout technique is proposed which shows >5x reduction in EM SCA leakage compared to the traditional digital logic gate layout design. Further, exploiting the magneto-quasistatic (MQS) regime of operation for the present-day CMOS circuits, a HFSS-based framework is proposed to develop a pre-silicon EM SCA evaluation technique to test the vulnerability of cryptographic implementations against such attacks during the design phase itself.</div><div><br></div><div>Finally, considering the continuous growth of wearable and implantable devices around a human body, this thesis also analyzes the security of the internet-of-body (IoB) and proposes electro-quasistatic human body communication (EQS-HBC) to form a covert body area network. While the traditional wireless body area network (WBAN) signals can be intercepted even at a distance of 5m, the EQS-HBC signals can be detected only up to 0.15m, which is practically in physical contact with the person. Thus, this pioneering work proposing EQS-HBC promises >30x improvement in private space compared to the traditional WBAN, enhancing physical security. In the long run, EQS-HBC can potentially enable several applications in the domain of connected healthcare, electroceuticals, augmented and virtual reality, and so on. In addition to these physical security guarantees, side-channel secure cryptographic algorithms can be augmented to develop a fully secure EQS-HBC node.</div>

Circuits and Systems

Microelectronics and Integrated Circuits

Computer System Security

Electromagnetic Security

Hardware Security

Mixed-Signal Circuit design for security

Generic Low-overhead countermeasure

Signature Attenuation Hardware

STELLAR

X-DeepSCA

Auditable Computations on (Un)Encrypted Graph-Structured Data

Servio Ernesto Palacios Interiano (8635641)

29 July 2020

<div>Graph-structured data is pervasive. Modeling large-scale network-structured datasets require graph processing and management systems such as graph databases. Further, the analysis of graph-structured data often necessitates bulk downloads/uploads from/to the cloud or edge nodes. Unfortunately, experience has shown that malicious actors can compromise the confidentiality of highly-sensitive data stored in the cloud or shared nodes, even in an encrypted form. For particular use cases —multi-modal knowledge graphs, electronic health records, finance— network-structured datasets can be highly sensitive and require auditability, authentication, integrity protection, and privacy-preserving computation in a controlled and trusted environment, i.e., the traditional cloud computation is not suitable for these use cases. Similarly, many modern applications utilize a "shared, replicated database" approach to provide accountability and traceability. Those applications often suffer from significant privacy issues because every node in the network can access a copy of relevant contract code and data to guarantee the integrity of transactions and reach consensus, even in the presence of malicious actors.</div><div><br></div><div>This dissertation proposes breaking from the traditional cloud computation model, and instead ship certified pre-approved trusted code closer to the data to protect graph-structured data confidentiality. Further, our technique runs in a controlled environment in a trusted data owner node and provides proof of correct code execution. This computation can be audited in the future and provides the building block to automate a variety of real use cases that require preserving data ownership. This project utilizes trusted execution environments (TEEs) but does not rely solely on TEE's architecture to provide privacy for data and code. We thoughtfully examine the drawbacks of using trusted execution environments in cloud environments. Similarly, we analyze the privacy challenges exposed by the use of blockchain technologies to provide accountability and traceability.</div><div><br></div><div>First, we propose AGAPECert, an Auditable, Generalized, Automated, Privacy-Enabling, Certification framework capable of performing auditable computation on private graph-structured data and reporting real-time aggregate certification status without disclosing underlying private graph-structured data. AGAPECert utilizes a novel mix of trusted execution environments, blockchain technologies, and a real-time graph-based API standard to provide automated, oblivious, and auditable certification. This dissertation includes the invention of two core concepts that provide accountability, data provenance, and automation for the certification process: Oblivious Smart Contracts and Private Automated Certifications. Second, we contribute an auditable and integrity-preserving graph processing model called AuditGraph.io. AuditGraph.io utilizes a unique block-based layout and a multi-modal knowledge graph, potentially improving access locality, encryption, and integrity of highly-sensitive graph-structured data. Third, we contribute a unique data store and compute engine that facilitates the analysis and presentation of graph-structured data, i.e., TruenoDB. TruenoDB offers better throughput than the state-of-the-art. Finally, this dissertation proposes integrity-preserving streaming frameworks at the edge of the network with a personalized graph-based object lookup.</div>

Applied Computer Science

Distributed Computing

Computer System Security

Open Software

Data Encryption

Database Management

Oblivious Smart Contract

Private Automated Certification

supply chain processes

graph structured data

authentication scheme

data ownership

graph analysis applications

Auditable Computation

encrypted graph-structured data

auditable graph analysis

graph data science

AuditGraph.io

TruenoDB

Graph database

supply chain

auditable graph computation

Blockchain

Deep Learning Based Models for Cognitive Autonomy and Cybersecurity Intelligence in Autonomous Systems

Ganapathy Mani (8840606)

21 June 2022

Cognitive autonomy of an autonomous system depends on its cyber module's ability to comprehend the actions and intent of the applications and services running on that system. The autonomous system should be able to accomplish this without or with limited human intervention. These mission-critical autonomous systems are often deployed in unpredictable and dynamic environments and are vulnerable to evasive cyberattacks. In particular, some of these cyberattacks are Advanced Persistent Threats where an attacker conducts reconnaissance for a long period time to ascertain system features, learn system defenses, and adapt to successfully execute the attack while evading detection. Thus an autonomous system's cognitive autonomy and cybersecurity intelligence depend on its capability to learn, classify applications (good and bad), predict the attacker's next steps, and remain operational to carryout the mission-critical tasks even under cyberattacks. In this dissertation, we propose novel learning and prediction models for enhancing cognitive autonomy and cybersecurity in autonomous systems. We develop (1) a model using deep learning along with a model selection framework that can classify benign and malicious operating contexts of a system based on performance counters, (2) a deep learning based natural language processing model that uses instruction sequences extracted from the memory to learn and profile the behavior of evasive malware, (3) a scalable deep learning based object detection model with data pre-processing assisted by fuzzy-based clustering, (4) fundamental guiding principles for cognitive autonomy using Artificial Intelligence (AI), (5) a model for privacy-preserving autonomous data analytics, and finally (6) a model for backup and replication based on combinatorial balanced incomplete block design in order to provide continuous availability in mission-critical systems. This research provides effective and computationally efficient deep learning based solutions for detecting evasive cyberattacks and increasing autonomy of a system from application-level to hardware-level. <br>

Private policing and security services

Knowledge representation and reasoning

Pattern recognition

System and network security

Data mining and knowledge discovery

Artificial Intelligence

Cybersecurity

Deep Learning

Machine Learning

Cryptomining

Cryptojacking

Natural Language Processing

Malware

Combinatorics

Autonomous Systems

Cognitive Autonomy

Applied Computer Science

Computer System Security

Private Policing and Security Services

Pattern Recognition and Data Mining

Provoz otopných těles / Working of radiators

Mašek, Miroslav

January 2022

This diploma thesis deals with the operation of radiators. It is divided into three parts. The first part describes the various types of radiators and heating surfaces, radiator control and heat measurement, the second part deals with the design of heating and hot water in an apartment building in Brno in two variants of the conceptual solution and the third part is processed in the form of experimental measurements issues of radiator operation during a real day in the heating season and operating conditions that may occur.