Dynamic identities for flexible access control

Andersson, Fredrik, Hagström, Stefan

January 2005

This thesis will analyse the pros and cons of a module-based approach versus the currently existing certificate schemes and the proposed requirements for a module-based certificate scheme to serve as a plausible identity verification system. We will present a possible model and evaluate it in respect to the existing solutions and our set of identified requirements.

PKI

identity validation

certificate authority

Computer Sciences

Datavetenskap (datalogi)

Důvěryhodná proxy v SSL/TLS spojení / Trusted proxy in SSL/TLS connection

Smolík, Jiří

January 2017

The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)

Brand management regionálních značek / Brand Management of Regional Brands

Štočková, Tereza

January 2017

The aim of the thesis is to introduce and evaluate regional branding occurring in the Czech republic, other countries of the European Union and the EU as a whole. On the basis of the information, the strategies of individual brand programs in the Czech Republic are evaluated and possibilities for improvement are presented. The basic methods of qualitative research used in the practical part of the thesis are the analysis of secondary data and field research. Using identified facts, own regional product is designed to meet the required criteria of the selected territory. In the form of a case study that is created as a manual, its communication activities are designed and the most appropriate branding program, including an explanation of the certification process, has been chosen.

Nápravná opatření k výsledkům auditu ve firmě / Nápravná opatření k výsledkům auditu ve firmě

Horálek, Jan

January 2008

Principal objective of my thesis is to create Report about review of the usability, adequacy and effectiveness of the system of the management of quality and environment in compliance with ČSN EN ISO 9001:2001 and ČSN EN ISO 14001:2005 for the year 2007. The thesis is divided in two parts which contain both theory and Report which rose from the concrete company. The result of my thesis should help to the company to regain the certificate about accomplishment of the requirement of the standard ČSN EN ISO 9001:2001 and ČSN EN ISO 14001:2005.

Aggregating Certificate Transparency Gossip Using Programmable Packet Processors

Dahlberg, Rasmus

January 2018

Certificate Transparency (CT) logs are append-only tamper-evident data structures that can be verified by anyone. For example, it is possible to challenge a log to prove certificate inclusion (membership) and log consistency (append-only, no tampering) based on partial information. While these properties can convince an entity that a certificate is logged and not suddenly removed in the future, there is no guarantee that anyone else observes the same consistent view. To solve this issue a few gossip protocols have been proposed, each with different quirks, benefits, assumptions, and goals. We explore CT gossip below the application layer, finding that packet processors such as switches, routers, and middleboxes can aggregate gossip passively or actively to achieve herd immunity: (in)direct protection against undetectable log misbehaviour. Throughout the thesis we describe, instantiate, and discuss passive aggregation of gossip messages for a restricted data plane programming language: P4. The concept of active aggregation is also introduced. We conclude that (i) aggregation is independent of higher-level transparency applications and infrastructures, (ii) it appears most prominent to aggregate Signed Tree Heads (STHs) in terms of privacy and scalability, and (iii) passive aggregation can be a long-term solution if the CT ecosystem adapts. In other words, not all sources of gossip must be encrypted to preserve privacy. / HITS, 4707

Certificate Transparency

CT

Gossip

P4

Computer Sciences

Datavetenskap (datalogi)

Tvorba bezpečného podniku ve vybraném průmyslovém odvětví / Creating a Secure Company in the Selected Industry

Kyselka, Petr

January 2021

This diploma thesis deals with the investigation of possible dangers threatening human health+ that may arise during activities in the construction company P&P Stavební společnost and the health and safety management system in the company. The introductory chapter introduces the construction company and its focus. The next chapter presents the theoretical background and concepts occurring in the thesis. In the following chapter, the risks of a specific company order were identified and quantified using the FMEA method, and the completed "Check-list" required to obtain the Safe Company certificate is given. Lastly, there are proposed solutions to reduce the identified risks and to successfully obtain the Safe Company certificate.

Bezpečný přístup do webového rozhraní / Secure access to web interface

Kazik, Milan

January 2009

This document contains basic principles and processes regarding secure access to web information system. It consists of theoretic and applied part. These are mainly written together in thesis’s chapters. Theoretic informations were tested on simple web application created in PHP computer language on Apache web server using MySQL database. In the beginning, there is an analysis of used programming environment, especially it’s advantages and disadvantages. The main part of this document is simple characterization of many security problems which can be found on many websites all around the world. In the first place it’s a handling problem of inputs and outputs in the web applications. Password disputableness is solving separatelly. Theory of a problem is analysed first of all. Then a couple of solving methods are suggested and the one which is practically realized is described in detail. There is a notification system created which is used to inform user about errors appeared in web application. In the last section there is a client and server certificates described. This document contains fully characterization of used scripts and connection between them. They are supplemented with many pictures and screenshots which are used to better understanding the disputableness of web security.

Projekt systému bezpečného podniku / Secure Enterprise System Project

Res, Dominik

Unknown Date

Diploma thesis is focused on Safe company (original name „Bezpečný podnik“) program, which is in Czech Republic symbol for company´s extra care of safety workplace, protection of employee´s health and systemic conception of those sections. Thesis is split in more parts. Theoretical, where is stated general procedure of risk analysis, employer´s law obligations towards those risks and analysis of work accidents and its evolution in Czech Republic. In analytical part is introduced program itself, its origin, law sources, control areas, and then also its advantages and disadvantages. Realization of concrete company´s risk analysis comes as next. Practical part contains mainly student´s suggestions for provisions in field of risks rating and analysis for concrete workplaces of Teplárny Brno, a.s. Lastly, description of deficit removal from fractional inspections for upholding the certificate of complex Safe company´s audit is described.

Kedjebrev : Påkallande av en aktiebrevsreform med anledning av ny modern teknik

Qvist, Cecilia

January 2020

Today's paper-based system regarding share certificates has long been considered obsolete in relation to the technical development that characterizes an otherwise digital market. Especially in relation to the inconveniences the system is associated with for limited liability companies, as well as for the shareholders.  Despite it being a known fact, no changes have been made in cases where amendments to the law have been discussed through official government reports. The solutions presented in the reports have been either an implementation of a share register or an extended function of the share ledger, both requiring the abolishment of share certificates. The opinion yet remained that the positive aspects of the paper-based share certificate system overweighed the negative ones due to technological shortcomings. However, in light of recent development in modern technology, a solution might be found in blockchain technology. The overall question of this thesis is thus to what extent the paper-based system raises problems and whether satisfactory solutions can be found in new technology. In order to present effective and competitive solutions, the thesis looks beyond the national boarders, towards foreign judicial system to find alternative ways of handling the issue of share certificates. Through the international perspective, blockchain technology is presented as a potential solution. In order to assess its compatibility with the Swedish judicial system a short introduction is made regarding the underlying technology. This also helps create an understanding of its pioneering nature. The technical introduction is then followed by a theoretical application of a blockchain-based solution for handling the share certificates as well as the share ledger. This leads to the conclusion that a potential solution is found in blockchain technology which, combined with the overall assessment of the negative aspects of a paper-based system, advocates for a reform.

Blockchain

share certificate

share ledger

Aktiebrev

aktiebok

blockkedja

Law

Juridik

DPP: Dual Path PKI for Secure Aircraft Data Communication

Buchholz, Alexander Karl

02 May 2013

Through application of modern technology, aviation systems are becoming more automated and are relying less on antiquated air traffic control (ATC) voice systems. Aircraft are now able to wirelessly broadcast and receive identity and location information using transponder technology. This helps reduce controller workload and allows the aircraft to take more responsibility for maintaining safe separation. However, these systems lack source authentication methods or the ability to check the integrity of message content. This opens the door for hackers to potentially create fraudulent messages or manipulate message content. This thesis presents a solution to handling many of the potential security issues in aircraft data communication. This is accomplished through the implementation of a Dual Path PKI (DPP) design which includes a novel approach to handling certificate revocation through session certificates. DPP defines two authentication protocols, one between aircraft and another between aircraft and ATC, to achieve source authentication. Digital signature technology is utilized to achieve message content and source integrity as well as enable bootstrapping DPP into current ATC systems. DPP employs cutting-edge elliptic curve cryptography (ECC) algorithms to increase performance and reduce overhead. T is found that the DPP design successfully mitigates several of the cyber security concerns in aircraft and ATC data communications. An implementation of the design shows that anticipated ATC systems can accommodate the additional processing power and bandwidth required by DPP to successfully achieve system integrity and security. / Master of Science

Air Traffic Control

ADS-B

PKI

ECC

Certificate Revocation