Template-Type: ReDIF-Article 1.0
Author-Name: Xujing Huang
Title: It Leaks More Than You Think: Fingerprinting Users from Web Traffic Analysis
Abstract: We show how, in real-world web applications, confidential information about user identities can be leaked through “non-intuitive communications”, in particular web traffic which appear to be not related to the user information. In fact, our experiments on Google users demonstrate that even Google accounts are vulnerable on traffic attacks against user identities, using packet sizes and directions. And this work shows this kind of non-intuitive communication can leak even more information about user identities than the traffic explicitly using confidential information. Our work highlights possible side-channel leakage through cookies and more generally discovers fingerprints in web traffic which can improve the probability of correctly guessing a user identity. Our analysis is motivated by Hidden Markov Model, distance metric and guessing probability to analyse and evaluate these side-channel vulnerabilities.
Keywords: Side-channel leakages, web applications, Google accounts, user identities
Pages: 206-225
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=70.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/124
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:70:p:206-225
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/70

Template-Type: ReDIF-Article 1.0
Author-Name: Jana Šťastná
Author-Name: Ján Juhár
Author-Name: Miroslav Biňas
Author-Name: Martin Tomášek
Title: Security Measures in Automated Assessment System for Programming Courses
Abstract: A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students’ programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.
Keywords: Automated assessment, Programming assignment, Unsafe code, Virtual environment, Docker, System availability
Pages: 226-241
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=71.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/132
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:71:p:226-241
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/71

Template-Type: ReDIF-Article 1.0
Author-Name: Jaromír Veber
Author-Name: Zdeněk Smutný
Author-Name: Ladislav Vyskočil
Title: Practice of Digital Forensic Investigation in the Czech Republic and ISO/IEC 27037:2012
Abstract: Digital forensics investigation undergone a great transformation in the past two decades. This is due to technological progress and already quite common use of ICT in society. This article deals with the standardization of the procedures for collecting potential digital evidence in connection with the ISO/IEC 27037:2012. This article presents some of the important principles presented in the standard. It also presents the views of two experts from the Czech Republic - criminal police investigator and forensic analyst. They introduce their practical experience regarding the collection and analysis of potential digital evidence and also discuss their views on the content of the standard. This makes it possible to point out the discrepancies between the recommendations laid down in the standard and practice. The general recommendations of the standard are commented in the article with references to some basic procedures used in the Czech Republic for potential digital evidence acquisition and collection.
Keywords: digital forensic investigations, Czech Republic, practice, Digital evidence collection, digital evidence acquisition, ISO 27037, Sběr digitální důkazů, praxe, digitálního forenzního vyšetřování, Česká republika, ISO 27037
Pages: 242-257
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=72.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/103
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:72:p:242-257
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/72

Template-Type: ReDIF-Article 1.0
Author-Name: Branislav Madoš
Author-Name: Mária Feková
Title: Modification of Steganographic Algorithm Using LSB and a Set of Stegomedia
Abstract: Ambition to achieve possibility to hide digitally represented information which is coded in bit sequences into digital cover media is fulfilled through a number of steganographic algorithms, including Least Significant Bit (LSB) algorithm. A further development of those algorithms can be seen in the use of multiple cover media in the form of their sets, into which digital information is distributed by the use of multiple distribution functions (multi-carrier steganographic algorithms). This paper describes design of steganographic algorithm that is based on the use of the Least Significant Bit (LSB) and three distribution functions, which allow to distribute digital information into the set of cover media. The part of this article is describing software solution which was designed, developed and tested as the part of this research.
Keywords: Least Significant Bit, Steganography, Multi-carrier, LSB, LSB, multi-carrier, Steganografia, Least Significant Bit
Pages: 258-275
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=73.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/116
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:73:p:258-275
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/73

Template-Type: ReDIF-Article 1.0
Author-Name: Boniface K. Alese
Author-Name: Sylvester O. Olatunji
Author-Name: Oluwatoyin C. Agbonifo
Author-Name: Aderonke F. Thompson
Title: A Fine-Grained Data Access Control System in Wireless Sensor Network
Abstract: The evolving realities of Wireless Sensor Network (WSN) deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE) to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.
Keywords: Security, Attribute-Based Signature, ABE, Fine-grained data access control, Bell Lapadula access policy model, WSN, Wireless sensor network
Pages: 276-287
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=74.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/123
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:74:p:276-287
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/74

Template-Type: ReDIF-Article 1.0
Author-Name: Ján Hurtuk
Title: Using of Sound-Based Communication in the Process of Malware Distribution without Connectivity to Network Services
Abstract: Nowadays, in today’s society based on a wide range of the technical and computing devices, it opens wide scope for misusing vulnerabilities of managing software, for destructive or enriching purposes. Daily are developed and deployed increasingly sophisticated malicious software, enabling the controlling of contested system or misusing sensitive information that infected system stores. One of the yet unexplored areas represent non-standard forms of communication used by such software, without access to network services, which could in the future represent a real threat to certain conditions. This article describes the design and subsequent implementation of a special type of malicious software that communications components are based on IRC (Internet Relay Chat) and in case of unavailability of the network connection takes into account the possibility of communicating infected computer systems by generating sound waves. It examines the various branches of behavior, based on ongoing conditions, its weaknesses, and finally points out the most important indicators of the effectiveness of its activities. The second part of the article is devoted to experimental methods of communication using sound waves with frequencies outside the audible range. The last part of the article presents the results of a questionnaire, which clearly point to the widespread use of equipment needed to run the branches of the virus, which is closely associated with the generation of signals with the help of sound waves, and thus point to the threat of the possible use of similarly based viruses in real operation. In conclusion, it is pointed out to the fact that a similar type of malware is fully usable under certain conditions, and it can be fully deployed in real environment.
Keywords: communication, Malware, experiment, sound waves, škodlivý softvér, komunikácia, experiment, zvukové vlny
Pages: 288-301
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=75.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/115
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:75:p:288-301
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/75

Template-Type: ReDIF-Article 1.0
Author-Name: Radomír Palovský
Title: Verifiable Distribution of Material Goods Based on Cryptology
Abstract: Counterfeiting of material goods is a general problem. In this paper an architecture for verifiable distribution of material goods is presented. This distribution is based on printing such a QR code on goods, which would contain  digitally signed serial number of the product, and validity of this digital signature could be verifiable by a customer. Extension consisting of adding digital signatures to revenue stamps used for state-controlled goods is also presented. Discussion on possibilities in making copies leads to conclusion that cryptographic security needs to be completed by technical difficulties of copying.
Keywords: digital signature, verifiable distribution, QR code, material goods, revenue stamp
Pages: 302-309
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=76.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/131
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:76:p:302-309
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/76

Template-Type: ReDIF-Article 1.0
Author-Name: Anton Baláž
Author-Name: Branislav Madoš
Author-Name: Michal Ambróz
Title: Android Access Control Extension
Abstract: The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC) based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.
Keywords: Security, Android, profile, access control, policy, MAC, sandbox
Pages: 310-317
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=77.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/118
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:77:p:310-317
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/77

Template-Type: ReDIF-Article 1.0
Author-Name: Petr Strossa
Author-Name: Radomír Palovský
Title: A Few Ideas for Creating Passwords
Abstract: There is about 6 × 10^15 eight-character strings from Czech small and capital letters and numbers. The vast majority of such passwords is impossible to remember because of no association with any “reasonable” contents. In this paper we come to an estimate that the number of meaningful Czech sentences containing 4-5 words is certainly by several decimal orders higher (even without distinguishing small and capital letters), and passwords created in this way are easy to remember. Further we show some simple ways to extend the “space” of such passwords up to ca. 10^40 theoretically possible strings without significantly complicating the possibility to remember the chosen password. A method for efficient generation of strong passwords is thus offered.
Keywords: Security, password, Czech language, alphabet, grammar, heslo, čeština, gramatika, bezpečnost, abeceda
Pages: 318-325
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=78.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/129
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:78:p:318-325
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/78

Template-Type: ReDIF-Article 1.0
Author-Name: Milan Kný
Title: Security Management - Systems Approach
Abstract: The aim of the contribution is the use of the systems approach to treat security management as a practical field and new scientific discipline. The philosophy of systems approach to the solution of problems generally is an adequate methodological basis even for the theory of management. The path to the real optimization of security situation leads only through the holistic and solid solution. Applications of systems analysis and synthesis back up the fact, that systems approach and systems thinking should not absent in security objects. The truthfulness of the claim, that security management is a well-established discipline, depends on ongoing discussion that represents useful process of development of new scientific discipline. At the same time the rationality of science and systematism works as a counterbalance to irrational fear of the whole society, too. Which questions of security remain open in relation to „our interests“? Current problems of Europe should be solved systematically. It is necessary to define the space of interest (territorially the border of the EU or the Schengen area), to implement the system to the object with respect to the borders of the space, to specify the structure and subjects of decision making and implementation.
Keywords: ICT, ICT, Systems thinking, systémové myšlení, systémový přístup, Systems Approach, Security Management, Cybernetics, Research, Crisis management, Terminology, Bezpečnostní management, terminologie, kybernetika, výzkum, krizové řízení
Pages: 326-335
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=79.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/130
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:79:p:326-335
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/79

Template-Type: ReDIF-Article 1.0
Author-Name: Josef Požár
Title: Selected Trends of the Cybercrime
Abstract: The contribution paid particular attention to trends of the cybercrime in future period dedicated to combating negative phenomena in the context of cyberspace. The structure of article concern of definition of cybercrime, its legal classification especially choosing trends of cybercrime in future period.
Keywords: Trends, trendy, Cybercrime, Cyber-attacks, Law, Kybernetická kriminalita, kybernetické útoky, právo
Pages: 336-348
Volume: 2015
Issue: 3
Year: 2015
File-URL: http://www.vse.cz/aip/download.php?jnl=aip&pdf=80.pdf
File-URL: http://aip.vse.cz/index.php/aip/article/view/117
File-Format: text/html
Handle: RePEc:prg:jnlaip:v:2015:y:2015:i:3:id:80:p:336-348
X-File-Ref: http://www.vse.cz/RePEc/prg/jnlaip/references/80