Archived research projects in CRoCS laboratory

Below, you can find older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).


Last update: 08.01.2016

Contact: Zdenek Říha zriha@fi.muni.cz

Project description: This project focuses on automated generation of attacker's strategies against real implementation of various network applications. Currently, we aim to optimize existing Denial of Service attacks (DoS attacks, Link) in order to achieve maximum impact on the victim webserver. GANet contains source codes we are using - for now, combination of OS apps (Perfmon,…) and Python scripts.

Involved people:

Former participants: Tatevik Baghdasaryan 2014-2015 (testing simple web server);

Selected publications


Last update: 14.9.2015

Status: Completed/On hold

Contact: Petr Švenda svenda@fi.muni.cz

Project description: This project is focused on design and development of the special implementations of cryptographic functions able to operate in an environment under full control of an attacker and still able to protect used secrets (e.g., encryption keys).

  • Research project internal wiki pages
  • Whitebox AES implementation in Cpp and Java (GitHub repositories)
  • SecureFW framework for source codes and binaries - earlier version of whitebox AES implementation in Cpp, secure channel with JavaCard smart card
  • Explanation of whitebox cryptography, homomorphic encryption and computation with encrypted function/data: slides
  • List of resources related to whitebox cryptography

Involved people:

Former participants: Marián Čečunda 2013-2015 (Whitebox RSA, HMAC, Keccak); Dušan Klinec 2012-2014 (whitebox AES implementation, attacks);

Selected publications


Last update: 14.1.2016

Status: Completed/On hold

Contact: Vít Bukač xbukac@fi.muni.cz

Project description: We want to map the dark economy behind Denial-Of-Service attack services (DDoSaaS) for hire, the communication between DDoSaaS providers and customers and collect samples of attack traffic from real existing DDoS services. This project is about getting hands-on experience with network attacks in real environment instead of in closed labs, analyzing often neglected economy aspect of network attacks and dipping into the mindset of a cyber-criminal.

Involved people:

Publications


Last update: 14.10.2014

Status: Completed/On hold

Contact: Zdeněk Říha zriha@fi.muni.cz ; Dušan Klinec ph4r05@mail.muni.cz

Project description: These activities look at the security issues of the Android installation files (APK). The Android APK files are digitally signed, but the signer can be anybody. Therefore it is possible to to modify the APK files (to include malware, for example) and resign it. This can be done in an automated way. Such a modification/infection can also be done online in the form of the man-in-the-middle attack where the APK package is transparently modified on its way from the server towards the mobile device if no encryption of the communication is done.

Involved people:

Former participants: Jan Svoboda (2013-2014), Eduard Cihuňka (2013-2014)

Selected publications