Analyzátor USB paketů

The USB bus is the most common way of connecting peripherals to personal computers. The goal of this thesis is to create an application which analyzes communication between a device connected to this bus and a computer. The application is capable to readably display analyzed data, with specific focus on HID class devices. The application implements semantic analysis of a subset of HID devices consisting of mice, keyboards and joysticks. The methods that the application uses to visually represent data are inspired by already existing applications, where our application combines them and impoves their capabilities to achieve better results. Notable part of the application is its ability to parse HID Report Descriptor, to accomplish easier addition of new HID devices for semantic analysis. Overall design of the application is general enough to allow simple addition of analysis for other USB classes. 1USB zbernica je dnes jedným z najrozšírenejších spôsobov pripojenia perifé- rií k počítaču. Cieľom práce bolo vytvoriť software, ktorý analyzuje zachytenú komunikáciu medzi zariadnením pripojeným na danú zbernicu a počítačom. Aplikácia prehľadným spôsobom vizuálne zobrazuje zanalyzované dáta - kon- krétne sa zameriava na HID triedu zariadení a ponúka aj sémantický význam jej úzkej podmnožiny do ktorej patria myš, klávesnica a joystick. Pri vizuálnej re- prezentácii dát sa práca inšpiruje rôznymi dostupnými softwarmi, pričom rozlične kombinuje resp. dopĺňa ich vlastnosti a implementuje z nich tie, ktoré vníma ako najlepšie riešenie v danej situácii. Dôležitá vlastnosť aplikácie je parsovanie HID Report Descriptoru vďaka kto- rému bude v budúcnosti jednoduchšie pridať sémantickú analýzu rôznym ďalším HID zariadeniam. Celkový návrh aplikácie by mal ponúknuť možnosť budúcej implementácie ďalších USB tried pre prípadné rozšírenie. 1Katedra distribuovaných a spolehlivých systémůDepartment of Distributed and Dependable SystemsMatematicko-fyzikální fakultaFaculty of Mathematics and Physic

Packet analysis for network forensics: A comprehensive survey

Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic classification and pattern identification capabilities. Considering that not all network information can be used in court, the types of digital evidence that might be admissible are detailed. The properties of both hardware appliances and packet analyzer software are reviewed from the perspective of their potential use in network forensics

Τεχνολογίες και εργαλεία εξομοίωσης και βελτιστοποίησης δικτύων επόμενης γενιάς

Σκοπός της εργασίας είναι η δημιουργία εργαστηρίων εξομοίωσης δικτύων ώστε να γίνουν κατανοητά διάφορα πρωτόκολλα και τεχνολογίες δικτύωσης.Επιπλέον, σε συνεργασία με πάροχο κινητής τηλεφωνίας, χρησιμοποιήθηκαν προγράμματα που χρησιμοποιεί, με σκοπό την εξέταση των συνθηκών τουδικτύου του.Το πρώτο μέρος αποτελείται από 8 εργαστηριακές διαλέξεις, σχετικές με το εργαλείο εξομοίωσης δικτύων Packet Tracer της Cisco.Το δεύτερο εκπονήθηκε σε συνεργασία με πάροχο τηλεφωνίας. Σε αυτό παρουσιάζονται προγράμματα διεξαγωγής drive testing, geolocation χρηστώνκινητής, geolocation reporting βάσει των δεδομένων που έχουν συλλεχθεί και πρόγραμμα ανάλυσης των συλλεγμένων δεδομένων. Επιπλέον, αναπτύχθηκεκαι κώδικας στη γλώσσα προγραμματισμού python.The purpose of the work is to create network simulation laboratories in order to explain various networking protocols and technologies. In addition, in collaboration with a mobile operator, programs were used to examine the conditions of its network. The first part consists of 8 laboratory lectures , related to Cisco's Packet Tracer network emulation tool. The second was developed in collaboration with a telephony provider. It presents programs for conducting drive testing, geolocation of mobile users, geolocation reporting based on the collected data and a program for analyzing the collected data. In addition, code was also developed in the python programming language

Povećanje bezbednosti i privatnosti integrisanjem sigurnog blokčejn interfejsa u arhitekturu interneta stvari

Internet stvari i blokčejn se smatraju za dve glavne tehnologije današnjice. Smanjenje kašnjena i povezanost sistema je dovelo do veće fleksibilnosti pri korišćenju aplikacija koje se nalaze na udaljenim uređajima. Najveći problem interneta stvari je to da nemaju dovoljno računarskih resusrsa, nedovoljna količina memorije i slabi procesori koji su optimizovani da troše malo energiije sprečavaju korišćenje robusnih algoritama za šifrovanje. Internet stvari se suočava sa mnogim izazovima, kao što su slaba interoperabilnost, bezbednosne ranjivosti, privatnost i nedostatak standarda. U ovom radu daje se predlog korišćenja softverskog interfejsa kao arhitekture sigurnosnog prolaza za pametne uređaje. Sigurnosni interfejs omogućava korišenje jačih kriptografskih algoritama za udaljenje servise pamethih uređaja. Ovaj pristup pobojšava bezbednost podataka koji šalju pametni uređaji korišćenjem kompitablnih algoritama za šifrovanje podataka pre nego što se proslede na udaljenje servise. Pored interfejsa u ovom radu se koristi i blokčejn tehnologiija. Razlog korišćenja blokčejn tehnolgije je da se u mrežu povezanih pametnih uređaja ubaci decentralizacija i autentifikacija. Samom integracijom blokčejna dobija se toliko potrebna anonimnost i fleksibilnost koju trenutni internet stvari nema. Blokčejn štiti interfejs svojim tehnologijama kojima se izbacuje jedna tačka kontrole, beleže se sve transakcije, proverava njihova validnost i samim tim se pruža poverenje među uređajima u jednoj mreži. Rezultat ovog rada je razvoj interfejsa koji daje podršku pametnim uređajima da koriste bilo koji kriptografski algoritam, daje mogućnost mapiranja IP adresa (engl. Internet Protocol address) i na taj način spreče pristup neautorizovani pristup mreži. Pored razvoja interfejsa, blokčejn tehnologija će biti uključena u kompitablnom režimu tako da je efikasna za rad na pametnim uređajima imajući u obzir limitacije sa resursima