Library and Tools for Server-Side DNSSEC Implementation

Tato práce se zabývá analýzou současných open source řešení pro zabezpečení DNS zón pomocí technologie DNSSEC. Na základě provedené rešerše je navržena a implementována nová knihovna pro použití na autoritativních DNS serverech. Cílem knihovny je zachovat výhody stávajících řešení a vyřešit jejich nedostatky. Součástí návrhu je i sada nástrojů pro správu politiky a klíčů. Funkčnost vytvořené knihovny je ukázána na jejím použití v serveru Knot DNS.This thesis deals with currently available open-source solutions for securing DNS zones using the DNSSEC mechanism. Based on the findings, a new DNSSEC library for an authoritative name server is designed and implemented. The aim of the library is to keep the benefits of existing solutions and to eliminate their drawbacks. Also a set of utilities to manage keys and signing policy is proposed. The functionality of the library is demonstrated by it's use in the Knot DNS server.

Support of Snapshot and Rollback of Configuration Files in Fedora

Tato práce se zabývá analýzou možností zálohování a verzování konfiguračních souborů pod operačním systémem GNU/Linux. Na základě zjištěných skutečností je navržen, implementován a otestován nový nástroj pro distribuci Fedora. Jeho cílem je zachovat výhody existujích řešení a odstranit jejich nedostatky. Také přináší nové užitečné funkce, jako je synchronizace se vzdáleným serverem a možnost integrace do jiných nástrojů pro správu.This thesis deals with current possibilities of creating backups and versioning of configuration files in GNU/Linux operating system. Based on the findings a new tool for Fedora distribution was designed, implemented, and tested. The aim of the tool is to keep the benefits of existing solutions and to eliminate their drawbacks. In addition, it brings some new and useful features like synchronization with remote server and integration with other management tools.

Can NSEC5 be practical for DNSSEC deployments?

NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf

Leveraging Structural Health Monitoring Data Through Avatars to Extend the Service Life of Mass Timber Buildings

Mass timber construction systems, incorporating engineered wood products as structural elements, are gaining acceptance as a sustainable alternative to multi-story concrete or steel-frame structures. The relative novelty of these systems brings uncertainties on whether these buildings perform long-term as expected. Consequently, several structural health monitoring (SHM) projects have recently emerged to document their behavior. A wide and systematic use of this data by the mass timber industry is currently hindered by limitations of SHM programs. These limitations include scalability, difficulty of data integration, diverse strategies for data collection, scarcity of relevant data, complexity of data analysis, and limited usability of predictive tools. This perspective paper envisions the use of avatars as a Web-based layer on top of sensing devices to support SHM data and protocol interoperability, analysis, and reasoning capability and to improve life cycle management of mass timber buildings. The proposed approach supports robustness, high level and large-scale interoperability and data processing by leveraging the Web protocol stack, overcoming many limitations of conventional centralized SHM systems. The design of avatars is applied in an exemplary scenario of hygrothermal data reconstruction, and use of this data to compare different mold growth prediction models. The proposed approach demonstrates the ability of avatars to efficiently filter and enrich data from heterogeneous sensors, thus overcoming problems due to data gaps or insufficient spatial distribution of sensors. In addition, the designed avatars can provide prediction or reasoning capability about the building, thus acting as a digital twin solution to support building lifecycle management

Arrow-mounted ballistic system for measuring performance of arrows equipped with hunting broadheads

Measuring an arrow's ballistic performance such as arrow velocity on impact, total time of flight and arrow shaft oscillation is challenging because of the dynamic nature of arrow flight. This challenge becomes increasingly difficult as the distance of the shot increases. It is also of great interest to bowhunters to understand the ballistic performance of arrows that include hunting broadheads. A miniaturized, sensory data acquisition system, located in the arrow tip and engineered to withstand the high accelerations experienced at launch and impact, enables the precise measurement of arrow ballistics in flight. By continuously recording arrow drag in flight, the system enables measurement of the ballistic performance of an arrow as it travels downrange. The authors have also built an adapter that is connected to the housing of the sensing system to allow for comparative ballistic tests to be performed on hunting broadheads. Here, we present results obtained using the sensing system to perform initial testing on two commercially available broadheads at shot distances of approximately 45 m

Making NSEC5 Practical for DNSSEC

NSEC5 is a proposed modification to DNSSEC that guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. In this work, we redesign NSEC5 in order to make it practical and performant. Our NSEC5 redesign features a new verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into DNSSEC, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5 for both nameserver and recursive resolver, and evaluate performance under aggressive DNS query loads. We find that our redesigned NSEC5 can be viable even for high-throughput scenarios

Diagnostics of subclinical atherosclerosis

Atherosclerosis and its occurrence has become a highly actual problem of the industrial world. Statistics clearly show that 50% of deaths in the Czech Republic is caused by cardiovascular diseases associated with atherosclerosis. The sooner we are able to diagnose it's early stages, the sooner adequate therapy can be initiated in order to slower the progression of already existing atherosclerotic lesions. The methods that help to diagnose asymptomatic atherosclerosis contain especially the carotid ultrasound, the coronary calcium score and ankle-brachial-index. Carotid or aortic calcifications can be also randomly found on general chest X-ray, however. Advantage of these methods is their non-invasiveness and the instant availability of results. Additionally, the costs are relatively low (with exception of CCS). All methods require adequate equipment and knowledge

Laboratory and In-Situ Testing of Integrated FBG Sensors for SHM for Concrete and Timber Structures

Long-term structural health monitoring (SHM) plays an important role in the safety of public transport infrastructure such as bridges or tunnels and warns in the event of any emerging problem. This article describes development and testing of system based on fiber Bragg grating (FBG) sensors that can detect changes in strain and temperature. The first phase of the research has been focused on the development of new fiber optic sensors for the monitoring of concrete structures and their investigation in laboratory conditions. The work also shows novel applicability of the same FBG technology for glulam structures. Mechanical loading tests of the concrete beam as well as glulam beam with embedded sensors were carried out. Data measured by developed fiber optic sensors were compared with the readings from reference sensors as well as with the analytically calculated values. The achieved results proved good agreement between the measured data, analytical data and reference methods. In second phase of the research, the pilot installation of the sensors was carried out on the newly constructed prestressed-concrete bridge. The bridge was monitored throughout pre-stressing phase and monitoring continued after the completion of the construction works. Problems with the fragility of the sensors occurred during the measurements, but the obtained results provide a good basis for further improvement of the system

Measuring the Physical Activity of Seniors before and during COVID-19 Restrictions in the Czech Republic

Social workers require a better understanding of the impact of pandemic measures on the level of physical activity of their clients to better target client activation. In this retrospective tracker-based study (two years of measurement), we examined changes in the physical activity of the elderly population (204 participants with an average age of 84.5 years) in the Czech Republic as a result of measures to prevent the spread of COVID-19. Physical activity was statistically compared according to the physical, demographic and social conditions of the participants. In addition to observing the expected activity decrease during the COVID-19 pandemic, we made several hypotheses based on the sex, age group, body mass index, type of housing (apartment or house) and size of the city of residence. We found that 33% of the 204 participants had increased levels of physical activity in the period following the COVID-19 pandemic outbreak in Central Europe. We found that the size of the city where the seniors lived and the type of housing did not affect the general level of physical activity. When comparing physical acquisition rates in each month of 2019 and 2020, we saw the largest declines in April and May 2020, that is, one month after the start of the lockdown