Ing. Simona Fornůsek, Ph.D.

Publikace

Symmetric and Asymmetric Schemes for Lightweight Secure Communication

Rok
2022
Publikováno
Information Systems Security and Privacy. Basel: Springer Nature Switzerland AG, 2022. p. 97-114. ISSN 1865-0929. ISBN 978-3-030-94899-3.
Typ
Stať ve sborníku
Anotace
The paper deals with the topic of lightweight authentication and secure communication for constrained hardware devices such as IoT or embedded devices. In the paper, protocols based on both symmetric and asymmetric schemes are presented, utilizing a PUF/TRNG combined module, showing it is advantageous to have single module that will allow generation of both TRNG and PUF at the same time. This approach minimizes implementation requirements and operational resource consumption. Moreover, it allows the simplification of the overall key management process as the proposed protocols do not require to store secrets on the devices themselves. This paper is the extended and revised version of the paper entitled "Lightweight Authentication and Secure Communication Suitable for IoT Devices" [1] presented at the 6th International Conference on Information Systems Security and Privacy (ICISSP) 2020.

Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Autoři
Kotlaba, L.; Fornůsek, S.; Lórencz, R.
Rok
2021
Publikováno
Proceedings of the 7th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2021. p. 376-383. ISSN 2184-4356. ISBN 978-989-758-491-6.
Typ
Stať ve sborníku
Anotace
Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection al- gorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.

Active Directory Kerberoasting Attack: Monitoring and Detection Techniques

Autoři
Kotlaba, L.; Fornůsek, S.; Lórencz, R.
Rok
2020
Publikováno
Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 432-439. ISSN 2184-4356. ISBN 978-989-758-399-5.
Typ
Stať ve sborníku
Anotace
The paper focus is the detection of Kerberoasting attack in Active Directory environment. The purpose of the attack is to extract service accounts’ passwords without need for any special user access rights or privilege escalation, which makes it suitable for initial phases of network compromise and further pivot for more interesting accounts. The main goal of the paper is to discuss the monitoring possibilities, setting up detection rules built on top of native Active Directory auditing capabilities, including possible ways to minimize false positive alerts.

Lightweight Authentication and Secure Communication Suitable for IoT Devices

Rok
2020
Publikováno
Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 75-83. ISSN 2184-4356. ISBN 978-989-758-399-5.
Typ
Stať ve sborníku
Anotace
In this paper we present the protocols for lightweight authentication and secure communication for IoT and embedded devices. The protocols are using a PUF/TRNG combined circuit as a basic building block. The goal is to show the possibilities of securing communication and authentication of the embedded systems, using PUF and TRNG for secure key generation, without requirement to store secrets on the device itself, thus allowing to significantly simplify the problem of key management on the simple hardware devices and microcontrollers, while allowing secure communication.

True random number generator based on ring oscillator PUF circuit

Rok
2017
Publikováno
Microprocessors and Microsystems. 2017, 53 33-41. ISSN 0141-9331.
Typ
Článek
Anotace
In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as Physically Unclonable Function (PUF) based on ring oscillators. The goal is to show that it is possible to design the universal crypto system, that can be used for various applications – the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, True Random Number Generator (TRNG) for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

Temperature Dependence of ROPUF on FPGA

Rok
2016
Publikováno
Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 698-702. ISBN 978-1-5090-2816-0.
Typ
Stať ve sborníku
Anotace
This paper continues and extends our previous work introduced in [3], [4], in which we proposed a ring oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. Our original design used asymmetric ROs, i.e. without constrained placement of gates. In this paper, we investigate the behaviour of the proposed ROPUF using symmetric ROs, and compare them against the original approach with asymmetric ROs. The measurement results showed that the ROPUF with symmetric ROs is approximately two times more stable with varying temperature. We have also compared three different methods of information extraction from ROPUF based on frequency measurement. The measured results show that out of these three methods, our one is the most stable against change of temperature. The measurements were performed on Digilent Basys 2 FPGA boards (Xilinx Spartan3E-100 CP132).

True Random Number Generator Based on ROPUF Circuit

Rok
2016
Publikováno
Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 519-523. ISBN 978-1-5090-2816-0.
Typ
Stať ve sborníku
Anotace
In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as PUF based on ring oscillators. The goal is to prove that it is possible to design the universal crypto system, that can be used for various applications - the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, TRNG for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

Frequency Injection Attack on a Random Number Generator

Autoři
Hlaváč, J.; Fornůsek, S.
Rok
2013
Publikováno
Proc. of the 16th IEEE Symposium on Design and Diagnostics of Electronic Circuits and Systems. Brno: NOVPRESS, 2013. pp. 128-130. ISSN 2334-3133. ISBN 978-1-4673-6135-4.
Typ
Stať ve sborníku
Anotace
In this paper we present a frewuency injection attack on a random number generator implemented in an Atmel AVR microcontroller. Two variants of the attack are attemped: an invasive attack with a direct modification of the power supply, and a non-invasive attack with no modification of the device.

Testing a Random Number Generator

Autoři
Rok
2011
Publikováno
POSTER 2011 - 15th International Student Conference on Electrical Engineering. Praha: České vysoké učení technické v Praze, Fakulta elektrotechnická, 2011, ISBN 978-80-01-04806-1. Available from: http://radio.feld.cvut.cz/conf/poster2011/
Typ
Stať ve sborníku vyzvaná či oceněná
Anotace
In this paper we present the testing of a true random generator implemented on an Atmel AVR microcontroller. This generator uses the jitter of the RC oscillator as the source of entropy. We applied Discrete Fourier Transform to identify component frequencies and to visualize the periodogram of the generated random bit stream. Then we used the ENT and Diehard test suites to identify and pick truly random bits with sufficient entropy, which are secure to use. Finally, we discuss the results and suggest other possible tests.