Acta Informatica Pragensia, 2015 (vol. 4), issue 3

It Leaks More Than You Think: Fingerprinting Users from Web Traffic Analysis

Xujing Huang

Acta Informatica Pragensia 2015, 4(3), 206-225 | DOI: 10.18267/j.aip.704016  

We show how, in real-world web applications, confidential information about user identities can be leaked through "non-intuitive communications", in particular web traffic which appear to be not related to the user information. In fact, our experiments on Google users demonstrate that even Google accounts are vulnerable on traffic attacks against user identities, using packet sizes and directions. And this work shows this kind of non-intuitive communication can leak even more information about user identities than the traffic explicitly using confidential information. Our work highlights possible side-channel leakage through cookies and more generally...

Security Measures in Automated Assessment System for Programming Courses

Jana Šťastná, Ján Juhár, Miroslav Biňas, Martin Tomášek

Acta Informatica Pragensia 2015, 4(3), 226-241 | DOI: 10.18267/j.aip.714121  

A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students' programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software...

Praxe digitálního forenzního vyšetřování v České republice a norma ISO/IEC 27037:2012

Practice of Digital Forensic Investigation in the Czech Republic and ISO/IEC 27037:2012

Jaromír Veber, Zdeněk Smutný, Ladislav Vyskočil

Acta Informatica Pragensia 2015, 4(3), 242-257 | DOI: 10.18267/j.aip.723158  

Digital forensics investigation undergone a great transformation in the past two decades. This is due to technological progress and already quite common use of ICT in society. This article deals with the standardization of the procedures for collecting potential digital evidence in connection with the ISO/IEC 27037:2012. This article presents some of the important principles presented in the standard. It also presents the views of two experts from the Czech Republic - criminal police investigator and forensic analyst. They introduce their practical experience regarding the collection and analysis of potential digital evidence and also discuss their...

Modifikácia steganografického algoritmu využívajúceho LSB použitím množiny stegomédií

Modification of Steganographic Algorithm Using LSB and a Set of Stegomedia

Branislav Madoš, Mária Feková

Acta Informatica Pragensia 2015, 4(3), 258-275 | DOI: 10.18267/j.aip.732335  

Ambition to achieve possibility to hide digitally represented information which is coded in bit sequences into digital cover media is fulfilled through a number of steganographic algorithms, including Least Significant Bit (LSB) algorithm. A further development of those algorithms can be seen in the use of multiple cover media in the form of their sets, into which digital information is distributed by the use of multiple distribution functions (multi-carrier steganographic algorithms). This paper describes design of steganographic algorithm that is based on the use of the Least Significant Bit (LSB) and three distribution functions, which allow to...

A Fine-Grained Data Access Control System in Wireless Sensor Network

Boniface K. Alese, Sylvester O. Olatunji, Oluwatoyin C. Agbonifo, Aderonke F. Thompson

Acta Informatica Pragensia 2015, 4(3), 276-287 | DOI: 10.18267/j.aip.743993  

The evolving realities of Wireless Sensor Network (WSN) deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well...

Využitie komunikácie na báze zvuku v distribúcii škodlivého softvéru bez prístupu k sieťovým službám

Using of Sound-Based Communication in the Process of Malware Distribution without Connectivity to Network Services

Ján Hurtuk

Acta Informatica Pragensia 2015, 4(3), 288-301 | DOI: 10.18267/j.aip.751940  

Nowadays, in today's society based on a wide range of the technical and computing devices, it opens wide scope for misusing vulnerabilities of managing software, for destructive or enriching purposes. Daily are developed and deployed increasingly sophisticated malicious software, enabling the controlling of contested system or misusing sensitive information that infected system stores. One of the yet unexplored areas represent non-standard forms of communication used by such software, without access to network services, which could in the future represent a real threat to certain conditions. This article describes the design and subsequent implementation...

Verifiable Distribution of Material Goods Based on Cryptology

Radomír Palovský

Acta Informatica Pragensia 2015, 4(3), 302-309 | DOI: 10.18267/j.aip.763017  

Counterfeiting of material goods is a general problem. In this paper an architecture for verifiable distribution of material goods is presented. This distribution is based on printing such a QR code on goods, which would contain digitally signed serial number of the product, and validity of this digital signature could be verifiable by a customer. Extension consisting of adding digital signatures to revenue stamps used for state-controlled goods is also presented. Discussion on possibilities in making copies leads to conclusion that cryptographic security needs to be completed by technical difficulties of copying.

Android Access Control Extension

Anton Baláž, Branislav Madoš, Michal Ambróz

Acta Informatica Pragensia 2015, 4(3), 310-317 | DOI: 10.18267/j.aip.773092  

The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC) based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes...

Několik myšlenek k tvorbě hesel

A Few Ideas for Creating Passwords

Petr Strossa, Radomír Palovský

Acta Informatica Pragensia 2015, 4(3), 318-325 | DOI: 10.18267/j.aip.782778  

There is about 6 × 10¹⁵ eight-character strings from Czech small and capital letters and numbers. The vast majority of such passwords is impossible to remember because of no association with any "reasonable" contents. In this paper we come to an estimate that the number of meaningful Czech sentences containing 4-5 words is certainly by several decimal orders higher (even without distinguishing small and capital letters), and passwords created in this way are easy to remember. Further we show some simple ways to extend the "space" of such passwords up to ca. 10⁴⁰ theoretically possible strings without significantly complicating...

Bezpečnostní management - systémový přístup

Security Management - Systems Approach

Milan Kný

Acta Informatica Pragensia 2015, 4(3), 326-335 | DOI: 10.18267/j.aip.792689  

The aim of the contribution is the use of the systems approach to treat security management as a practical field and new scientific discipline. The philosophy of systems approach to the solution of problems generally is an adequate methodological basis even for the theory of management. The path to the real optimization of security situation leads only through the holistic and solid solution. Applications of systems analysis and synthesis back up the fact, that systems approach and systems thinking should not absent in security objects. The truthfulness of the claim, that security management is a well-established discipline, depends on ongoing discussion...

Vybrané trendy kybernetické kriminality

Selected Trends of the Cybercrime

Josef Požár

Acta Informatica Pragensia 2015, 4(3), 336-348 | DOI: 10.18267/j.aip.803763  

The contribution paid particular attention to trends of the cybercrime in future period dedicated to combating negative phenomena in the context of cyberspace. The structure of article concern of definition of cybercrime, its legal classification especially choosing trends of cybercrime in future period.