You are here: Faculty of Informatics » Research and Development » Technical Reports » Authors

Technical Reports

A List by Author: Václav Matyáš

e-mail:
matyas(a)fi.muni.cz
home page:
http://www.fi.muni.cz/usr/matyas/index.html

Security of Biometric Authentication Systems -- Extended Version

by Václav Matyáš, Zdeněk Říha, A full version of the paper presented at conference Computer Information Systems and Industrial Management Applications 2010 June 2010, 27 pages.

FIMU-RS-2010-07. Available as Postscript, PDF.

Abstract:

This technical report outlines our views of actual security of biometric authentication and encryption systems. The attractiveness of some novel approaches like cryptographic key generation from biometric data is in some respect understandable, yet so far has lead to various shortcuts and compromises on security. The report starts with an introductory section that is followed by a section about variability of biometric characteristics, with a particular attention paid to biometrics used in large systems. The following sections then discuss the potential for biometric authentication systems, and for the use of biometrics in support of cryptographic applications as they are typically used in computer systems.

Neighbor-Based Intrusion Detection for Wireless Sensor Networks

by Andriy Stetsko, Lukáš Folkman, Václav Matyáš, May 2010, 33 pages.

FIMU-RS-2010-04. Available as Postscript, PDF.

Abstract:

The neighbor-based detection technique explores the principle that sensor nodes situated spatially close to each other tend to have similar behavior. A node is considered malicious if its behavior significantly differs from its neighbors. The detection technique is localized, unsupervised and adapts to changing network dynamics. Although the technique is promising, it has not been deeply researched in the context of wireless sensor networks yet. In this technical report we analyze symptoms of different attacks for the applicability of the neighbor-based technique. The analysis shows that the technique can be used for detection of selective forwarding, jamming and hello flood attacks. We implemented an intrusion detection system which employs the neighbor-based detection technique. The system was designed for and works on the TinyOS operating system running the Collection tree protocol. We evaluated accuracy of the technique in detection of selective forwarding, jamming and hello flood attacks. The results show that the neighbor-based detection technique is highly accurate, especially in the case when collaboration among neighboring nodes is used.

Key Distribution and Secrecy Amplification in Wireless Sensor Networks

by Petr Švenda, Václav Matyáš, November 2007, 63 pages.

FIMU-RS-2007-05. Available as Postscript, PDF.

Abstract:

This report targets the area of wireless sensor networks, and in particular their security. Probabilistic key pre-distribution schemes were developed to deal with limited memory of a single node and high number of potential neighbours. We present a new idea of group support for authenticated key exchange that substantially increases the resilience of an underlaying probabilistic key pre-distribution scheme against the threat of node capturing. We also propose a new method for automatic protocol generation which utilizes Evolutionary Algorithms (EA). The approach is verified on the automatic generation of secrecy amplification protocols for wireless sensor networks. All human-designed secrecy amplification protocols proposed so far were re-invented by the method. A new protocol with better fraction of secure links was evolved. An alternative construction of secrecy amplification protocol was designed which exhibits only linear (instead of exponential) increase of needed messages when the number of communication neighbours is growing. As a message transmission is a battery expensive operation, this more efficient protocol can significantly save this resource.

Application-Level Firewall Protection Profile for High Robustness Environments-Initial Considerations

by Mark Kelly, Václav Matyáš, Ahmed Patel, April 2004, 43 pages.

FIMU-RS-2004-02. Available as Postscript, PDF.

Abstract:

Firewalls act as access control policy mediators between networks. They either permit or block the exchange of data between networks. The ability to permit or block the transfer of data means firewalls can be used to selectively allow access to the resources it protects. Firewalls of varying security levels have been created to provide security that is adequate to the sensitivity of the data being protected. Firewalls are often formally evaluated to certify what level of security they are suitable for. They are evaluated against so-called security evaluation criteria -- standardised descriptions of security measures. Common Criteria (CC) is the current global standard for evaluations. Firewall security attributes are described in a Protection Profile (PP) that defines an implementation-independent set of security requirements and objectives for a category of products or systems that meet similar consumers needs for IT security. Our project set out to produce a summary of security issues for an Application-Level Firewall Protection Profile (PP) for a High Robustness Environment. We started our work with the Basic-Level Firewall PP, the Medium-Level Firewall PP and the High-Level Mail Guard PP. The two firewall PPs and the Mail Guard PP are compared to give an insight into what the issues concerning the High-Level Firewall PP are. This High-Level Firewall PP is then discussed in terms of its major principles.

Biometric Authentication Systems

by Zdeněk Říha, Václav Matyáš, November 2000, 44 pages.

FIMU-RS-2000-08. Available as Postscript, PDF.

Abstract:

Biometrics is the name of a security hype these days. Although biometrics are not completely new, they are becoming more and more popular nowadays. The first part of the technical report explains the principle of biometric systems and describes various biometric techniques. In the second part security issues of biometric systems are discussed.