Ing. Tomáš Vaněk, Ph.D.

A lot of effort has been made to devise a scheme for verifiable and privacy-preserving outsourcing of arbitrary computations. However, such schemes rely on Fully Homomorphic Encryption which is still far from practical. In our work, we instead focus solely on encryption schemes with single homomorphic operation, in particular addition. We define a rigorous framework that gives the data originator a possibility to check what values have been incorporated within provided homomorphic aggregate. We also propose a practical scheme that instantiates this framework and prove that it achieves Indistinguishability under Non-Adaptive Chosen Ciphertext Attack (IND-CCA1). The definition of our framework led us further to a straightforward modification of the security notions of Non-Malleability (NM) and Adaptive Chosen Ciphertext Attack (CCA2). Our modification aims at preventing trivial breach which is by principle unavoidable for plain homomorphic encryption. With our enhancement, the notions of security can serve as a novel security goal for any future verifiable homomorphic schemes.

Mobile cloud computing is a solution for offloading computation from mobile devices in order to overcome their major limitations: short battery life-time and limited computational power. However, the conventional centralized cloud with large server farms may result in a high delay of offloaded data transmission from the mobile device to the cloud and in congestion of backhaul due to offloading of high amount of data. These problems scale down the usage of common mobile cloud computing, especially for real-time services and applications. The perceived delay can be minimized by redeployment of computation resources to the edge of mobile network, for example, to the cloud-enabled base stations, as these are close to the users. To implement this new paradigm, the architecture of conventional mobile network must be enhanced with a computation management unit, which controls processing of offloaded tasks at cloud-enabled base stations. In order to reduce signaling delay and to minimize signaling load introduced by this concept, we introduce two options of new distributed deployments of the management unit. We also discuss integration of the proposed solution into 5G mobile networks based on C-RAN. By analysis and simulations of the proposed architectures, we proof that both signaling delay and signaling load could be significantly reduced comparing to centralized solutions.

Direct communication between two or more devices without the intervention of a base station, known as device-to-device (D2D) communication, is a promising way to improve performance of cellular networks in terms of spectral and energy efficiency. The D2D communication paradigm has been largely exploited in non-cellular technologies such as Bluetooth or Wi-Fi but it has not yet been fully incorporated into existing cellular networks. In this regard, a new proposal focusing on the integration of D2D communication into LTE-A has been recently approved by the 3GPP standardization community as discussed in this paper. In cellular networks, D2D communication introduces several critical issues, such as interference management and decisions on whether devices should communicate directly or not. In this survey, we provide a thorough overview of the state of the art focusing on D2D communication, especially within 3GPP LTE/LTE-A. First, we provide in-depth classification of papers looking at D2D from several perspectives. Then, papers addressing all major problems and areas related to D2D are presented and approaches proposed in the papers are compared according to selected criteria. On the basis of the surveyed papers, we highlight areas not satisfactorily addressed so far and outline major challenges for future work regarding efficient integration of D2D in cellular networks.

A typical broadcast authentication communication within information distribution systems is characterised by plain text communication between nodes, which do not mutually authenticate. Although, the authentication of every incoming message seems to be a very effective way to mitigate a denial of service type attack, such process results into an increase of end-to-end delay. To mitigate this drawback, the broadcast authentication protocols have been proposed. This paper introduces a new improved delay and resource enhanced DREAM (IDARED) scheme, which is based on the DoS resistant efficient authentication mechanism (DREAM) and which provides lower latency results achieved by several parameters optimisation and a split verification queue concept for the end-to-end management data traffic in the next generation femtocell (NGF).

Nowadays, packet error rate in fixed networks can be considered as a negligible value. However, the increasing requirements for transmission speed of mobile devices, heterogeneous technology, and other high frequency sources cause interference growth within the electromagnetic spectrum. This affects the overall reliability and throughput of the network and may cause undesirable operation malfunction of application-level services. Higher speeds can be achieved by advanced modulation techniques, but at the price of lower resistance against the interference. On the other hand, error-correcting codes or higher-level protocols are utilized to correct the delivery failures. We introduce a novel method for increasing robustness of communication for multi-homed systems in heterogeneous environment. Furthermore, we propose a security measure to ensure confidentiality, integrity and availability of the transmitted data without influencing the transmission parameters. Finally, we show positive impact of the proposed method on transmission efficiency and effective throughput, especially in networks with high probability of error occurrence.

One of the relatively new services presented by mobile operators is a femtocell. A femtocell is a network located at the residential premises helping to extend the mobile signal to places which are difficult to cover. Furthermore, it enables the mobile operator to provide attractive service to the customer since the femtocell is connected to the mobile operator network using an IP based backhaul link over the public Internet. To ensure appropriate security over the untrustworthy environment, an IPsec tunnel is established between the femtocell access point and the provider’s security gateway located at the core network perimeter. IPsec itself wasn’t originally proposed to carry small voice packets resulting in a redundant overhead. This paper examines other security procedures, such as transport layer security (TLS) and Datagram TLS (DTLS) protocols.

This paper deals with RFID access card cloning methods, describes the standards and the possible attacks on RFID system used by the Faculty of Electrical Engineering, Czech Technical University in Prague. At the end of the paper is described a device capable of emulating the anticollision loop of Standard ISO/IEC 14443A.

The paper examines alternative security procedures, such as Transport Layer Security (TLS) and Datagram TLS (DTLS) protocols for securing IP based backhaul from femto access point to mobile operator.

The paper deals with simulation of the broadcast authentication protocol using Colored Petri Nets and further optimization in Matlab environment.

Typical application of broadcast authentication protocols can be configurations where only one transmitter with multiple recipients exists (such as message exchange in sensor networks routing protocols, or the leader election process in sensors network). Authentication of every incoming packet is effective way to mitigate an attack, however, it results in relatively increase of the end-to-end delay. To mitigate this drawback, special broadcast authentication protocols have been proposed. This paper deals with optimization of the broadcast authentication protocol DREAM parameters in a special case of fully N-ary tree topology and random tree topology.

One of the relatively new services presented by mobile operators is a femtocell. A femtocell is a network located at the residential premises helping to extend the mobile signal to places which are difficult to cover. Furthermore, it enables the mobile operator to provide attractive service to the customer since the femtocell is connected to the mobile operator network using an IP based backhaul link over the public Internet. To ensure appropriate security over the intrustworthy environment, an IPsec tunnel is established between the femtocell access point and the provider's security gateway located at the core network perimeter. IPsec itself wasn't originally proposed to carry small voice packets resulting in a redundant overhead. This paper examines other security procedures, such as transport layer security (TLS) and Datagram TLS (DTLS) protocols.

Typical application of broadcast authentication protocols can be configurations where only one transmitter with multiple recipients exists. Authentication of every packet seems to be very effective way to mitigate an attack, however resulting in increase of end-to-end delay.

Femtocells provide a relatively new approach, how the mobile operator can extend the cellular network, using the IP based Internet connection as the backbone link, into places where it is hard to cover the area using traditional methods. Femtocells offer also a new scope of commercial services for the customer, attractive for both the customer and the mobile operator. Currently, the security, in the untrustworthy public environment, is accomplished via IPsec tunnel between the femtocell access point and femto security gateway. This approach is not an advantage in case where an appliance using network address translation is used. Moreover, IPsec was proposed for data transport not voice packet traffic, so that can cause an involuntary data overhead, increase end-to-end delay and decrease the quality of service. In this paper we have introduced alternative femtocell IP backbone security mechanisms using other higher level security protocols (TLS, DTLS, SRTP).

This paper deals with simulation of the broadcast authentication protocols using Colored Petri Nets and further optimizations in Matlab environment.

The article analyses possible alternative security mechanisms for voice over IP communication in mobile network equipped with femtocells.

This paper deals with simulation of the broadcast authentication protocols using Coloured Petri Nets (CPN).

The project is focused on innovation and expansion of laboratory excercises of the course X326ST1 - Network Technology Innovation I.

The paper deals with optimization of the femtocell IP backbone security mechanisms.

The article deals with security of VoIP protocols with major focus on SIP

For a graduate in our profession it is important to gain not only theoretical foundation through education, but also an adequate practical proficiency. The main aim of the project was to innovate educational process in course "Communication in Data networks" in practical courses as well as in theoretical level.

The project deals with modernization and improving of efficiency in education. Th eobjective is to innovate the content of lectures and amendment to / extension of the laboratory exercises.

This paper deals with the task of simulation the broadcast authentication protocols using Colored Petri Nets. CPN is a special instance of orientated graph that enables to describe data flows and information dependencies inside of modeled systems. Protocol TESLA (Time Efficient Stream Loss-tolerant Authentication) was taken as an example of broadcast authenticating protocol to show how Color Petri Nets can be used to create a functional model of the protocol. Broadcast authentication protocols can be used in many situations where is one transmitter and multiple recipients such as message exchange in sensor networks routing protocols, or the process of leader election in sensors networks.

This paper deals with the task of modeling the broadcast authentication protocols using Colored Petri Nets. CPN is a special instance of orientated graph that enables to describe data flows and information dependencies inside of modeled systems. Protocol TESLA (Time Efficient Stream Loss-tolerant Authentication) as an example of broadcast authenticating protocol was used to show how Color Petri Nets can be used to create a functional model of the protocol.

This paper deals with the task of modeling the broadcast authentication protocols using Colored Petri Nets. CPN is a special instance of orientated graph that enables to describe data flows and information dependencies inside of modeled systems. Protocol TESLA (Time Efficient Stream Loss-tolerant Authentication) as an example of broadcast authenticating protocol was used to show how Color Petri Nets can be used to create a functional model of the protocol.

This article deals with classification of existing methods for formal analysis of the authentication protocols with focus on broadcast authentication protocols. The greatest attention is paid to the BAN logic and Coloured Petri Nets.

The article describes inovation of the course Information Security and Secretion of Messages.

For a graduate in our profession it is important to gain not only theoretical foundation through education, but also an adequate practical proficiency. The main aim of the project was innovate educational process in subject " Communication in Data Networks" in practical courses as well as in theoretical lectures.

This article describes basic properties and behaviour of the broadcast authentication protocol TESLA. This protocol can be used for one-way authentication of the messages that are sent to the multiple receivers simultaneously.

The article describes innovation of the course Information Security and Secretion of Messages.

For professionals in telco domain it is important to have at least general information about network security, basic cryptographic algorithms and protocols. The main goal of the project was to innovate who educational process in subject "Information Security and Secretions of Messages" in theoretical lectures as well as in practical courses. New lectures made students familiar with principles, architecture and applications of modern symmetric-key and asymmetric-key algorithms, hash function and widely used cryptographic protocols.

This paper deals with the concept of the method how to measure wireless network in a real world. All key parameters of the telecommunication system are digestedly analyzed with this specific method. A lot of hidden problems, which remain unrecognized by the classic tests, are finally resolved by the time-sequence testing on each network layer.

This paper deals with the determination of basic parameters for TIK (TESLA with instant key disclosure) protocol. TESLA belongs to the family of broadcast authentication protocols. TIK is a modification of genuine TESLA protocol, which allows application in wireless environment. The most important parameter which must be determined are time for key disclosure and total number of PRF and hash operations.

The article describes CPN as simulation environment for modeling authentication protocols

The article describes needful modification to the original BAN logic that enables a modeling of broadcast communication protocols

The article deals with security of VoIP protocols with major focus on SIP

The article describes basic security mechanisms defined in SIP

The article deals with selected methods of securing authentication protocols to online dictionary attacks.

The article deals with essential modifications of BAN logic to be able to formally authentciation protocols based on PKCS

Article deals with a experiencesin with a conrete swimming pools in Czech Republic

The article deals with essential modifications of BAN logic to be able to formally analyse broadcast authentciation protocols

Basic features and key mechanisms used by IEEE 802.16

SafeEnterpriseSSL iGate is a security appliance enabling secure remote access to applications, web pages or data which are located in protected network. Authentication of remote users can be done not only byname/password combination, but there is a possibility to use a USB token iKey. This significantly increases security of whole solution.

Reply attack is based on capturing messages (packets), potential but no necessary modification, and their later resending. This leads to mystification of identity of communicating parties. Using time stamps is one possible way how to face up these kind of attacks.

Description of the device

Replay attacks can be divided into several groups depending e.g. on origin of messages. The classification of replay attacks will be described in this article.