Dr. Boldizsár Bencsáth

Assistant Professor

bencsath (at) crysys.hu

twitter: @boldi
office: I.E. 431
mobile: +36 30 990 2317
signal: +36 30 990 2317
skype: bencsathb
tel: +36 1 463 3422
fax: +36 1 463 3266

Current courses | Student projects | Publications

Short Bio

Boldizsár BENCSÁTH was born in 1976. He received an MSc in Computer Science from the Budapest University of Technology and Economics in 2000, and a Master of Economics from the Budapest University of Economic Sciences and Public Administration in 2001. Since 2000 he has been working in the Laboratory of Cryptography and System Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Network Security (VIHIMB00)

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obatining skills in penetration testing and ethical hacking of networks.

IT Security Laboratory (VIHIMB01)

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Student Project Proposals

Android malware támadások és a védekezés helyzete

A kártékony kódok jelenléte ma már a mobiltelefonokon sem ritkaság. Az antivírus cégek és programok igyekeznek ezeket felismerni, de ki tudja, milyen minőségben látják el a feladatukat. Sok esetben elképzelhető, hogy a vírusokat nem tartalmukról, hanem egyszerűen hash lenyomatukról azonosítják. Az androidos programok digitálisan alá vannak írva, de nem maga az APK fájl, hanem a benne levő fájlok. Ennek következtében az APK hash lenyomata manipulálható egyszerű módszerekkel úgy, hogy a digitális aláírás érvényes marad. A hallgató feladata az androdios kártékony kódok kapcsán előforduló, a fentiekhez hasonló apróbb-nagyobb vizsgálatok elvégzése. Irodalomkutatás: mik a trendek a területen. Konkrét minták vizsgálata: Mintaadatbázisainkban levő kártékony alkalmazások alátámasztják-e az irodalmi trendeket? Lehet-e könnyen megváltoztatni androidos kártékony programokat, hogy utána az antivirus programok már nem ismerik fel kártékonynak? A pontosabb feladatok és elvégzendő munka a hallgatóval közösen kerül kijelölésre.

Malware adattár fejlesztése és kezelése

Malware adattárunkban 100 terabyte-nál is több kártékony kódmintát tárolunk. Gyakran felmerül, hogy ebben a nagy adatmennyiségben kellene elosztott módon keresni. A keresésre elkészült már egy yara keresőre épült elosztott keresés, de ennek felhasználói felülete hagyott kivetni valókat, nehezen használható, lassú. A hallgató feladata megismerni a malware adattár felépítését, megvizsgálni működését, esetleg statiszikákat csinálni a benne tárolt tartalomról. Gyorsítani és felhasználóbaráttá tenni a kereséseket. Természetesen a hallgató első feladata megismerni a rendszer felépítését és megbarátkozni a környezettel és a rendszer használatával. A pontosabb elvégzendő feladatok és határidők a hallgatóval közösen kerülnek megbeszélésre.

Obfuszkált malware minták automatizált deobfuszkációja

A kártékony kódokat nagy mennyiségük miatt főként automatizált elemzésekkel kezelik az antivirus cégek. A kártékony kódok készétői pedig természetesen mindent megtesznek, hogy ha lehet, ne lehessen automatikus elemzéssel rájönni, hogy mit is csinál a programjuk, sőt, lehetőleg még kézi elemzést se lehessen könnyen végezni. Ez igaz lehet hagyományos malware támadásokra (botnetek, ransomware), de igaz lehet célzott támadásokra is. Az analízis megnehezítésére több eszköz van, ezek egyike a kódobfuszkáció, packelés és más módszerek. Számos ismert obfuszkációs technika létezik, de kifejlesztettek már számos módszert arra is, hogy az így védett kódot unpackeljük, deobfuszkáljuk, vagy más módszerekkel elemezzük. A hallgató elsődleges feladata a téma megismerése, a jelenleg használt védelmi és támadási technikák vizsgálata, az irodalom megismerése. A pontosabb feladatokat a hallgatóval szóban beszéljük meg, de ilyen feladatok lehetnek: Automatizált deobfuszkáció megvalósítás és integrálása malware adatbázis rendszerünkbe, nagy malware adatbázisunk alapján az obfuszkációra vonatkozó statisztikák készítése, ismeretlen obfuszkációval védett programok keresése, azokra új automatizált deobfuszkációs megoldás tervezése, de akár a deobfuszkáció elméleti vizsgálata is.

Whitelisting alapú végpontvédelem

Számítógépek kártékony kód elleni védelménél whitelisting alkamlazása esetén a hagyományos hozzáállást megfordítjuk. Tipikus PC környezetben minden alkalmazás lefuthat, csak az nem, amelyet kártékonynak gondolunk pl. antivirus adatbázisok alapján. Whitelisting esetében pont fordítva történik, nem futhat semmilyen alkalmazás a gépen, csak azok, amelyekről úgy gondoljuk, hogy nem kártékonyak, információnk van róluk, és engedélyezettek. A whitelisting főleg vállalati környezetben hatékony, ahol ritkán telepítenek új szoftvereket a gépekre. A hallgató feladata a whitelisting megoldások jelenlegi helyzetének megvizsgálása. Milyen főbb megoldások vannak? Vannak-e ingyenes megoldások? Mik a jelenlegi kihívások a whitelisting területén, könnyű-e megkerülni a megoldást, esetleg mik a fő kényelmetlenségek? Hogyan lehetne javítani a megoldások működésén új gondolatok alapján? Feltételezésünk, hogy a whitelisting megoldások működését segíthetik olyan megoldásaink felhasználása, mint a CrySyS Lab ROSCO rendszere, vagy éppen ismert kártékony kódokat tartalmazó 100 TB fölötti malware adatbázisa. A témához kapcsolódóan van ipari partnere a laboratóriumnak, amely cég alkalmaz whitelisting terméket és így konkrét tapasztalatokkal és kérdésekkel tud segíteni ismert piaci termékkel kapcsolatban is. Az elvégzendő pontosabb feladatok és határidők hallgatóval szóban kerülnek egyeztetésre.
A projekt szorosan kapcsolódik ipari partnerünk, a MOL érdeklődési területeihez, és lehetőséget biztosít a MOL kiberbiztonsági szakértőivel történő együttműködésre.

Publications

2015

Duqu 2.0:A comparison to Duqu

G. Ács-Kurucz, G. Molnár, G. Vaspöri, R. Kamarás, L. Buttyán, B. Bencsáth

BME CrySyS Lab, 2015.

Bibtex | PDF

@techreport {
   author = {Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, Roland Kamarás, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Duqu 2.0:A comparison to Duqu},
   institution = {BME CrySyS Lab},
   year = {2015}
}

Abstract

ROSCO: Repository of signed code

D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Dorottya Papp, Balázs Kócsó, Tamas Holczer, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

2014

An independent test of APT attack detection appliances

B. Bencsáth, L. Buttyán, Z. Balázs, G. Ács-Kurucz, G. Molnár, G. Vaspöri, R. Kamarás

MRG Effitas and BME CrySyS Lab, 2014.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Zoltán Balázs, Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, Roland Kamarás},
   title = {An independent test of APT attack detection appliances},
   institution = {MRG Effitas and BME CrySyS Lab},
   year = {2014}
}

Abstract

2013

A Survey of Security Issues in Hardware Virtualization

G. Pék, L. Buttyán, B. Bencsáth

ACM Computing Surveys (CSUR), vol. 45 , no. 3, June , 2013, doi:10.1145/2480741.2480757.

Bibtex | Abstract

@article {
   author = {Gábor PÉK, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {A Survey of Security Issues in Hardware Virtualization},
   journal = { ACM Computing Surveys (CSUR)},
   volume = {45 },
   number = {3},
   month = {June },
   year = {2013},
   note = {doi:10.1145/2480741.2480757}
}

Abstract

Virtualization is a powerful technology to increase the efficiency of computing services; however, besides its advantages, it also raises a number of security issues. In this paper, we provide a thorough survey of those security issues in hardware virtualization. We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. To the best of our knowledge, this is the first survey of security issues in hardware virtualization with this level of details. Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.

Technical Trends in Recent Targeted Attacks

G. Pék, B. Bencsáth, L. Buttyán, M. Felegyhazi

Presentation at Power of Community (POC 2013, Seoul, South Korea), November, 2013.

Bibtex

@misc {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Technical Trends in Recent Targeted Attacks },
   howpublished = {Presentation at Power of Community (POC 2013, Seoul, South Korea)},
   month = {November},
   year = {2013}
}

Abstract

2012

Célzott informatikai támadások napjainkban

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Cryptography: The strongest link in the chain

L. Buttyán, B. Bencsáth

Hackin9 Extra, vol. 8, no. 1, January, 2012, pp. 8-11.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Cryptography: The strongest link in the chain},
   journal = {Hackin9 Extra},
   volume = {8},
   number = {1},
   month = {January},
   year = {2012},
   pages = {8-11}
}

Abstract

IT security architectures that use cryptographic elements sometimes fail, but it is rarely cryptography to blame. The reason is more often the use of cryptography in an inappropriate way, or the use of algorithms that do not really qualify as cryptographic. High quality cryptography is in fact the strongest link in the chain, and there are good reasons for that.

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth, L. Buttyán, M. Felegyhazi, G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi, Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Abstract

Duqu: Analysis, Detection, and Lessons Learned

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

ACM European Workshop on System Security (EuroSec), ACM, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: Analysis, Detection, and Lessons Learned},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   year = {2012}
}

Abstract

In September 2011, a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its rst analysis. Our ndings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a di erent purpose: unlike Stuxnet whose mission was to attack industrial equipment, Duqu is an information stealer rootkit. Nevertheless, both pieces of malware have a modular structure, and they can be re-con gured remotely from a Command and Control server to include virtually any kind of functionality. In this paper, we present an abridged version of our initial Duqu analysis, which is available in a longer format as a technical report. We also describe the Duqu detector toolkit, a set of heuristic tools that we developed to detect Duqu and its variants. Finally, we discuss a number of issues that we learned, observed, or identi ed during our Duqu analysis project concerning the problems of preventing, detecting, and handling targeted malware attacks; we believe that solving these issues represents a great challenge to the system security community.

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

In collaboration with the sKyWIper Analysis Team , 2012.

Bibtex | PDF

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks},
   institution = {In collaboration with the sKyWIper Analysis Team },
   year = {2012}
}

Abstract

Targeted attacks against Critical infrastructure: Stuxnet and beyond

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012, April, 2012, London.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Targeted attacks against Critical infrastructure: Stuxnet and beyond},
   howpublished = {SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012},
   month = {April},
   year = {2012},
   note = {London}
}

Abstract

Targeted Attacks of Recent Times

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico, February, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Targeted Attacks of Recent Times },
   howpublished = {Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico},
   month = {February},
   year = {2012}
}

Abstract

Technical analysis and information sharing in the handling of high-profile targeted attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012, June, 2012, Barcelona, Spain.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Technical analysis and information sharing in the handling of high-profile targeted attacks },
   howpublished = {2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012},
   month = {June},
   year = {2012},
   note = {Barcelona, Spain}
}

Abstract

The cousins of Stuxnet: Duqu, Flame, Gauss, …

L. Buttyán, B. Bencsáth, G. Pék, M. Felegyhazi

ISCD 2012, Balatonöszöd, 3-4 Sep., September, 2012.

Bibtex

@misc {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth, Gábor PÉK, Mark Felegyhazi},
   title = {The cousins of Stuxnet: Duqu, Flame, Gauss, …},
   howpublished = {ISCD 2012, Balatonöszöd, 3-4 Sep.},
   month = {September},
   year = {2012}
}

Abstract

The Cousins of Stuxnet: Duqu, Flame, and Gauss

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Future Internet 2012, 4(4), doi:10.3390/fi4040971, 2012, pp. 971-1003, doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet.

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {The Cousins of Stuxnet: Duqu, Flame, and Gauss},
   journal = {Future Internet 2012, 4(4), doi:10.3390/fi4040971},
   year = {2012},
   pages = {971-1003},
   note = {doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet}
}

Abstract

Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions.

2011

Duqu: A Stuxnet-like malware found in the wild

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

BME CrySyS Lab., October, 2011., First published in cut-down form as appendix to the Duqu report of Symantec.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: A Stuxnet-like malware found in the wild},
   institution = {BME CrySyS Lab.},
   month = {October},
   year = {2011.},
   note = {First published in cut-down form as appendix to the Duqu report of Symantec}
}

Abstract

Targeted attacks of recent days

B. Bencsáth, L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011..

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {Targeted attacks of recent days},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011.}
}

Abstract

CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap

L. Buttyán, M. Felegyhazi, B. Bencsáth

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Mark Felegyhazi, Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Cryptography - the strongest chain element in the practice of cyber security

B. Bencsáth, L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {Cryptography - the strongest chain element in the practice of cyber security},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011}
}

Abstract

nEther: In-guest Detection of Out-of-the-guest Malware Analyzers

G. Pék, B. Bencsáth, L. Buttyán

ACM European Workshop on System Security (EuroSec), ACM, Salzburg, Austria, April 10, 2011, pp. 1-6.

Bibtex | PDF

@inproceedings {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {nEther: In-guest Detection of Out-of-the-guest Malware Analyzers},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   address = {Salzburg, Austria},
   month = {April 10},
   year = {2011},
   pages = {1-6}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Abstract

XCS based hidden firmware modification on embedded devices

B. Bencsáth, L. Buttyán, T. Paulik

Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, Split-Hvar-Dubrovnik, September 15-17, 2011, pp. 1-6.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Tamás Paulik},
   title = {XCS based hidden firmware modification on embedded devices},
   booktitle = {Proceedings of the IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   address = {Split-Hvar-Dubrovnik},
   month = {September 15-17},
   year = {2011},
   pages = {1-6}
}

Abstract

2010

Cross-layer security and resilience in wireless mesh networks

I. Askoxylakis, B. Bencsáth, L. Buttyán, L. Dóra, V. Siris, A. Traganitis

N. Zorba, C. Skianis, and C. Verikoukis (eds), Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series, 2010.

Bibtex

@inbook {
   author = {Ioannis ASKOXYLAKIS, Boldizsár Bencsáth, Levente BUTTYÁN, László DÓRA, Vasilios SIRIS, A. Traganitis},
   editor = {N. Zorba, C. Skianis, and C. Verikoukis (eds)},
   title = {Cross-layer security and resilience in wireless mesh networks},
   publisher = {Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series},
   year = {2010}
}

Abstract

Védekezés e-mail-címkinyerõ támadások ellen

B. Bencsáth, Géza Szabó, I. Vajda

Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2, OTKA, 2010, pp. 69-71.

Bibtex

@inproceedings {
   author = {Boldizsár Bencsáth, Géza Szabó, István VAJDA},
   title = {Védekezés e-mail-címkinyerõ támadások ellen},
   booktitle = {Szemelvények az OTKA támogatásával készült alapkutatások újabb eredményeibõl 2},
   publisher = {OTKA},
   year = {2010},
   pages = {69-71}
}

Abstract

2009

Security of Communication Networks (In Hungarian)

B. Bencsáth, L. Buttyán, I. Vajda

Híradástechnika, vol. LXIV, August, 2009..

Bibtex

@article {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {Security of Communication Networks (In Hungarian)},
   journal = {Híradástechnika},
   volume = {LXIV},
   month = {August},
   year = {2009.}
}

Abstract

New Approaches to Mitigate Network Denial-of-Service Problems

B. Bencsáth

BME Informatikai Tudományok doktori iskola, November, 2009.

Bibtex | PDF

@phdthesis {
   author = {Boldizsár Bencsáth},
   title = {New Approaches to Mitigate Network Denial-of-Service Problems},
   school = {BME Informatikai Tudományok doktori iskola},
   month = {November},
   year = {2009}
}

Abstract

On the security of communication network: now and tomorrow

B. Bencsáth, L. Buttyán, I. Vajda

Infocommunications Journal, vol. LXIV., no. no. 4., 2009, pp. pp. 3-7..

Bibtex

@article {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {On the security of communication network: now and tomorrow},
   journal = {Infocommunications Journal},
   volume = {LXIV.},
   number = {no. 4.},
   year = {2009},
   pages = {pp. 3-7.}
}

Abstract

Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options

I. Askoxylakis, B. Bencsáth, L. Buttyán, L. Dóra, V. Siris, D. Szili, I. Vajda

Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks), vol. 10, no. 5, 2009, pp. 622-646.

Bibtex | Abstract | PDF

@article {
   author = {Ioannis ASKOXYLAKIS, Boldizsár Bencsáth, Levente BUTTYÁN, László DÓRA, Vasilios SIRIS, Dávid SZILI, István VAJDA},
   title = {Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options},
   journal = {Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks)},
   volume = {10},
   number = {5},
   year = {2009},
   pages = {622-646}
}

Abstract

Wireless mesh networking allows network operators and service providers to offer nearly ubiquitous broadband access at a low cost to customers. In this paper, we focus on QoS-aware mesh networks operated by multiple operators in a cooperative manner. In particular, we identify the general security requirements of such networks and we give an overview on the available design options for a security architecture aiming at satisfying those requirements. More specifically, we consider the problems of mesh client authentication and access control, protection of wireless communications, securing the routing, key management, and intrusion and misbehavior detection and recovery. Our aim is to structure this rich problem domain and to prepare the grounds for the design of a practically usable security architecture.

2008

Introduction to the world of botnets (in Hungarian)

B. Bencsáth, Géza Szabó, A. Szentgyörgyi

Híradástechnika (Pollák-Virág award), vol. LXIII, no. 11, November, 2008, pp. 10-15.

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth, Géza Szabó, Attila Szentgyörgyi},
   title = {Introduction to the world of botnets (in Hungarian)},
   journal = {Híradástechnika (Pollák-Virág award)},
   volume = {LXIII},
   number = {11},
   month = {November},
   year = {2008},
   pages = {10-15}
}

Abstract

2007

Efficient Directory Harvest Attacks and Countermeasures

B. Bencsáth, I. Vajda

International Journal of Network Security, vol. 5, no. 3, 2007, pp. 264-273.

Bibtex

@article {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Efficient Directory Harvest Attacks and Countermeasures},
   journal = {International Journal of Network Security},
   volume = {5},
   number = {3},
   year = {2007},
   pages = {264-273}
}

Abstract

Empirical Analysis of Denial of Service Attack Against SMTP Servers

B. Bencsáth, M. A. Rónai

Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems, IEEE, Orlando, Florida, USA, May 21-25 , 2007, pp. 72-79.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Miklós Aurél RÓNAI},
   title = {Empirical Analysis of Denial of Service Attack Against SMTP Servers},
   booktitle = {Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE},
   address = {Orlando, Florida, USA},
   month = {May 21-25 },
   year = {2007},
   pages = {72-79}
}

Abstract

2006

Internet Denial of Service attacks in game theoretical model (in hungarian)

B. Bencsáth, I. Vajda

Alkalmazott Matematikai Lapok 23, 2006, pp. 335-348..

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Internet Denial of Service attacks in game theoretical model (in hungarian)},
   journal = {Alkalmazott Matematikai Lapok 23},
   year = {2006},
   pages = {335-348.}
}

Keywords

DoS

Abstract

Cikkünk kriptográai protokollok szolgáltatás-megtagadásos (Denial of Service  DoS) támadások elleni védelmér®l szól. A DoS támadások modellezésére a folyamatot stratégiai játékként értelmezzük. Ebben a modellben a támadó maximalizálni kívánja a kiszolgáló elhasznált kapacitásait, míg a kiszolgáló minimalizálni próbálja az elpazarolt er®forrásokat, és megpróbálja továbbra is kiszolgálni a legitim klienseket. A játékelméleti szemléletmódot részleteiben mutatjuk be, és felhasználjuk azt a kliens oldali rejtvény technika (client-side puzzle) optimalizálására. A cikkben analizáljuk azt az esetet is, amikor a szerver optimális kevert stratégiát választ a védekezéshez.

Protection against DHA attack with central filtering (in hungarian)

Géza Szabó, B. Bencsáth

Híradástechnika, vol. LXI, 05, 2006, pp. pp. 2-9.

Bibtex

@article {
   author = {Géza Szabó, Boldizsár Bencsáth},
   title = {Protection against DHA attack with central filtering (in hungarian)},
   journal = {Híradástechnika},
   volume = {LXI},
   month = {05},
   year = {2006},
   pages = {pp. 2-9}
}

Abstract

Statistical analysis of the results of the DHA protection system (in hungarian)

Géza Szabó, B. Bencsáth

Proceedings of Networkshop 2006 conference, NIIF, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Géza Szabó, Boldizsár Bencsáth},
   title = {Statistical analysis of the results of the DHA protection system (in hungarian)},
   booktitle = {Proceedings of Networkshop 2006 conference},
   publisher = {NIIF},
   year = {2006}
}

Abstract

Obtaining the e-mail addresses which are handled by the mail servers is the Directory Harvest Attack. The root of the problem in DHA is in the SMTP protocol itself: the e-mail servers, if they got the mail to a proper address, would not respond, simply accept it. If the server got a mail to a non-existent address, then it would give a response either immediately or later whether the post office box exists or not. This process gives information about the e-mail addresses which are upkept by the server. The attackers use this information, sending huge amount of messages to the e-mail server. The addresses from which do not arrive response (so the server accepts the e-mail without negative signal) are gathered to a list. These addresses should belong to valid user accounts, so it is worthy to send uninvited mails to it. In our presentation we would like to introduce our research, development, and show the results gained from the running of the implemented system. The implemented protection is component based developments, which are strongly coherent and use each other software elements to a high extent. Last year we presented a possible implementation plan. We have continued this work, implemented the system and run it for a long period to collect data from attackers. We would like to analyse the data collected by our system. We present which typical DHA attackers exist and whether it is possible to distinguish them unambiguously from each other based on just the attacker statistics. We compare the distribution of attackers by country in Europe. We review the Hungarian DHA situation based on internet access. With modern statistical methods we examine the question whether we can get answer for that why is DHA happening.

2005

Components to improve the protection against spam and viruses

B. Bencsáth, Géza Szabó

HSN LAB Workshop, Jun, 2005.

Bibtex | Abstract

@inproceedings {
   author = {Boldizsár Bencsáth, Géza Szabó},
   title = {Components to improve the protection against spam and viruses},
   booktitle = {HSN LAB Workshop},
   month = {Jun},
   year = {2005}
}

Keywords

virus dos rbl centralized protection

Abstract

In our presentation we would like to show our research plans, and achievments in the field of virus and spam protection. The planned protection methods are component based developments, close-knit methods, which use each other software components to a great extent. One of the most important methods out of the protection against SPAM is to avoid getting the e-mail addresses maintained by us on to a SPAM list. Among other methods, the attackers use the directory harvest attack (DHA), therefore I would like to show a protection method against it, which works on the recognition and centralised forbidding of the attackers. The novel in our solution is that, in other anti-SPAM methods the emphasis is not put on prevention, they just filter the incoming unsolicited mails. In contrast to this, we suggest a system consists of components, which can be built in our existent working system and prevents the directory harvest attacks. Our system can also be connected with spam-recognition softwares. The solution makes savings possible by mails, coming from known DHA attackers, are not subjected to resource consuming content filtering methods, just simply forbidden. Our system combined with other methods can improve their efficiency as well. The other important component, which can improve our system efficiency is the component developed in the VIRUSFLAGS project, which gives a solution to the problem in connection with the arriving of a virus infected mail from an falsified sender. In this case there is no point in sending a virus alert to the falsified sender, because this is just misleading. But if the virus (for example a Word macro virus) did not falsify the sender, our machine deletes the letter, but the sender is not notified, then legal problems may occur: if our business neither accepted the resignation of a contradiction, because it is infected with a macro virus, nor notified anyone, would cause a legal problem. The virus scanners may know this information, but taking into consideration the system and component theory, a system component can be more efficient which deals with only this question whether a virus falsifies the sender or not. As an add-in of the VIRUSFLAGS current software components, it make it possible to do statistical data collection about the spread of different viruses, which has the same importance level, if it was not more important. We have prototypes about the presented systems, but the utilization and reuse of the results on the modell is in progress.

Efficient Directory Harvest Attacks

B. Bencsáth, I. Vajda

William McQuay and Waleed W. Smari, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, IEEE, IEEE Computer Society, July, 2005, pp. 62- 68.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Efficient Directory Harvest Attacks},
   editor = {William McQuay and Waleed W. Smari},
   booktitle = {Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems},
   publisher = {IEEE, IEEE Computer Society},
   month = {July},
   year = {2005},
   pages = {62- 68}
}

Keywords

DHA, SPAM, e-mail attack, DoS

Abstract

In this paper the E-mail Directory Harvest Attacks (DHA) are investigated. We elaborated a method for optimizing the wordlist size used by the attacker in a resource limited environment. We analyzed the results and proved that our method is optimal. We also present an efficient countermeasure against DHA.

2004

Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai

B. Bencsáth, T. Tuzson, B. Tóth, T. Tiszai, G. Szappanos, E. Rigó, Sz. Pásztor, M. Pásztor, P. Papp, P. Orvos, P. Mátó, B. Martos, L. Kún, Z. Kincses, T. Horváth, M. Juhász, B. K. Erdélyi, A. Bogár, G. Vid

IHM - MTA-SZTAKI, 2004.

Bibtex | Abstract | PDF

@techreport {
   author = {Boldizsár Bencsáth, Tibor TUZSON, Beatrix TÓTH, Tamás TISZAI, Gábor SZAPPANOS, Ernõ RIGÓ, Szilárd PÁSZTOR, Miklós PÁSZTOR, Pál PAPP, Péter ORVOS, Péter MÁTÓ, Balázs MARTOS, László KÚN, Zoltán KINCSES, Tamás HORVÁTH, Miklós JUHÁSZ, Bálint Károly ERDÉLYI, Attila BOGÁR, Gábor VID},
   title = {Az informatikai hálózati infrastruktúra biztonsági kockázatai és kontrolljai},
   institution = {IHM - MTA-SZTAKI},
   year = {2004}
}

Abstract

http://www.cert.hu/ismert/00tanulmany/MTAsec_w1_TOC.pdf

Az internetes vírus- és spamvédelem rendszerszemléletben

B. Bencsáth

HISEC 2004 konferencia, 10., 2004, Budapest, in Hungarian.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {Az internetes vírus- és spamvédelem rendszerszemléletben},
   booktitle = {HISEC 2004 konferencia},
   month = {10.},
   year = {2004},
   note = {Budapest, in Hungarian}
}

Abstract

Az internetes virus- és spamvédelem rendszerszemléletben Az elmúlt idõszak bebizonyította, hogy a régóta ismert vírusok és kéretlen reklámlevelek olyan súlyos problémát jelentenek az Internet szereplõinek, amit nem lehet figyelmen kívül hagyni. A cégek többsége jelenleg is használ vírusvédelmi és kéretlen levelek szûrésére alkalmas eszközöket. A vírusok és férgek ennek ellenére gyakorta megelõzik, kicselezik a védelmet és bejutnak a cégek hálózatába. A kéretlen levelek elleni védelem pedig gyakorta hibázik és kiforratlannak tekinthetõ. A problémák megoldására számos kereskedelmi és ingyenesen elérhetõ szoftvertermék létezik. Hiába a megannyi szoftver, a vírusok és reklámlevelek mennyisége arányaiban és abszolút értékben is folyamatosan növekedett az elmúlt idõszakban. A növekedés oka az eszközök hatékonytalansága. A hatékonytalanság nem annak a következménye, hogy a termékek rosszak. A probléma oka az, hogy az egyes termékek, ötletek, megoldások nincsenek megfelelõ rendszere szervezve, hiányoznak a kulcs-komponensek, elfogadott jogi és etikai alapelvek, sztenderdek. A ma telepített vírusvédelmi rendszerek többsége egyszerû mintaillesztéses keresésen és heurisztikus analízisen alapul. Noha ez elfogadható lehet a végponton, az Internet szempontjából összetettebb rendszerekre van szükség. A megoldandó feladatok: az egyedi rendszerek hatékonyságának növelése, összegzett, átfogó adatok kinyerése és a kinyert adatok alapján mûködõ, elosztott Internet-szintû védelem. A megoldáshoz számos apró komponens szükségeltetik, elõadásomban ilyen ötleteket is ismertetni kívánok. Az ötletek olyan apró komponensek, mint a karanténozás segítése a járványterjedés megfigyelésével, a hálózati forgalom alapján történõ járványvizsgálatok, a vírusvédelmi rendszerek valósidejû minõségellenõrzése stb. A kéretlen reklámlevelek elleni védelem többnyire már ma is épít rendszerszemlétre: A megoldások jelentõs része nem egy algoritmust tartalmaz, hanem több metódus használatának szinergiáját használja ki. Nem mondhatjuk azonban, hogy a rendszerszemlélet teljes körû lenne: az egyedi megoldások jelentõs része támadható, és makró szinten a megoldások nem mondhatók hatékonynak a kéretlen reklámok elleni védekezésben. Elõadásomban be kívánok mutatni néhány ötletet, amellyel a védelem hatékonysága növelhetõ (külön kitérve a hazai szigorú törvényekbõl adódó lehetõségek kiaknázására), továbbá be kívánom mutatni azokat a tényezõket, amelyek miatt a védelem jelenleg makró szinten hatástalan. Elõadásom célja összegezve az, hogy bemutassa a rendszerszemlélet elengedhetetlenségét a védelmi módszerek között a jelenlegi komponensek kapcsolatai és további ötletek (és kísérleti rendszerek) bemutatása segítségével.

---
The system approach in the field of virus and spam protection The biggest infection events show that the most dangerous viruses propagate via the Internet email systems. The problem of Internet viruses and spam email messages is no longer dismissible. Multi-layer virus and spam protection reduces the number of infections but still does not eliminate the problem itself. Infected computers send out thousands of infected messages to other hosts, a large part of the Internet traffic is generated by malicious code. A wide range of commercial and free software is available to solve these problems, but along the introduction of these software components, the number of infected hosts and messages is still growing year by year. The reason of the growth is the inefficiency of our software components. This does not mean that the software used against these problems is wrong. The problem is, that the various ideas, tools, software and network components do not build up a whole system. Elaborated key-components, widely accepted standards and legal system and collaborative tools are still missing. As for improvement we do not need new statistical engine to protect a host, but we need a distributed, Internet-fashioned system with collaborative parties to evaluate the situation, to rapidly respond to unknown viruses and other threats. We propose small software components to gain information about the propagation of malicious code, to build up a efficient Internet-wide quarantine system, to monitor and check our protection systems, and to identify or inform owners about problems with their hosts. Many of theses software tools are available but unusable as collaborative tools. The small components cannot work together; we cannot build up a whole, efficient system from these components. The goal of my speech is to present how necessary is a system approach in the field of virus and spam protection. I also present of achievements (plans and prototypes) to develop software components to use in a wide-area protection system.

HUNEID - Hungarian Electronic ID smart card specifications

I. Zs. Berta, I. Vajda, L. Buttyán, B. Bencsáth, T. Veiland

Ministry of Informatics and Telecommunications (www.ihm.hu), http://www.itktb.hu/engine.aspx?page=showcontent&content=ias, 2004.

Bibtex

@techreport {
   author = {István Zsolt BERTA, István VAJDA, Levente BUTTYÁN, Boldizsár Bencsáth, Tamás Veiland},
   title = {HUNEID - Hungarian Electronic ID smart card specifications},
   institution = {Ministry of Informatics and Telecommunications (www.ihm.hu)},
   address = {http://www.itktb.hu/engine.aspx?page=showcontent&content=ias},
   year = {2004}
}

Abstract

Protection Against DDoS Attacks Based On Traffic Level Measurements

B. Bencsáth, I. Vajda

Waleed W. Smari, William McQuay, 2004 International Symposium on Collaborative Technologies and Systems, The Society for Modeling and Simulation International, San Diego, CA, USA, January, 2004, pp. 22-28., Simulation series vol 36. no. 1., ISBN 1-56555-272-5.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Protection Against DDoS Attacks Based On Traffic Level Measurements},
   editor = {Waleed W. Smari, William McQuay},
   booktitle = {2004 International Symposium on Collaborative Technologies and Systems},
   publisher = {The Society for Modeling and Simulation International},
   address = {San Diego, CA, USA},
   month = {January},
   year = {2004},
   pages = {22-28.},
   note = {Simulation series vol 36. no. 1., ISBN 1-56555-272-5}
}

Keywords

DDoS attacks, traffic analysis, network protection

Abstract

A method for protecting an Internet server against a bandwidth-consuming DDoS attack is proposed and analyzed. Incoming traffic is monitored continuously and ``dangerous'' traffic intensity rises are detected. Such an event activates a traffic filtering rule which pushes down the incoming aggregate traffic to an acceptable level by discarding excess packets according to the measured relative traffic levels of active sources. Compared to other studies, our method has a structurally stronger base: legitimate traffic to the server is not necessarily hindered because of the attack or the traffic suppression. The method is supported by an analysis and a simulation as well.

Sending authentic messages from malicious terminals

I. Zs. Berta, B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract

@inproceedings {
   author = {István Zsolt BERTA, Boldizsár Bencsáth},
   title = {Sending authentic messages from malicious terminals},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Abstract

The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the user’s messages. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal. This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. In the first part of our lecture, we review various solutions and protocols from literature that can aid the user in an untrusted terminal environment. In the second part of the lecture, we propose a solution, that can be implemented with smart cards that exist today, and does not need the user to perform cryptographic operations. Although the smart card cannot decide if the message came from the user or from a malicious software running on the terminal, but can still aid the user in authenticating the message. This is possible if the user sends a so-called biometric message. A biometric message could be a video or voice message. Such a message is very hard to manipulate, it may even require human interaction. In order to prevent the attack, the smart card should ensure, that the attacker has no possibility, no time to perform such a complicated attack. The smart card can be used as a secure time that can guarantee that the message was sent in a certain time frame. This way, the time the attacker has to manipulate the message can be severely limited so even simple algorithmic authenticators can provide strong security.

The problems and connections of network virus protection and the protection against denial of service attacks

B. Bencsáth

Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth},
   title = {The problems and connections of network virus protection and the protection against denial of service attacks},
   booktitle = {Proceedings of the Networkshop 2004 Conference},
   publisher = {NIIF, Hungary},
   year = {2004}
}

Keywords

virus, denial of service attack, e-mail

Abstract

First I will provide some introduction into the problems and solutions in both the network virus protection and the protection against Distributed Denial of Service (DDoS). I will show the usual and most workable methods in the area of virus protection: client-side virus protection, mail server / relay server protection (with the priority of open source tools) (e.g. linux, amavis, mailscanner, clamav, unix virus scanners, „mail gateway” protection software), content-filtering tools (filtering web traffic), extended file access control systems (RSBAC malware scan module). I will also introduce the problem area of DDoS protection: Different types of DDoS attacks (protocol fault („magic packet”), network bandwidth overflow, server resource consumption). I will also show the most usable techniques for the protection (error correction, firewalls, anomaly detection (SYN flood protection etc.), protection based on network analysis) and will provide some data about the recent major attacks (Ebay, SCO, anti-spam rbl providers, zombie networks). After the introduction I will show the possible DDoS problems of the network virus protection: The resource consumption of the virus protection, the possibility of flooding, the dangers of virus reports and e-mail alerts. After defining the problems I’ll show our proposed solutions: A virus protection system combined with the technique of network analysis to protect the system against DoS attacks. The incoming mails will be examined by the network analysis engine and therefore it makes possible to filter out DDoS attacks against the virus protection system. Our proposed solution might be useful against unknown (not detectable) viruses and in the area early epidemic protection. To support our method I’ll show the details of the structure of our pilot implementation.

Trap E-mail Address for Combating E-mail Viruses

B. Bencsáth, I. Vajda

Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks, University of Split, October, 2004, pp. 220-224.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Trap E-mail Address for Combating E-mail Viruses},
   booktitle = {Proceedings of SoftCOM 2004 12. International conference on software, telecommunications and computer networks},
   publisher = {University of Split},
   month = {October},
   year = {2004},
   pages = {220-224}
}

Abstract

2003

A game based analysis of the client puzzle approach to defend against DoS attacks

B. Bencsáth, L. Buttyán, I. Vajda

Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks, Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, 2003, pp. 763-767.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {A game based analysis of the client puzzle approach to defend against DoS attacks},
   booktitle = {Proceedings of SoftCOM 2003 11. International conference on software, telecommunications and computer networks},
   publisher = {Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split},
   year = {2003},
   pages = {763-767}
}

Abstract

DoS attacks are aimed at the loss of or the reduction in availability, which is one of the most important general security requirements in computer networks. A promising approach proposed to alleviate the problem of DoS attacks is to use client puzzles. In this paper, we study this approach using the apparatus of game theory. In our analysis, we derive the optimal strategy for the attacked server (e.g., a web server on the Internet) in all conceivable cases. We also present two new client puzzles as examples.

2002

A game theoretical approach to optimizing of protection against DoS attacks

B. Bencsáth, I. Vajda

presented on the Second Central European Conference on Cryptography (Hajducrypt), Július, 2002, (no proceedings).

Bibtex

@misc {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {A game theoretical approach to optimizing of protection against DoS attacks},
   howpublished = {presented on the Second Central European Conference on Cryptography (Hajducrypt)},
   month = {Július},
   year = {2002},
   note = {(no proceedings)}
}

Abstract

CVE-2002-0399

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399, 2002.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-2002-0399},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399},
   year = {2002}
}

Abstract

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Empiric examination of random number generators of smart cards

B. Bencsáth, I. Zs. Berta

HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia, BME, 2002.

Bibtex | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István Zsolt BERTA},
   title = {Empiric examination of random number generators of smart cards},
   booktitle = {HTE-BME 2002 Korszerû távközlõ és informatikai rendszerek és hálózatok konferencia},
   publisher = {BME},
   year = {2002}
}

Abstract

2001

Collecting randomness from the net

B. Bencsáth, I. Vajda

Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001, Kluwer, May, 2001, pp. 105-111.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, István VAJDA},
   title = {Collecting randomness from the net},
   booktitle = {Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security 2001},
   publisher = {Kluwer},
   month = {May},
   year = {2001},
   pages = {105-111}
}

Keywords

generation of random values, tests of randomness, good source of random data, private and authentic communication

Abstract

Random data in their work is collected from network time delay measurements and its quality is checked by statistical tests, and a special enhancement, the system of collector-servers is proposed and analyzed

2000

Home-made methods for enhancing network security (in Hungarian)

B. Bencsáth, S. Tihanyi

Magyar Távközlés, vol. X, no. 4, 2000, pp. 22-27..

Bibtex | PDF

@article {
   author = {Boldizsár Bencsáth, Sándor TIHANYI},
   title = {Home-made methods for enhancing network security (in Hungarian)},
   journal = {Magyar Távközlés},
   volume = {X},
   number = {4},
   year = {2000},
   pages = {22-27.}
}

Abstract

Simple, free encrypted tunnels using linux

B. Bencsáth

Presented on Networkshop 2000, Gödöllõ, Hungary, 2000, http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm.

Bibtex

@misc {
   author = {Boldizsár Bencsáth},
   title = {Simple, free encrypted tunnels using linux},
   howpublished = { Presented on Networkshop 2000, Gödöllõ, Hungary},
   year = {2000},
   note = {http://nws.iif.hu/NwScd/docs/nevjegy/nj74.htm}
}

Abstract

Tanulmány a napvilágra került Elender jelszavakról

I. Vajda, B. Bencsáth, A. Bognár

Apr., 2000.

Bibtex | Abstract

@techreport {
   author = {István VAJDA, Boldizsár Bencsáth, Attila BOGNÁR},
   title = {Tanulmány a napvilágra került Elender jelszavakról},
   month = {Apr.},
   year = {2000}
}

Abstract

http://ebizlab.hit.bme.hu/pub/lrpasswd.html

Virtuális magánhálózatok kiépítése és auditálása

B. Bencsáth

BME, 2000.

Bibtex

@mastersthesis {
   author = {Boldizsár Bencsáth},
   title = {Virtuális magánhálózatok kiépítése és auditálása},
   school = {BME},
   year = {2000}
}

Abstract

1999

CVE-1999-1496

B. Bencsáth

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496, 1999.

Bibtex | Abstract

@misc {
   author = {Boldizsár Bencsáth},
   title = {CVE-1999-1496},
   howpublished = {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496},
   year = {1999}
}

Abstract

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Problem areas of the security aspects of network operating systems

B. Bencsáth, S. Tihanyi

Scientific student groups (TDK) 1999, 1999.

Bibtex | PDF

@misc {
   author = {Boldizsár Bencsáth, Sándor TIHANYI},
   title = {Problem areas of the security aspects of network operating systems},
   howpublished = {Scientific student groups (TDK) 1999},
   year = {1999}
}

Abstract