Dr. Levente Buttyán

Associate Professor, Head of the Lab
e-mail: buttyan (at) crysys.hu

web: www.hit.bme.hu/~buttyan/
publikációk: MTMT
office: I.E. 431
tel: +36 1 463 1803
fax: +36 1 463 3263

Short Bio

Levente Buttyán was born in 1970 in Salgótarján, Hungary. He received the M.Sc. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 1995, and earned the Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in 2002.
In 2003, he joined the Department of Networked Systems and Services at BME, where he currently holds a position as an Associate Professor and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). He has done research on the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). Recently, he has been involved in the analysis of some high profile targeted malware, such as Duqu, Flame (aka sKyWIper), MiniDuke, and TeamSpy. Currently, his research interests are in embedded systems security (a.k.a. security for Internet of Things) and embedded systems forensics.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security Bootcamp (VIHIAL00)

This BSc course introduces problems related to general IT security.

Cryptographic Protocols (VIHIMA05)

This course introduces problems related to communication security in wired and wireless networks, describes the principles and practical implementations of modern security protocols that address those problems, and sheds light on protocol design issues through the detailed analysis of existing security protocols.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Secure Software Development (VIHIAV33)

This course fills an important gap in the education of software engineers, - namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Privacy-Preserving Technologies (VIHIAV35)

The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these days. Is it possible to derive (socially or individually) useful information about people from this Big Data without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the upcoming European General Data Protection Regulation (GDPR).

Applied Cryptography (in English) (VIHIA030)

This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.

Student Project Proposals

Kódaláírás módszerek és rendszerek biztonságának vizsgálata

Programok hitelesítésének és integritásvédelmének elterjedt módszere a digitális aláírás. Az elmélet szerint egy aláírt program telepítése vagy futattása előtt a digitális aláírás ellenőrzésre kerül, és a program csak akkor települ vagy fut, ha az aláírás helyes és érvényes. A gyakorlatban azonban az aláírás ellenőrzése nem triviális, komplex folyamat, ami számos buktatót, kiskaput, és hibalehetőséget rejt magában, amit a támadók potenciálisan kihasználhatnak aláírt rosszindulatú programok terjesztésére.

Google Certificate Transparency

Google's Certificate Transparency project fixes several structural flaws in the TLS/SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections (for details see www.certificate-transparency.org/). In particular, Certificate Transparency makes it possible to detect TLS/SSL certificates that have been mistakenly issued by or maliciously acquired from a certificate authority. This is achieved by introducing new functional components into the traditional certificate system that provide supplemental monitoring and auditing services. In addition, Certificate Transparency is an open and public framework, therefore, anyone can build or access its basic components.

PKI for connected vehicles

A modern gépjárművek vezeték nélküli interfészen keresztül kommunikálnak egymással az IEEE 1609 (WAVE) szabvány protokolljait használva. Ez a szabvány az üzenetek hitelesítésére digitális aláírást használ. Ennek támogatására azonban egy PKI infrastruktúrára van szükség, amit a szabvány már nem specifikál részletesen. A hallgató feladata annak vizsgálata, hogy milyen követelményeket támaszt az IEEE 1609 szabvány a háttér PKI-re vonatkozóan, valamint egy alkalmas prototípus PKI rendszer létrehozása open source szoftverek segítségével. A projekt különösen aktuális, és a hallgatónak lehetősége lesz együttműködni olyan cégekkel, melyek vagy gépjármű kommunikációs rendszert fejlesztenek (CommSignia) vagy PKI infrastruktúrát működtetnek (Microsec).

ICS honeypot rendszer fejlesztése

Kritikus infrastruktúráink alapját sokszor ipari automatizálási és folyamatirányítási (ICS/SCADA) rendszerek alkotják, melyek egyre nagyobb mértékben rendelkeznek külső hálózati kapcsolatokkal, esetleg Internet felőli eléréssel, ezért ki vannak téve a kibertér felől érkező támadásoknak. Egyelőre azonban ezek a támadások ritkák, és nincs elég tapasztalatunk a támadási módszereket és eszközöket illetően. Az ezzel kapcsolatos információgyűjtés egy lehetséges eszköze egy honeypot rendszer, mely kívülről valós ICS/SCADA rendszernek tűnik, ám valójában egy csapda, melyben megfigyelhető a támadó tevékenyésge.

Lateral Movement Detection in Corporate Internal Networks

The scope of the project is to enhance the existing threat detection capabilities of a real corporate internal network. It would focus on to define, implement and integrate detection techniques such as sinkhole network, honey net and/or deception. During the exercise the student(s) would work together with Cyber Defence Experts (Attack Monitoring, Incident Investigation, Incident Response) to come up with a practical solution on this topic.
A projekt szorosan kapcsolódik ipari partnerünk, a MOL érdeklődési területeihez, és lehetőséget biztosít a MOL kiberbiztonsági szakértőivel történő együttműködésre.

Threat Detection utilizing Packet Capture Infrastructure

The scope of this topic is to engineer a scalable network packet based detection system for a corporate network perimeter. The goal is to build a Snort and OpenAppID based detection solution on the top of an existing packet capture infrastructure and integrate the alerting mechanisms with a SIEM system. The student(s) will work with Cyber Defence Engineers who provide consultancy during the planning and implementation phases.
A projekt szorosan kapcsolódik ipari partnerünk, a MOL érdeklődési területeihez, és lehetőséget biztosít a MOL kiberbiztonsági szakértőivel történő együttműködésre.