Перегляд за Автор "Graivoronskyi, Mykola"

Зараз показуємо 1 - 2 з 2
  • Ескіз
    ДокументВідкритий доступ
    Model of rules for malicious input parameters detection
    (Igor Sikorsky Kyiv Polytechnic Institute, 2022) Korzhenevskyi, Oleksandr; Graivoronskyi, Mykola
    This article is devoted to detection of advanced techniques of malicious input parameter injections and web application firewall (WAF) bypass. The authors have proposed a hierarchical model for detection rules definition, which allows to edit different fragments separately. This model has been implemented with the usage of Backus-Naur form and ANTLR4 (generator of parsers and lexers). The solution has been tested using some popular web application scanners. The testing environment has been created with Python3. The results of research have been compared with the corresponding ones for the existing open source solution – libinjection. The main accent has been made to SQL injcetions and Cross-Site Scripting attacks.
  • Ескіз
    ДокументВідкритий доступ
    Power Analysis Template Attacks on AES-128 Hardware Implementations and Protection Against Them
    (Igor Sikorsky Kyiv Polytechnic Institute, 2023) Dehtyariov, Andrii; Graivoronskyi, Mykola
    The purpose of this work is to research AES-128 power analysis template attack and propose a practical way to mitigate such kind of side-channel attacks. The research includes a review of power analysis side-channel attacks, an experiment with the collection of Atmega328PU chip power samples using Hantek 6022BE oscilloscope, processing collected data and modeling – building statistical template of the device and analyzing parameters of the side-channel attack. The work is focused on preparation and carrying out the experiment. The experimental bench layout and procedures of collecting and processing the data are considered in details. The result of this work is the confirmation of the effectiveness of power analysis template attacks on AES-128 for Arduino Uno hardware, and a mechanism for mitigating such kind of attacks on the particular hardware and software implementation. Research materials described in the current work could be used for developing another side-channel template attack mitigation mechanisms for other cryptographic implementations.