Sirvi Autor "Paršovs, Arnis, juhendaja" järgi

Nüüd näidatakse 1 - 20 26

listelement.badge.access-status Avatud juurdepääs ,
A Proof of Concept Malware for Interacting with the Smart-ID Android Application
(Tartu Ülikool, 2020) Maala, Silver; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The aim of this thesis is to study how a malicious application can interact with the Smart- ID Android application. The result of this paper is a proof of concept application that is able to use root privileges to capture the PINs entered by the user in the Smart-ID transaction screen and is later able to automatically enter the captured PINs in the transaction screen.
listelement.badge.access-status Avatud juurdepääs ,
A Systematic Review of Wireless Infrared Communication
(Tartu Ülikool, 2020) Kruusi, Mihkel; Paršovs, Arnis, juhendaja; Morgan, Danielle Melissa, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The demand for wireless communication systems has increased exponentially during the last few decades. To meet the demand, wireless infrared communication systems can be used as an alternative to the currently used wireless radio communication systems. As a result of this thesis, a systematic review of wireless infrared communication and lecture materials for a course called “Introduction to Wireless Security” were created. The lecture was conducted in video format.
listelement.badge.access-status Avatud juurdepääs ,
Account Existence Leaks in Estonian Online Services
(Tartu Ülikool, 2025) Eesmaa, Gregor; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Konto olemasolu leke on turvanõrkus, mis võimaldab ründajal tuvastada, kas kasutaja on veebiteenuses registreeritud. Seda viga saab ära kasutada nii laiaulatuslikuks kontode loendamiseks kui ka sihitud rünneteks, mis kujutab endast märkimisväärset privaatsusriski ja on tõenäoliselt vastuolus EL-i isikuandmete kaitse üldmäärusega (IKÜM). Käesolev magistritöö uurib selle haavatavuse levimust populaarsetes Eesti veebiteenustes, mis kasutavad kontotunnusena meiliaadresse. Töös viidi läbi süstemaatiline turvaanalüüs 55 populaarsel Eesti veebilehel ja mobiilirakenduses, testides haavatavuse suhtes selliseid funktsionaalsusi nagu sisselogimine, parooli lähtestamine, kontode registreerimine ja e-posti aadressi muutmine. Tehnilisele analüüsile järgnes mitmeetapiline vastutustundliku avalikustamise protsess, mis hõlmas kohandatud haavatavusaruandeid ja ametlikke IKÜM-i andmesubjekti päringuid nõuetele mittevastavatele teenusepakkujatele. Uuringust selgus, et kõik testitud teenused olid haavatavad konto olemasolu leketele vähemalt ühe vektori kaudu, kusjuures konto registreerimise ja e-posti muutmise vormid olid kõige sagedamini haavatavad. Enamus testitud teenuseid, 31 (56%), võimaldas varjatud lekkeid ja neil nähtavasti puudusid elementaarsed automatiseerimisvastased meetmed, võimaldades seeläbi varjatud ja massilist kontode loendamist. Nii esialgne vabatahtlik avalikustamine kui ka ametlikud IKÜM-i päringud osutusid tõhusateks vahenditeks paranduste esilekutsumisel, mille tulemusel 15 (27%) testitud teenustest vea täielikult parandasid. Tulemused viitavad süsteemsele kultuurilisele ja regulatiivsele hooletusele konto olemasolu lekete ennetamisel. See uurimus on esimene põhjalik ja laiaulatuslik konto olemasolu lekete analüüs Eesti kontekstis, mis kinnitab IKÜM-põhise teavitusstrateegia tõhusust nõuetele vastavuse saavutamiseks ning pakub praktilisi soovitusi teenusepakkujatele, poliitikakujundajatele ja kasutajatele selle laialt levinud privaatsusriski maandamiseks.
listelement.badge.access-status Avatud juurdepääs ,
Adding eMRTD authentication support to the Web eID project
(Tartu Ülikool, 2023) Maala, Silver; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Eesti hakkas väljastama ID kaarte mille peal on Elektrooniliste Masinloetavate Reisidokumentide (eMRTD) applet aastal 2021. Selle lõputöö eesmärk on täiustada Web eID projekti sinna lisades eMRTD autentimise võimaluse. eMRTD applet sisaldab kaardi omaniku biomeetrilisi ja isiklikke andmeid ja neid andmeid saab krütograafiliselt kontrollida, et neid pole muudetud. Selles töös loodud autentimise meetod annab võimaluse veebirakendusel autentida kasutajat üle võrgu kasutades selleks ID kaardil olevat eMRTD appleti. Selle meetodi eelis on, et kasutaja ei pea sisestama enda PIN koodi. Selles töös anname ülevaata eMRTD-st, selles olevates failidest ja turvameetmetest, ja Web eID projektist. Selle töö tulemus on Web eID projekti Git harud, milles on toetatud autentimine eMRTD-ga.
listelement.badge.access-status Avatud juurdepääs ,
Analysis of Security and Privacy Issues in Common Smart Home Products
(Tartu Ülikool, 2021) Teivens, Mikus; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The smart home devices are manufactured with the idea that the house owner should be able to automate various heating, lightning, energy consumption heavy tasks. While the idea of the smart house sounds great, as with all other things, the convenience does not come without a price, and in authors opinion this price to pay is usually the privacy of the consumer. In this thesis the author will examine a few, most commonly available smart home solutions in the Baltic region and analyze what potential security and privacy issues these solutions or the applications controlling them, might introduce.
listelement.badge.access-status Avatud juurdepääs ,
Cyber Hygiene Feedback Tool
(Tartu Ülikool, 2025) Kuusk, Marco; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Käesolev bakalaureusetöö kirjeldab küberhügieeni tagasisidesüsteemi loomist, rakendamist ja hindamist, mille eesmärk on aidata igas suuruses organisatsioonidel parandada oma küberturvalisust. Eesmärk oli arendada kerge ja kasutajasõbralik veebipõhine enesehindamise tööriist, mis võimaldab nii töötajatel kui ka organisatsioonidel tuvastada turbeprobleeme ning saada praktilist ja arusaadavat tagasisidet ilma tehnilise taustata. Süsteem koosneb kahest struktureeritud küsimustikust, üks individuaalsele kasutajale ja teine organisatsiooni tasemele, ning lihtsast veebiliidesest. Vastuste alusel arvutatakse skoor ja käivitatakse tagasiside generaator, mis kasutab reeglipõhist loogikat ja generatiivset tehisintellekti (OpenAI GPT-4o). Lõppresultaadiks on raport, mis sisaldab tugevusi, nõrkusi, riskistsenaariume ning ajaliselt jaotatud tegevuskava. Tööriista hinnati nii simuleeritud andmete kui ka praktilise kasutuse kaudu. Üks organisatsioon kasutas süsteemi kahel korral, esimesel korral hindamiseks ja teisel korral korduvhindamiseks pärast soovituste rakendamist, ning parandas oma tulemust 13 protsendipunkti võrra. Kokku kasutas tööriista kuus töötajat, kellest kolm tegid pärast parenduste elluviimist kordushindamise. Kõik kordushindajad saavutasid keskmiselt 9.6 protsendipunkti suuruse tõusu oma tulemustes. Need tulemused näitavad, et süsteem on tõhus ja aitab kaasa teadlikkuse tõusule ning mõõdetavale turvalisuse parandamisele.
listelement.badge.access-status Avatud juurdepääs ,
Database that stores data contained in digital signature file formats used in Estonia
(Tartu Ülikool, 2020) Aralov, Artur; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The bachelor's thesis describes what digital signature file format is, and terms associated with it. In addition, specifications of digital signature file formats used in Estonia are described. The goal of this thesis was to create a database in which data contained in digital signature file formats used in Estonia will be stored. Therefore, this thesis also describes processes of collecting these digital signature file formats and creating a database.
listelement.badge.access-status Avatud juurdepääs ,
Estonian ID card’s personal data file emulator
(Tartu Ülikool, 2025) Mürk, Robin; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Üks ID kaardi levinumaid kasutusviise on selle kasutamine poe kliendikaardina. Alates 2018. aastast välja antud ID-kaartidele puudub aga avalikult kättesaadav emulaator, mis võimaldaks kliendikaardi autentimisprotsessi emuleerida. Käesoleva töö eesmärgiks on arendada Java Card’i põhine emulaator, mis emuleerib ID-kaardi failisüsteemi isikuandmete faile, et võimaldada autentimist poe terminalides. Töö raames antakse ülevaade ID-kaardi tehnilistest spetsifikatsioonist ning kirjeldatakse täpselt kaardi ja terminali vahelist suhtlust. Hiljem antakse ülevaade ID kaari falisüsteemist ja isikuandmete failist, millele järgneb emulaatori teostus. Emulaatorit testiti 16 poe terminali kontakt kui ka kontaktivaba liidese peal. Autentimine toimis 10 terminalis, kuid kontaktivaba liidese kaudu ei õnnestunud autentimine üheski.
listelement.badge.access-status Avatud juurdepääs ,
Integration analysis of various eID authentication solutions used in the private sector of Estonia
(Tartu Ülikool, 2022) Milašius, Gediminas; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
In Estonia, citizens can log in to online services via eID authentication schemes such as Smart-ID, Mobile-ID, and smart cards. The vast majority of these authentications go to banks and e-government services. If any other business in the private sector wished to integrate eID authentication, they would encounter that information about authentication providers is scarce and scattered. No comprehensible resources exist that enumerate and compare various currently available eID schemes. The thesis aims to fill that gap by listing available eID solutions and providing security and integration analysis. The analysis will cover three solutions: Web eID, eeID, and Dokobit. The main findings of the thesis show that the technology to support eID authentication exists and that most businesses choose not to use eID authentication because the benefits of using such a system do not outweigh the costs of integration. Additionally, this thesis discovered significant security vulnerabilities in some eID solutions, previously assumed to be safe and secure. The thesis results serve as a reminder not to assume that a product is secure just because it specializes in security.
listelement.badge.access-status Avatud juurdepääs ,
Intercepting Mobile-ID SIM Toolkit Calls On Android
(Tartu Ülikool, 2023) Mander, Karl Erik; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
This thesis investigates the security risk of intercepting Mobile-ID SIM Toolkit calls on Android. The investigation is done by modifying the Android operating system with malware. Through an in-depth analysis of the communication protocol between an Android phone and a SIM card, this study demonstrates that attackers who have gained access to the victim’s phone through illegitimate apps or other exploits with root privileges may be able to remotely control Mobile-ID operations by intercepting SIM card communications. From there on, the system could complete all Mobile-ID transactions surreptitiously and automatically. This thesis aimed to research the security architecture of Android OS concerning Mobile-ID and discuss possible options that a malware creator would have to implement to achieve SIM command intercepting capabilities.
listelement.badge.access-status Avatud juurdepääs ,
Intercepting Network Traffic of the Smart-ID Android Application
(Tartu Ülikool, 2020) Ilja, Kärt; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
This thesis analyzes the technical means on how to monitor network communication between the Smart-ID Android application and the server. It gives an overview of the Smart-ID solution and then introduces the concept of man-in-the-middle attack used to intercept the traffic. To implement successful traffic interception attack, the certificate pinning mechanism had to be disabled in the Smart-ID application. This thesis provides step-by-step instructions on how to modify the Smart-ID application’s network security configuration and implement traffic interception using mitmproxy tool. Using the proposed methods network requests can be monitored to verify that no obvious personal data is being sent out from the user’s Android mobile device.
listelement.badge.access-status Avatud juurdepääs ,
Secure Channel Establishment for the NFC Interface of the New Generation Estonian ID Cards
(Tartu Ülikool, 2020) Kivivare, Sander-Karl; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The latest generation Estonian ID card introduced in the December 2018 has a contactless interface that can be used to communicate with the card via near-field communication (NFC). This thesis describes the cryptographic protocol that is used to communicate over the contactless interface and provides detailed instructions with code examples in Python to help software developers to create applications that can make use of this new NFC interface on Estonian ID card.
listelement.badge.access-status Avatud juurdepääs ,
Security Analysis of a Low-Cost Drone
(Tartu Ülikool, 2025) Reinkubjas, Karl; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Droonide kättesaadavus ja kasutamine igapäevaselt aina kasvab. Lisaks kasvab valdkondade arv, kus neid kasutatakse. Hinnanguliselt tõuseb droonide arv järgmise viie kuni kaheksa aasta jooksul kuni neli korda, millega kaasneb ka soodsate ja ebaturvalisemate droonide arvu suurenemine. Magistritöö raames uuriti soodsat Hiinas tehtud drooni, et analüüsida selle turvalisust. Droon kasutas krüpteerimata Wi-Fi ühendust, mistõttu oli võimalik pöördkonstrueerida videovoog ning käsud, millega drooni juhitakse. Drooni rünnati edukalt neljal erineval viisil: video pildi nuuskimine, ummistusrünnak desautentides kasutaja võrgust välja, halbade käskude süstimine, drooni täielik ülevõtmine. Uuritud drooni on võimalik ära kasutada halbade kavatsustega osapoolel.
listelement.badge.access-status Avatud juurdepääs ,
Security analysis of RIA’s authentication service TARA
(Tartu Ülikool, 2021) Kriisk, Jan Erik; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Estonian Information System Authority (Riigi Infosüsteemi Amet - RIA) governs an authentication service called TARA. Many public sector e-services use the authentication service to authenticate users via ID-card, Mobile-ID, Smart-ID, or EU eID. The thesis aims to analyse the security of TARA, document the protocol, and analyse what could go wrong.
listelement.badge.access-status Avatud juurdepääs ,
Security Analysis of Skybrake DD5 Immobilizer
(Tartu Ülikool, 2024) Würsch, Daniel; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Car immobilizers are devices intended to prevent car theft by immobilizing the car in absence of a unique authentication token held by the authorized driver of the car. This work documents the process of performing a security analysis of the Skybrake DD5 immobilizer in order to understand its working principles and to verify the security claims by the manufacturer. The main working principles of the immobilizer have been reverse engineered and methods of capturing and injecting signals using commonly sold and available hardware have been documented. By analysis of captured signals from the immobilizer, the authentication protocol flow and the content of the exchanged messages have been reverse engineered and documented. Possible attack vectors were described and analyzed in order to assess if the immobilizer is vulnerable to them. While this work does identify some minor weaknesses and areas of concerns, no major vulnerabilities were found during the security analysis.
listelement.badge.access-status Avatud juurdepääs ,
Security Analysis of Tartu Smart Bike Share Android Application
(Tartu Ülikool, 2020) Kütt, Siim-Alexander; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
In June 2019, Tartu City Transport launched a smart bike share system, which allows the residents of Tartu to rent bikes for small commutes around the city. A month after the system first launched a privacy exposure was discovered and personal data of the users was leaked. It was not publicly disclosed where the fault had resided, but it was confirmed to have been fixed shortly after the developers were notified. The aim of this research was to analyze the security of the Tartu Smart Bike Share Android app and its communication with the web service. During the course of the research, several security and privacy issues were found, one of which allows any registered user to query information about the location of a bike and its current user. The thesis provides a general description of the system and its underlying architecture, outlines how and which aspects of the app functionality were analyzed and what results were found. Suggestions for improving the security and privacy aspects of the system are also provided.
listelement.badge.access-status Avatud juurdepääs ,
Security Architecture of the Latvian eParaksts mobile
(Tartu Ülikool, 2022) Šterna, Elizabete Liene; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
The eParaksts mobile is a Latvian eID solution that is used for authentication and electronic signature creation with more than 187 000 users. It can be used to access government e-services in Latvia and create qualified electronic signatures with the same legal strength as handwritten signatures. Since eParaksts mobile is not an open-source solution, there is no publically available information describing the architecture of eParaksts mobile. Therefore, in this thesis, network traffic analysis is performed to understand and describe how the authentication and electronic signature creation schemes are implemented. This analysis depicts in detail the enrollment, authentication and electronic signature creation processes and shows that eParaksts mobile has a hybrid architecture – partly device-based, partly server-based. The private key for the authentication scheme is kept on the user’s device, while the private key for signature creation is kept on an HSM on the server-side. Additionally, a discussion of security implications emerging from the architecture of eParaksts mobile is provided. Moreover, this thesis provides a foundation for future studies of security analysis of the eParaksts mobile solution.
listelement.badge.access-status Avatud juurdepääs ,
Security in Remote Update of Medical Devices
(Tartu Ülikool, 2022) Wu, Xuejun; Aura, Tuomas, juhendaja; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
listelement.badge.access-status Avatud juurdepääs ,
The Estonian Mobile-ID Implementation on the SIM Card
(Tartu Ülikool, 2022) Kravtšenko, Semjon; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Mobile-ID is an eID solution that can be used for authentication and digital signing. It has been transaction for more than a decade, and it is popular in Estonia. As of May 2022, more than 251 000 Mobile-IDs are in use, and, on average, 10 million operations are completed each month [1]. The solution relies on a special Mobile-ID functionality built into a phone SIM card. There is publicly available documentation about Mobile-ID [2], but it mainly describes the communication between the e-services implementing Mobile-ID support and the Mobile-ID backend. Not much information is publicly available on how Mobile-ID functionality is implemented on the SIM card, how it interacts with the phone and how it communicates with the Mobile-ID backend. In this work, interactions between the SIM card and the phone are documented. Additionally, the communication between the SIM card and the Mobile-ID backend is described, as well as how Mobile-ID service SMS are used to perform Mobile-ID transaction.
listelement.badge.access-status Avatud juurdepääs ,
Third-party services and their usage on the most visited Estonian websites
(Tartu Ülikool, 2021) Metsare, Norbert; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Websites and used business models have changed a lot during the last few decades. While in the past a website had to create, manage, and secure all its own components, now all the site must do is to focus on its very own speciality and, by using third-party services, leave all the infrastructure, visitor analysis and security management to the services that specialize on those exact topics. This allows the website operators to create quality content, save money on development and increase their income. While using third-party services makes the process more efficient for the website operators, it makes the users of those sites more vulnerable. Every piece of possible information about the user is gathered and shared with third-party partners to analyse user’s patterns, location, and possible interests, so that the website can offer specific content to specific user. If we look more into the requests that forward the user’s data, we can see that all of this ends up in the databases of only a handful of big tech companies, which, in turn, creates a handful of problems – big companies having leverage over the site contents, risks related to data centralization, and web dependency on the tech giants. The current thesis will focus on the analysis of the most visited Estonian websites and their usage of third-party services, as well as the final destinations for gathered and forwarded user’s information. Based on the findings, different web business models and third-party services are explained, as well as the connections between them. Data centralization problems are discussed along with recommendations to the end-users for more safer web browsing.