Gergő Ládi
Research assistant
gergo.ladi (at) crysys.hu
web: www.crysys.hu/~gergo.ladi/
twitter: @GergoLadi
office: I.E. 429
tel: +36 1 463 2063
Current courses | Publications
Short Bio
Gergő Ládi received his B.Sc. degree in Computer Science & Engineering from Budapest University of Technology and Economics (BME) in 2015, focusing on media informatics and media security. In 2018, he earned a master's degree with honours, also in Computer Science & Engineering from Budapest University of Technology and Economics, specializing in internet services and IT security. Since then, he has been working with the Laboratory of Cryptography and System Security (CrySyS), Department of Networked Systems and Services (HIT), under the supervision of Dr. Tamás Holczer. His main areas of research are automated protocol analysis and format-preserving encryption methods. Gergő is a Certified Ethical Hacker as well as a Microsoft Certified Trainer with several years of experience administering Windows Server environments.
Current Courses
IT Security (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
IT Security (in English) (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Coding and IT Security (VIHIBB01)
This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source coding and channel coding.
Software Security (VIHIMA21)
This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.
Computer Security (VIHIMA06)
The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).
Network Security (VIHIMB00)
This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.
IT Security Laboratory (VIHIMB01)
This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.
Network Security in Practice (VIHIBB02)
This course gives an introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations.
Networking and Security Laboratory (VIHIBC01)
This laboratory extends and deepens the knowledge and skills obtained in the Network Security in Practise and Computer Security in Practise courses by solving practical, hands-on exercises in real, or close-to-real environments.
Publications
2021
Protocol State Machine Reverse Engineering with a Teaching-Learning Approach
G. Székely and G. Ládi and T. Holczer and L. Buttyán
Acta Cybernetica, 2021.
@article {
author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
title = {Protocol State Machine Reverse Engineering with a Teaching-Learning Approach},
journal = {Acta Cybernetica},
year = {2021}
}
Keywords
automated protocol reverse engineering, state machines, Mealy machinesAbstract
In this work, we propose a novel solution to the problem of inferring the state machine of an unknown protocol. We extend and improve prior results on inferring Mealy machines, and present a new algorithm that accesses and interacts with a networked system that runs the unknown protocol in order to infer the Mealy machine representing the protocol’s state machine. To demonstrate the viability of our approach, we provide an implementation and illustrate the operation of our algorithm on a simple example protocol, as well as on two real-world protocols, Modbus and MQTT.2020
GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic
G. Ládi and L. Buttyán and T. Holczer
Infocommunications Journal, Vol. XII, No. 2, 2020.
@article {
author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
title = {GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
journal = {Infocommunications Journal, Vol. XII, No. 2},
year = {2020}
}
Keywords
protocol reverse engineering, message format, field semantics, inference, binary protocols, network traffic, graph analysis, Modbus, MQTTAbstract
Protocol specifications describe the interaction be- tween different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed proto- cols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications relying solely on recorded network traffic. More specifically, we propose GrAMeFFSI, a method based on graph analysis that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the official specifications of these protocols.Towards Reverse Engineering Protocol State Machines
G. Székely and G. Ládi and T. Holczer and L. Buttyán
The 12th Conference of PhD Students in Computer Science - Volume of short papers, 2020, pp. 70-73.
@inproceedings {
author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
title = {Towards Reverse Engineering Protocol State Machines},
booktitle = {The 12th Conference of PhD Students in Computer Science - Volume of short papers},
year = {2020},
pages = {70-73}
}
Abstract
In this work, we are addressing the problem of inferring the state machine of an unknown protocol. Our method is based on prior work on inferring Mealy machines. We require access to and interaction with a system that runs the unknown protocol, and we serve a state-of-the-art Mealy machine inference algorithm with appropriate input obtained from the system at hand. We implemented our method and illustrate its operation on a simple example protocol.Virtualization-assisted Testing of Network Security Systems for NPPs
T. Holczer and G. Berman and S. M. Darricades and P. György and G. Ládi
International Conference on Nuclear Security: Sustaining and Strengthening Efforts, International Atomic Energy Agency (IAEA), 2020.
@inproceedings {
author = {Tamas Holczer and G. Berman and S. M. Darricades and Péter György and Gergõ Ládi},
title = {Virtualization-assisted Testing of Network Security Systems for NPPs},
booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts},
publisher = {International Atomic Energy Agency (IAEA)},
year = {2020}
}
Abstract
Nuclear power plants use different digital assets to control the processes. These assets are normally connected by computer networks, and are targets of potential cyber-attacks. To avoid or mitigate the effect of such an attack, different security controls are used in accordance with the guidelines. Before deploying a new cyber security control, it must be tested thoroughly. The paper proposes virtual testbeds made of virtual computers and networks for these tests and shows how three widely used open source firewalls perform in such a test.2018
Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic
G. Ládi and L. Buttyán and T. Holczer
26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2018, pp. 1-6, ISBN 978-9-5329-0087-3.
@inproceedings {
author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
title = {Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
booktitle = {26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
publisher = {FESB, University of Split},
year = {2018},
pages = {1-6},
note = {ISBN 978-9-5329-0087-3}
}
Keywords
protocol reverse engineering; message format; field semantics; inference; binary protocols; network traffic; Modbus; MQTTAbstract
Protocol specifications describe the interaction between different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed protocols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications based solely on recorded network traffic. More specifically, we propose a method that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the known specifications of these protocols.2017
Semantics-Preserving Encryption for Computer Networking Related Data Types
G. Ládi
12th International Symposium on Applied Informatics and Related Areas, Proceedings, Óbuda University, 2017, pp. 176-181, ISBN 978-963-449-032-6.
@inproceedings {
author = {Gergõ Ládi},
title = {Semantics-Preserving Encryption for Computer Networking Related Data Types},
booktitle = {12th International Symposium on Applied Informatics and Related Areas, Proceedings},
publisher = {Óbuda University},
year = {2017},
pages = {176-181},
note = {ISBN 978-963-449-032-6}
}
Keywords
semantics-preserving encryption; format-preserving encryption; networking; data type; MAC address; IPv4 address; IPv6 address; TCP port; UDP port; privacy; log anonymization;Abstract
Semantics-preserving encryption methods are encryption methods that not only preserve the format (data structure) of the input, but also a set of additional properties that are desired to be preserved (for example, transforming an IP address into another from the same subnet). Such methods may be used to anonymize logs or otherwise hide potentially sensitive information from third parties, while preserving characteristics that are essential for a given purpose. This paper presents tuneable semantics-preserving encryption methods that may be applied to common computer networking related data types such as IPv4, IPv6, and MAC addresses.Transparent Encryption for Cloud-based Services
G. Ládi
25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2017, pp. 64-68, ISSN 1847-3598.
@inproceedings {
author = {Gergõ Ládi},
title = {Transparent Encryption for Cloud-based Services},
booktitle = {25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
publisher = {FESB, University of Split},
year = {2017},
pages = {64-68},
note = {ISSN 1847-3598}
}
Keywords
transparent encryption; cloud; security; DNS spoofing; TLS inspection; tampering proxy; format preserving encryption;Abstract
Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services, even if the connection between the client and the provider is secured by Transport Layer Security.Transparent Encryption for Cloud-based Services
G. Ládi
Mesterpróba 2017, Conference Proceedings, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, 2017, pp. 5-8.
@inproceedings {
author = {Gergõ Ládi},
title = {Transparent Encryption for Cloud-based Services},
booktitle = {Mesterpróba 2017, Conference Proceedings},
publisher = {Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics},
year = {2017},
pages = {5-8}
}