Gergő Ládi

PhD student

gergo.ladi (at) crysys.hu

web: www.crysys.hu/~gladi/
twitter: @GergoLadi
office: I.E. 429
tel: +36 1 463 2063

Current courses | Publications

Short Bio

Gergő Ládi received his B.Sc. degree in Computer Science & Engineering from Budapest University of Technology and Economics (BME) in 2015, focusing on media informatics and media security. In 2018, he earned a master's degree with honours, also in Computer Science & Engineering from Budapest University of Technology and Economics, specializing in internet services and IT security. Since then, he has been working with the Laboratory of Cryptography and System Security (CrySyS), Department of Networked Systems and Services (HIT), under the supervision of Dr. Tamás Holczer. His main areas of research are automated protocol analysis and format-preserving encryption methods. Gergő is a Certified Ethical Hacker as well as a Microsoft Certified Trainer with several years of experience administering Windows Server environments.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Network Security (VIHIMB00)

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obatining skills in penetration testing and ethical hacking of networks.

IT Security Laboratory (VIHIMB01)

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Secure Software Development (VIHIAV33)

This course fills an important gap in the education of software engineers, - namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Publications

2017

Semantics-Preserving Encryption for Computer Networking Related Data Types

G. Ládi

12th International Symposium on Applied Informatics and Related Areas, Proceedings, Óbuda University, 2017, pp. 176-181, ISBN 978-963-449-032-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Semantics-Preserving Encryption for Computer Networking Related Data Types},
   booktitle = {12th International Symposium on Applied Informatics and Related Areas, Proceedings},
   publisher = {Óbuda University},
   year = {2017},
   pages = {176-181},
   note = {ISBN 978-963-449-032-6}
}

Keywords

semantics-preserving encryption; format-preserving encryption; networking; data type; MAC address; IPv4 address; IPv6 address; TCP port; UDP port; privacy; log anonymization;

Abstract

Semantics-preserving encryption methods are encryption methods that not only preserve the format (data structure) of the input, but also a set of additional properties that are desired to be preserved (for example, transforming an IP address into another from the same subnet). Such methods may be used to anonymize logs or otherwise hide potentially sensitive information from third parties, while preserving characteristics that are essential for a given purpose. This paper presents tuneable semantics-preserving encryption methods that may be applied to common computer networking related data types such as IPv4, IPv6, and MAC addresses.

Transparent Encryption for Cloud-based Services

G. Ládi

Mesterpróba 2017, Conference Proceedings, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, 2017, pp. 5-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {Mesterpróba 2017, Conference Proceedings},
   publisher = {Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics},
   year = {2017},
   pages = {5-8}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that even if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services.

Transparent Encryption for Cloud-based Services

G. Ládi

25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2017, pp. 64-68, ISSN 1847-3598.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi},
   title = {Transparent Encryption for Cloud-based Services},
   booktitle = {25th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2017},
   pages = {64-68},
   note = {ISSN 1847-3598}
}

Keywords

transparent encryption; cloud; security; DNS spoofing; TLS inspection; tampering proxy; format preserving encryption;

Abstract

Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services, even if the connection between the client and the provider is secured by Transport Layer Security.