Timetable changes are possible - please follow the web.

Event program

Thursday, 5/24/2018 9:00 AM - 11:30 AM, Camelia 1, Grand hotel Adriatic, Opatija 9:15 AM - 11:30 AM Papers  1. D. Peras, R. Mekovec, R. Picek (Fakultet organizacije i informatike Varaždin, Varaždin, Croatia) Influence of GDPR on Social Networks Used by Omnichannel Contact Center  First part of paper addresses the impact of General Data Protection Regulation (GDPR) on data collection by most popular social networks. GDPR will start to apply on May 25th 2018, and it aims to change the way in which organizations treat data protection. Regulation requires organizations, including social networking service providers (SNS providers), operating within the EU to know where personal information of their users is located, how can it be used and when does it have to be deleted. The paper clarifies the rights of the users and the obligations of the SNS providers. It analyzes 10 most popular social networks and explores what personal information they collect as well as problems related to the application of GDPR. Second part of the paper presents the use of social networks in omnichannel contact center. Omnichannel is a business model which combines various communication channels in order to improve customer experience. Since modern social networks are abundant with private user information, it is necessary to determine which of them may be collected and used by omnichannel contact center, while respecting the principles of GDPR. 2. G. Vojković, M. Milenković (Fakultet prometnih znanosti, Zagreb, Croatia) GDPR in Access Control and Time and Attendance Systems Using Biometric Data  The new General Data Protection Regulation (GDPR) begins to fully apply on May 25, 2018, and EU Member States have to transpose it into their national law by 6 May 2018. By this Regulation (i.e. by a binding act directly applicable), the European Union regulates the questions of personal data protection in a significantly different and more up-to-date way than regulated by the previous regulations. For the first time, biometric data, are also defined as personal data obtained by a special technical processing related to physical, physiological characteristics, or characteristics of an individual's behavior, which provide or confirm the unique identification of the individual, such as face recognition or fingerprint identification. Given that these data are very commonly used in access control and time and attendance systems, in the paper, we would like to present the novelties that the GDPR brings, and which will have to be respected by everyone whose access control system or time and attendance systems are based on biometric data. 3. T. Katulic (University of Zagreb, Zagreb, Croatia) Transposition of EU Network and Information Security Directive into National Law  Information system attacks and data breaches are becoming a common occurrence. EU Commission has reported over 80% of European enterprises have suffered at least one case of information system attacks in the last year. Appropriate level of information security is a prerequisite to development of information society services and the common digital market. The European lawmaker as well as Member States have previously tried to regulate information security requirements and obligations with varying degrees of success. The new European Network and Information Security Directive, as the new European legal framework of information security, attempts to secure essential and digital services in order to limit damage from cyber threats and improve availability and integrity of information society services in the EU. 4. B. Plejić (ERICSSON NIKOLA TESLA d.d., ZAGREB, Croatia), M. Šilić, M. Golob (Faculty of Electrical Engineering and Computing, ZAGREB, Croatia) Stabile Usage of Export Regulatory Standards in Data Security Process  The amount of data that contemporary companies generate is rapidly increasing. Due to data explosion, security and privacy are becoming crucial concerns for companies. Therefore, companies must ensure security to remain a priority, and set the rules that will keep company at a desired security level. In addition to their internal security rules, a company may need to comply with one or more standard defined by external parties. Weak implementation of strict standards may lead to procedural gaps where the critical point is delivering the data to customers. In this paper, we define terms and concepts behind the security standards that are related to encryption algorithms and describe the correlation between security and regulatory standards while exporting sensitive data to customers. In addition, we provide a case study to demonstrate how weak implementation of export regulatory standards can lead to human errors, where lack of security competence can trigger high level damage after commercial product roll up. Finally, we show how minor modification in the implementation of standards can mitigate the security breach. 5. M. Nicho (College of Technological Innovation, Zayed University, Dubai, United Arab Emirates), S. Khan (College of Engineering and IT, University of Dubai, Dubai, United Arab Emirates) A Decision Matrix Model to Identify and Evaluate APT Vulnerabilities at the User Plane  While advances in cyber-security defensive mechanisms have substantially prevented malware from penetrating into organizational Information Systems (IS) networks, organizational users have found themselves vulnerable to threats emanating from Advanced Persistent Threat (APT) vectors, mostly in the form of spear phishing. In this respect, the question of how an organizational user can differentiate between a genuine communication and a similar looking fraudulent communication in an email/APT threat vector remains a dilemma. Therefore, identifying and evaluating the APT vector attributes and assigning relative weights to them can assist the user to make a correct decision when confronted with a scenario that may be genuine or a malicious APT vector. In this respect, we propose an APT Decision Matrix model which can be used as a lens to build multiple APT threat vector scenarios to identify threat attributes and their weights, which can lead to systems compromise. 6. L. Bošnjak, J. Sreš, B. Brumen (UM FERI, Maribor, Slovenia) Brute-Force and Dictionary Attack on Hashed Real-World Passwords  An information system is only as secure as its weakest point. In many information systems that remains to be the human factor, despite continuous attempts to educate the users about the importance of password security, and enforce password creation policies on them. Furthermore, not only do the average users’ password creation and management habits remain more or less the same, but the password cracking tools, and more importantly, the computer hardware, keep improving as well. In this study, we performed a broad targeted attack combining several well-established cracking techniques, such as brute-force, dictionary and hybrid attacks, on the passwords used by the students of a Slovenian university to access the online grading system. Our goal was to demonstrate how easy it is to crack most of the user-created passwords using simple and predictable patterns. To identify differences between them, we performed an analysis of the cracked and uncracked passwords, and measured their strength. The results have shown that even a single low to mid-range modern GPU can crack over 95% of passwords in just few days, while a more dedicated system can crack all but the strongest 0.5% of them. 7. D. Sever (CS Computer Systems, Zagreb, Croatia), T. Kišasondi (Faculty of Organization and Informatics, Varaždin, Croatia) Efficiency and Security of Docker Based Honeypot Systems  Honeypot is a computer, a group of computers, an application or just a single service with the main task of attracting malicious agents. It is actually a bait, used to detect or mitigate attacks or simply to divert the attacker from the real services. The challenge in creating honeypots is how to create an agile and flexible Honeypot infrastructure. In this paper we assert that, as regards to efficiency, containers are more suitable for this kind of task compared to other technologies. However, we analyse the security of Honeypot implementations inside of containers based on Docker, which is the de facto standard for containers and a widely used implementation. 8. I. Gribanova, A. Semenov (Matrosov Institute for System Dynamics and Control Theory of Siberian Branch of Russian Academy of S, Irkutsk, Russian Federation) Using Automatic Generation of Relaxation Constraints to Improve the Preimage Attack on 39-step MD4  In this paper we construct preimage attack on the truncated variant of MD4 hash function. Specifically, we study the MD4-39 function defined by the first 39 steps of the MD4 algorithm. We suggest a new attack on MD4-39, which develops the ideas proposed by H. Dobbertin in 1998. Namely, the special relaxation contraints are introduced in order to simplify the equations corresponding to the problem of finding a preimage for an arbitrary MD4-39 hash value. The equations supplemented with the relaxation constraints are then reduced to the Boolean Satisfiability Problem (SAT) and solved using the state-of-the-art SAT solvers. We show that the effectiveness of a set of relaxation constraints can be evaluated using the black-box function of a special kind. Thus we suggest automatic method of relaxation constraints generation by applying the black-box optimization to this function. The proposed method made it possible to find new relaxation constraints that contribute to a SAT-based preimage attack on MD4-39 which significantly outperforms the competition. 9. A. Bánáti, E. Kail, K. Karóczkai, M. Kozlovszky (Óbuda University, Budapest, Hungary) Authentication and Authorization Orchestrator for Microservice-Based Software Architectures  Nowadays the demand for cloud and IT services is gaining more and more popularity, therefore, the various IT solutions which implement them need to face some challenges. More and more intensive user activities require the use of well-scalable and distributed solutions which (from software technology point of view) disassembles classical monolithic architectures into microarchitectures. Consequently, instead of one or a few well-determined application-level access points, the system must provide many access for the users and the other parts of the application involving many authentication and authorization processes. Moreover, the number and the location of these access are constantly changing during the running time implying new challenges in the security and the management field. One of the solutions is to give an encrypted token (typically implemented by a JSON Web Token) to the users after their logins which will be attached to each query. In this paper we develop an authentication and authorization orchestrator for the microservices which can manage the tokens (create and delete) needed to the authentication and authorization of the users. The orchestrator service contains a client API to provide the necessary information for the microservice in Java environment without the modification of the original application.

Basic information:

Karolj Skala (Croatia)

Enis Afgan (Croatia), Slaviša Aleksić (Germany), Slavko Amon (Slovenia), Lene Andersen (Denmark), Vesna Anđelić (Croatia), Michael E. Auer (Austria), Dubravko Babić (Croatia), Snježana Babić (Croatia), Almir Badnjevic (Bosnia and Herzegovina), Marko Banek (Croatia), Mirta Baranović (Croatia), Bartosz Bebel (Poland), Ladjel Bellatreche (France), Petar Biljanović (Croatia), Eugen Brenner (Austria), Ljiljana Brkić (Croatia), Gianpiero Brunetti (Italy), Marian Bubak (Poland), Andrea Budin (Croatia), Željko Butković (Croatia), Željka Car (Croatia), Jesús Carretero Pérez (Spain), Matjaž Colnarič (Slovenia), Alfredo Cuzzocrea (Italy), Marina Čičin-Šain (Croatia), Marko Čupić (Croatia), Davor Davidović (Croatia), Marko Delimar (Croatia), Saša Dešić (Croatia), Todd Eavis (Canada), Maurizio Ferrari (Italy), Tiziana Ferrari (Netherlands), Bekim Fetaji (Macedonia), Nikola Filip Fijan (Croatia), Renato Filjar (Croatia), Tihana Galinac Grbac (Croatia), Enrico Gallinucci (Italy), Dragan Gamberger (Croatia), Paolo Garza (Italy), Liljana Gavrilovska (Macedonia), Ivan Gerlič (Slovenia), Matteo Golfarelli (Italy), Stjepan Golubić (Croatia), Montserrat Gonzales (United Kingdom), Francesco Gregoretti (Italy), Stjepan Groš (Croatia), Niko Guid (Slovenia), Jaak Henno (Estonia), Ladislav Hluchy (Slovakia), Željko Hocenski (Croatia), Vlasta Hudek (Croatia), Darko Huljenic (Croatia), Željko Hutinski (Croatia), Robert Inkret (Croatia), Mile Ivanda (Croatia), Hannu Jaakkola (Finland), Matej Janjić (Croatia), Leonardo Jelenković (Croatia), Rene Jerončić (Croatia), Dragan Jevtić (Croatia), Admela Jukan (Germany), Robert Jones (Switzerland), Peter Kacsuk (Hungary), Aneta Karaivanova (Bulgaria), Tonimir Kišasondi (Croatia), Marko Koričić (Croatia), Tomislav Kosanović (Croatia), Dieter Kranzlmüller (Germany), Marko Lacković (Croatia), Erich Leitgeb (Austria), Maria Lindén (Sweden), Dražen Lučić (Croatia), Marija Marinović (Croatia), Ludek Matyska (Czech Republic), Mladen Mauher (Croatia), Igor Mekjavic (Slovenia), Igor Mekterović (Croatia), Branko Mikac (Croatia), Veljko Milutinović (Serbia), Nikola Mišković (Croatia), Vladimir Mrvoš (Croatia), Jadranko F. Novak (Croatia), Predrag Pale (Croatia), Jesus Pardillo (Spain), Nikola Pavešić (Slovenia), Branimir Pejčinović (United States), Dana Petcu (Romania), Juraj Petrović (Croatia), Damir Pintar (Croatia), Željka Požgaj (Croatia), Slobodan Ribarić (Croatia), Janez Rozman (Slovenia), Rok Rupnik (Slovenia), Dubravko Sabolić (Croatia), Zoran Skočir (Croatia), Ivanka Sluganović (Croatia), Mario Spremić (Croatia), Vlado Sruk (Croatia), Stefano Stafisso (Italy), Uroš Stanič (Slovenia), Ninoslav Stojadinović (Serbia), Jadranka Šunde (Australia), Aleksandar Szabo (Croatia), Laszlo Szirmay-Kalos (Hungary), Davor Šarić (Croatia), Dina Šimunić (Croatia), Zoran Šimunić (Croatia), Dejan Škvorc (Croatia), Velimir Švedek (Croatia), Antonio Teixeira (Portugal), Edvard Tijan (Croatia), A Min Tjoa (Austria), Roman Trobec (Slovenia), Sergio Uran (Croatia), Tibor Vámos (Hungary), Mladen Varga (Croatia), Marijana Vidas-Bubanja (Serbia), Mihaela Vranić (Croatia), Boris Vrdoljak (Croatia), Slavomir Vukmirović (Croatia), Yingwei Wang (Canada), Mario Weber (Croatia), Roman Wyrzykowski (Poland), Damjan Zazula (Slovenia)