|
|
Presented papers in English will be submitted for inclusion in the IEEE Xplore Digital Library.
| Papers |
C. Yang (National Taiwan University of Science and Technology, Taipei, Taiwan), C. Kao (Academia Sinica, Taipei, Taiwan), Y. Lai, N. Lo (National Taiwan University of Science and Technology, Taipei, Taiwan)
Privacy-Preserving Encryption-Domain Video Retrieval over the Cloud via Block Transformations of Key Frames 
Thanks to the popularity of mobile devices and convenience of cloud computing environment, more and more people are getting use to store their captured video in the cloud; however, there’s no guarantee that the stored information is not accessible to the cloud computing server, thus leading to the concern of privacy. A naïve approach to encrypt all videos before uploading them to the cloud does protect the privacy, but at the expense of seriously affecting the retrieval performance as every encrypted video should be downloaded, decrypted, and compared with the query request. We proposed to perform the video retrieval directly in the encrypted domain, i.e., in the cloud while only the desired ones will be retrieved and decrypted.
|
Y. Lai, K. Zhou, S. Lin (National Taiwan University of Science and Technology, Taipei, Taiwan), N. Lo (National Taiwan University of Science and Technology , Taipei, Taiwan)
Flow-based Anomaly Detection Using Multilayer Perceptron in Software Defined Networks
For high-speed networks, this paper developed a flow-based anomaly detection system for reducing the overhead in Software Defined Networks (SDN). The controller in SDN uses a deep learning technique, Multilayer Perceptron (MLP), to automatically generate the weights for detecting the anomaly. We investigate the activation functions and the number of hidden layers used in MLP to compare flow-based MLP (FBM) and packet-based MLP (PBM). The results show that FBM is a better solution than PBM because it has lower false positive rate when true positive rate is high. Also FBM can provide lower overhead because PBM spends 123% time over FBM on establishing the MLP model.
|
O. Ur-Rehman (University of Siegen, D-57068 Siegen, Germany), N. Zivic, C. Ruland (University od Siegen, D-57068 Siegen, Germany)
An Overview of Automotive Security Standards
Traditional vehicle standards, such as ISO 26262-1:2011, were focused mainly on reliability and functional safety aspects. Due to the demand for increased connectivity and the emergence of autonomous driving systems, security of vehicles is becoming ever more relevant and important. Modern vehicles are a part of the cyber physical world and can be attacked from the Internet. These security needs can be addressed at many levels such as secure design and development of the software running on the Electronic Control Units, secure bus networks as well as secure connectivity to the outside world, e.g., the Internet. Unfortunately, until now there are no global standards dedicated to vehicular security. The good news is that recently some standardization activities have started to support the security aspects of the vehicles. This includes addressing the security on many levels, such as secure programming guidelines (e.g., MISRA), threat analysis and risk assessment (e.g., SAE J3061), cyber security engineering of road vehicles, (e.g., ISO/SAE 21434) and connectivity to the backend (e.g., ISO 20078). In this paper an overview of these security standards is given.
|
D. Sladović, D. Topolčić, K. Hausknecht (INsig2, Zagreb, Croatia), G. Sirovatka (Zagreb University of Applied Sciences, Zagreb, Croatia)
Investigating Modern Cars
Car forensic is one of the branches of digital forensics that is recently becoming more and more popular and important. Because of the accelerated growth of technology and its implementation in various industries, modern cars have additional features to raise the level of security, improve the driving experience, and now add the advanced option to connect the car to the internet. The possibilities today are much more advanced, which means that today’s cars can drive autonomously, read the email, respond to messages, automatically receive software updates over the internet that provide new features. Today “smart” cars can even be controlled over the key fob or mobile app.
This paper will show common information that can be found in the car; who drove it, how he drove, where and in what state did he drive, information that is related to the car and its mechanics, all the synchronized information etc. It will also explain the extraction process, software used for the extraction, and which difficulties the forensic examiner can encounter during the extraction. Furthermore, the information extracted may prove to be useful in resolving different types of crime, and it can show the importance of digital forensics of cars.
|
J. Lieponienė (Panevėžys University of Applied Sciences, Panevėžys, Lithuania)
Information Systems Audit in Higher Education Institutions
Information systems is an integral part of each higher school. Effective management of information systems helps higher education institutions to optimise their activities, to manage resources correctly and to achieve outlined objectives properly. However, information systems not only provide benefit but also cause risk. The development of higher education, growing requirements for higher education institutions encourage the installation of new information systems. However, it is not enough only to install a new system, it is necessary to adjust it in accordance with institution activity processes in order to use all the advantages. It is necessary to evaluate changes and be sensitive to them. In order to reduce risk information systems audit in higher schools becomes very important. Scientific literature often relates information systems audit with business companies and pay little attention to educational institutions. The article analyses existing methods of information systems audit, evaluates the need for and specific character of information systems audit in higher education institutions. The aim of the article is to assess the possibilities of the applying of information systems audit in higher education institutions.
|
| Break |
| Papers |
A. Aliti (South East European University, Tetovo, Macedonia), K. Sevrani (University of Tirana, Tirana, Albania)
A Security Model for Wireless Sensor Networks
State-of-the-art security frameworks have been extensively addressing security issues for web resources, agents and services in the Semantic Web. The provision of Stream Reasoning as a new area spanning Semantic Web and Data Stream Management Systems has eventually opened up new challenges. Namely, their decentralized nature, the metadata descriptions, the number of users, agents, and services, make securing Stream Reasoning systems difficult to handle. Thus, there is an inherent need of developing new security models which will handle security and automate security mechanism to a more autonomous system that supports complex and dynamic relationships between data, clients and service providers. We plan to validate our proposed security model on a typical application of stream data, on Wireless Sensor Networks (WSNs). In particular, WSNs for water quality monitoring will serve as a case study. The proposed model can be a guide when deploying and maintaining WSNs in different contexts. Moreover, this model will point out main segments which are most important in ensuring security in semantic stream reasoning systems, and their inter-relationships. In this paper we will propose a security framework to handle most important issues of security within WSN. The security model in itself should be an incentive for other researchers in creating other models to improve information security within semantic stream reasoning systems.
|
N. Luburić, G. Sladić, B. Milosavljević (Faculty of Technical Sciences, University of Novi Sad, Novi Sad, Serbia)
Utilizing a Vulnerable Software Package to Teach Software Security Design Analysis
As the number of threats and attacks to software systems increases, more attention is given to secure software engineering practices, such as secure coding and security testing. More abstract activities, such as security design analysis, require extensive security expertise from software engineers. Unfortunately, such knowledge is scarcely available, as it is an area that is both difficult to teach and learn.
We developed a framework for teaching security design analysis, which is built around the hybrid flipped classroom and case study analysis. This paper enhances our framework by utilizing freely available vulnerable software packages as case studies for security design analysis. We illustrate the enhancement by using a mature vulnerable software package to construct a laboratory exercise dedicated to the security design analysis of threats originating from injection-based attacks. We provide guidance for the usage of our enhanced framework and outline a lab that can be utilized for a university course or a corporate training program dedicated to secure software engineering.
|
D. Delija, G. Sirovatka, D. Tuličić, M. Žagar, K. Hausknecht, D. Topolčić, S. Gruičić (TVZ, Zagreb, Croatia)
Implementation of Virtual Digital Forensic Class and Laboratory for Training, Education and Investigation
In this paper, we present theoretical development and practical implementation of digital forensic laboratory computing infrastructure in a private cloud environment. The idea is to develop a scalable environment of forensic workstations and management facilities to support both the learning process and practical work in digital forensic education. Experience gathered in this process will be later used for setting up a production digital forensic laboratory in a cloud environment.
|
L. Bošnjak, B. Brumen (UM FERI, Maribor, Slovenia)
Examining Security and Usability Aspects of Knowledge-Based Authentication Methods
Graphical passwords are considered to be one of the promising alternatives to conventional textual passwords. However, while offering potential theoretical improvements over their textual counterparts, it is important to evaluate how these authentication methods would fare in practice. In this study, we were interested in the user-generated passwords from the security and usability perspective. We conducted an experiment in which the participants were tasked to create and memorize three types of passwords: a textual password, a chess-based graphical password, and an association-based hybrid textual-graphical password. Two weeks after the initial registration, the users were prompted to login using their previously created passwords. By comparing the authentication methods, we showed that despite the graphical passwords’ advantages, the user-created chess passwords were the weakest, and the users had the most difficulty remembering them after the two-week period. On the contrary, the association-based passwords were just as strong and memorable as the textual passwords. The conclusions drawn from this paper are therefore two-fold: firstly, alternative authentication methods should be evaluated and compared against textual passwords in real-life scenarios to determine their practical value; and secondly, association-based approaches have the potential to augment both the security and memorability of the existing and novel authentication mechanisms.
|
B. Vukelić, B. Polonijo, M. Kaluža (VELEUČILIŠTE U RIJECI, RIJEKA, Croatia)
Survey on Astroturfing Awareness
This paper describes astroturfing as an organized effort to influence someone's thinking in order to gain benefit in various ways. Insufficient information and lack of critical thinking are good grounds for using false assumptions to influence the minds of others and their actions.
This paper focuses on the survey conducted among students of the Polytechnics Rijeka about astroturfing awareness or lack thereof.
The results show that astroturfing has to be taken seriously because it is a powerful tool for manipulation and a threat to the credibility of initiatives and organizations which has a negative impact on the entire Internet community. The most effective detection techniques are development of education and critical thinking and acquaintance with astroturfing and its methods.
|
| Papers |
K. Vulinović, L. Ivković, J. Petrović, K. Skračić, P. Pale (Fakultet Elektrotehnike i Računarstva, Zagreb, Croatia)
Neural Networks for File Fragment Classification
File fragment classification is an important step of file forensics in which filetypes are assumed based on their available content fragments. Methods typically used for this task utilize machine learning techniques on features like byte frequency distributions and fragment entropy measures. In this paper, a contribution to this field is made through exploration of novel approaches to the problem including feedforward artificial neural networks and convolution networks. Feedforward neural networks were trained with byte histograms and with byte-pair histograms, while convolution neural networks were trained with blocks consisting of 512 bytes of data obtained from the GovDocs dataset. The results suggest convolution neural networks are not as promising for this problem as feedforward artificial neural networks, and feedforward artificial neural networks showing promising results.
|
D. Gorbatenko, A. Semenov, S. Kochemazov (ISDCT SB RAS, Irkutsk, Russian Federation)
UnProVET: Using Explicit Constraint Propagation to Construct Attack Graphs
One of the important problems in network security consists in the construction and analysis of attack graphs which represent all possible attacks a malefactor can carry out within a specific computer network. In this paper we describe the software system for constructing such attack graphs. The system is based on the constraint propagation mechanisms which are very close to that employed by the algorithms for solving Constraint Satisfaction Problem (CSP) and its variants. Unlike several other known software systems for attack graph generation it employs explicit contraint propagation implemented using special data structures. The computational experiments show that the system has good performance and outperforms the competition in certain scenarios.
|
A. Luma (South East European University, Tetovo, Macedonia), B. Abazi (University for Business and Technology, Prishtina, Kosovo)
The Importance of Integration of Information Security Management Systems (ISMS) to the Organization's Enterprise Information Systems (EIS)
The interconnected information systems and networks drive the organizations into a critical situation that determines the need for explicit measures for information protection. The "culture of security" becomes a very important part of the business competition and security policy is a crucial component of business management. The organizations generate, use, store and transmit a huge amount of information which is vital to their functioning and prosperity. It is necessary the information be kept confidential when required, to be available when and where needed and protected from modification and loss of integrity. On this paper, I would like to explain the importance and the impact that information security management system may have on the general enterprise information system. This paper explains the processes that must be taken to integrate the ISMS to EIS, how this integration will help the organizations to protect their data and how this integration will affect on the growth of the business value and trust to the consumers.
|
T. Velki (Faculty of Education, J.J.Strossmayer University of Osijek, Osijek, Croatia), A. Mayer, J. Norget (Faculty of Arts and Humanities, Institute for Psychology, RWTH Aachen University, Aachen, Germany)
Development of a New International Behavioral-Cognitive Internet Security Questionnaire: Preliminary Results from Croatian and German Samples
In the last decade there is a much debate about scientific investigation of users’ information security awareness and adequate measurement of this problematic issue. This study is based on previous results obtained by validated Users' Information Security Awareness Questionnaire (UISAQ) and main critics about length and problem with international usage. The aim of this study was to develop new international short version of questionnaire. Authors gathered information on risky behavior and security awareness among 250 Croatian students using new developed Behavior-cognitive internet security questionnaire (BCISQ, Velki & Šolić, 2018) in English language and among 225 adult German people using same instrument translated in German language. Questionnaire consisted of 2 parts with total of 10 items. Model fit for both group (Croatian and German) was tested using program R. For both, Croatian and German models, results showed adequate fit of model which confirmed good construction of new instrument and international usage. For Croatian population slightly better results was obtained (CFI=0.97, TLI=0.96, RMSEA= 0.04, SRMR= 0.04) in comparison to German (CFI=0.93, TLI=0.90, RMSEA= 0.05, SRMR= 0.05). Furthermore, results showed that first part of questionnaire, that examine the common user’s risk behavior consist of 4 items and that second part, cognitive one that measures security awareness, should be split in two additional subscale, risk and importance due to large covariate (r=0.67 for Croatian population and r=.43 for German population) between last to questions on cognitive scale (modification indices on Croatian population = 110.54; modification indices on German population = 39.51). Future studies should try to develop third subscales (risk) of BCISQ and to test BCISQ in other cultures and in other languages.
|
| Break |
| Papers |
A. Đuranec, D. Topolčić, K. Hausknecht (INsig2, Zagreb, Croatia), D. Delija (Zagreb University of Applied Sciences, Zagreb, Croatia)
Investigating File Use and Knowledge with Windows 10 Artifacts
Windows 10 operating system is the most widely used operating system today that contains many programs for managing computer hardware and software. Looking from a digital forensics point of view these programs produce valuable records of user activities. In a forensic world, such records are known as Windows artifact which can be described as a system generated records of the user activities that have forensic value. Gaining deep understanding on how these records are created and what information they contain can help the examiner to acquire valuable data that can be used as evidence and support other evidence found on the computer. Furthermore, the artifacts can be a great way to focus on relevant data and reduce the need for full examination of constantly increasing data storage that examiners encounter.
Through this paper, the focus will be on analyzing different, fewer know artifacts, that aren’t supported by mainstream forensic tools because they vary between versions of Windows, resulting in the need for manual analysis. Their deep understanding is necessary to avoid misinterpreting their content which can result in wrong conclusions. Additionally, the paper presents the results of testing Windows 10 artifacts and free open-source tools used in the testing process.
|
T. Katulic (University of Zagreb, Zagreb, Croatia), N. Protrka (Police College Zagreb, Zagreb, Croatia)
Information Security in Principles and Provisions of EU Data Protection Law
Information security practices are a staple compliance mechanism ensuring the lawful processing and protection of personal data in the new European legal framework of Data Protection. Both the General Data Protection Regulation and the Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data contain recognizable principles of and provisions regarding information security methods and practices. The purpose of this paper is to analyze the new EU data protection framework from the perspective of information security requirements, especially from the perspective of the data controllers and processors and their obligations to ensure conditions for lawful and secure processing of personal data and comply with potential data subject requests.
|
A. Mars, W. Adi (Institute of Computer and Network Engineering, Braunschweig, Germany)
Fair Exchange and Anonymous E-Commerce by Deploying Clone-Resistant Tokens
The majority of E-commerce transactions reveal private information as customers identities, order contents and payment information during the transaction. Other personal information such as health conditions, religion, and even ethnicity may be also deduced. Even when deploying electronic cryptocurrencies such as Bitcoin, anonymity cannot be fully guaranteed. Also, many anonymous payment schemes suffer from possible double spending circumstances. E-commerce privacy is basically a difficult problem as it involves parties with concurring interests. Three major e-commerce requirements are highly difficult to resolve: anonymous purchase, anonymous delivery and anonymous payment. This work presents a possible e-commerce system to approach all three anonymity requirements for electronic items business on open networks. The system offers anonymous authentication mechanisms up to completing a fair anonymous e-commerce transaction. The system is based on deploying a physically clone-resistant hardware token for each relevant involved party. The tokens are made clone-resistant by accommodating a Secret Unknown Cipher (SUC) in each hardware-token as a digital PUF-like identity. A set of novel generic system-setup units, protocols and e-commerce schemes is introduced. The anonymity is basically approached by replacing some participating e-commerce entities by such relatively low-cost, unique and clone-resistant tokens/units using SUC. The units act as trustable anonymous, authenticated and non-replaceable entities controlled by their users.
|
|
Basic information:
Chairs:
Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia), Mario Spremić (Croatia)
Registration / Fees:
|
REGISTRATION / FEES
|
Price in EUR
|
|
EARLY BIRD
Up to 6 May 2019
|
REGULAR
From 7 May 2019
|
| Members of MIPRO and IEEE |
200
|
230
|
| Students (undergraduate and graduate), primary and secondary school teachers |
120
|
140
|
| Others |
220
|
250
|
The discount doesn't apply to PhD students.
Contact:
Stjepan Gros
University of Zagreb
Faculty of Electrical Engineering and Computing
Unska 3
HR-10000 Zagreb, Croatia
E-mail: stjepan.gros@fer.hr
The best papers will get a special award.
Accepted papers will be published in the ISSN registered conference proceedings. Presented papers in English will be submitted for inclusion in the IEEE Xplore Digital Library.
.............
There is a possibility that the selected scientific papers with some further modification and refinement are being published in the Journal of Computing and Information Technology (CIT).
Location:
 Opatija, with its 170-year-old tourism tradition, is the leading seaside resort of the Eastern Adriatic and one of the most famous tourist destinations on the Mediterranean. With its aristocratic architecture and style, Opatija has been attracting artists, kings, politicians, scientists, sportsmen, as well as business people, bankers and managers for more than 170 years.
The tourist offer in Opatija includes a vast number of hotels, excellent restaurants, entertainment venues, art festivals, superb modern and classical music concerts, beaches and swimming pools – this city satisfies all wishes and demands.
Opatija, the Queen of the Adriatic, is also one of the most prominent congress cities in the Mediterranean, particularly important for its ICT conventions, one of which is MIPRO, which has been held in Opatija since 1979, and has attracted more than a thousand participants from over forty countries. These conventions promote Opatija as one of the most desirable technological, business, educational and scientific centers in South-eastern Europe and the European Union in general.
For more details, please visit www.opatija.hr and visitopatija.com.
|
|
|
|
| Currently there are no news |
|
|
|
|
|