|
Presented papers written in English and published in the Conference proceedings will be submitted for posting to IEEE Xplore.
Technical Track
Chair: Stjepan Groš |
S. Ribić, A. Salihbegović (Elektrotehnički fakultet u Sarajevu, Sarajevo, Bosnia and Herzegovina), A. Huseinović (Enit d.o.o., Sarajevo, Bosnia and Herzegovina) Disabling Same Origin Policy for Automatization of Webform Data Entry
There is plenty of common user interfaces for inserting data on computer systems. Depending on concrete situation different approaches are being used. There is often a need to use web based user interfaces for data insertion, but the automation for data insertion in web applications is rarely being used. That is because user lacks information about scripts that can be and that are executed in background. JavaScript may enable automation of form filling but this requires that script written in JavaScript has to be executed on the same server where the form is being processed. This is security measure known as the Same origin policy. Modern web browsers have follow the policy. However, if needed some of the browsers support disabling the policy. This paper will review the methods, and present the data entry using JavaScript code.
|
S. Afonin (Moscow State University, Moscow, Russian Federation) Towards a Rule-based Access Control Framework for Distributed Information Systems
Rule-based access control is a powerful and flexible paradigm for specifying security policies in information systems. Access may be granted or declined depending on object's and subject's properties, or the context of the request, such as current time. Complex access control rules are typically implemented at application level. In this paper we describe a framework targeted to separation of access control rules from the main application logic. It is assumed that access policies are managed in a distributed fashion (discretionary access control), objects are stored in relational database, and requests are independent. Such assumptions correspond to a RESTful web application. A trade-off between rules flexibility, efficiency and decidability of verification problems is considered. We describe a proof of concept implementation.
|
D. Hrestak, S. Picek (Fakultet elektrotehnike i računarstva, Zagreb, Croatia), Ž. Rumenjak (Shout em, Zagreb, Croatia) Improving the Android Smartphone Security Against Various MalwareThreats
Android is one of the most popular operating systems for mobile devices in the world today. One of its greatest advantages, that being an open source operating system, represents also one of its major drawbacks. There exists a number of malicious programs that can harm devices running any operating system, including Android. In accordance to that, having a system that is secure presents a goal of a paramount importance. However, the fact that the improvements in the security often come with a penalty in the usability can present a problem. Furthermore, it is difficult to give a good answer to a question when a system is secure enough since that heavily
depends on the user’s needs.
In this paper we start with a short overview of different threats occurring on Android devices. Next, we investigate several avenues how to improve the security of Android device through customizations of the operating system. Finally, we show how to improve the security of a device when regarding various applications one wants to install on a device.
|
I. Sanchez, R. Satta, R. Giuliani, G. Baldini (European Commission - DG JRC, Ispra, Italy) Detection of DECT Identity Spoofing through Radio Frequency fingerprinting
Digital Enhanced Cordless Telecommunications (DECT) is an European Telecommunications Standards Institute standard for short-range cordless communications with a large worldwide installed customer base, both in residential and professional environments. Like in other wireless standards, the usage of active attacks against the security and privacy of the communications, involving identity spoofing, is well documented in the literature. Although the detection of spoofing attacks has been extensively investigated in the literature for other wireless protocols, very limited research has been conducted on their detection in DECT communications.
In this paper, we describe an effective method for the detection of identity spoofing attacks on DECT communications using a radio frequency fingerprinting technique. The approach we present uses intrinsic features of the front end of DECT base stations as device fingerprints and uses them to distinguish between legitimate and spoofing devices. The results of measurement campaigns and the related analysis are presented and discussed.
|
R. Sparrow, A. Adekunle, R. Berry, R. Farnish (University of Greenwich, Chatham, United Kingdom) Study of Two Security Constructs on Throughput for Wireless Sensor Multi-Hop Networks
With the interconnection of devices becoming more widespread in society (i.e. internet of things), networked devices are used in a range of environments ranging from smart grids to smart buildings. Wireless Sensor Networks (WSN) have commonly been utilised as a method of monitoring set processes. In control network, WSN have been deployed to perform a range of tasks (i.e. collate and distribute data from an actuator to an end device). However, the nature of the wireless broadcast mediums allows potential attackers to conduct active and passive attacks. Cryptography is selected as a countermeasure to overcome these security vulnerabilities, however, a drawback of using cryptography is reduced throughput. This paper investigates the impact of software security constructs on the throughput of multiple hop WSN networks with tests conducted in a simulated environment. A case scenario is also presented in this paper to emphasise the impact in a real world context. Results disseminated infer that the security constructs examined in this paper affect the total throughput measurements up to four hops.
|
D. Cavdar (Middle East Technical University, Ankara, Turkey), E. Tomur (İzmir Institute of Technology, İzmir, Turkey) A Practical NFC Relay Attack on Mobile Devices Using Card Emulation Mode
In this paper, a practical card-emulated relay attack is implemented on Near Field Communication (NFC) equipped mobile devices. NFC is promising communication technology which is also used in smart mobile devices. As an effective and flexible communication technology, NFC is frequently used in innovative solutions nowadays such as payments, access control etc. Because of nature of these transactions, security is a critical issue that should be considered in system design and development phases. On the other hand, stable security solutions are not fully offered for NFC enabled systems in the literature. Although inherited from Radio Frequency Identification (RFID) technology, NFC security needs, requirements and solutions differ in terms of its usage areas and solutions. Based on these parameters, security precautions in communication layer of RFID technology do not prevent relay attacks occurred in the application layer NFC solutions. This study is conducted to prove relay attack practicability with using only mobile phones for relaying credentials instead of RFID based smart cards in an access control application. The Host Card Emulation (HCE) mode as a one of the operational mode of NFC which is recently allowed to be used in applications also eases relay attacks in NFC communication. The study explains the conceptual description of proposed relay attack, development and operating logic of mobile applications working based on card emulation mode and server software also data communication basics between modules and web services descriptions.
|
R. Petrunić (EDURON IS, Jastrebarsko, Croatia) Honeytokens as active defense
Web applications are one of the mostly attacked platforms today, and because of that new ways to break into the web applications are being invented almost on a daily bases, allowing attackers to steal users personal data, credit card numbers, and conduct many other frauds related to data and applications hosted on the Internet servers and databases.
Some of the reasons that web applications are constantly attacked is 24/7 availability, mix of technologies used to provide needed functionality, interesting data in the backend databases and easy way to avoid punishment for crimes committed against web sites and website users/owners. There is also an aspect related to cybercrime and cyber warfare that is marching throughout the planet in the last few years, exposing more and more personal data in highly sophisticated and targeted attacks.
In most of the cases, the attack starts with scanning and vulnerability scanning of web application, that consist of testing all of the parameters the application uses against the database of well-known attack vectors (for example, OWASP project TOP 10) and vulnerabilities. This is really loud process and it is easily recognizable on the server side and in most of the cases it could be stopped by using WAF (Web Application Firewall). The problem is that WAF could only prevent known attack vectors, and additional protection is mandatory in modern web applications.
This paper will try to summarize few different ways that web application could be written in order to identify, isolate and track the hacker during the attack process. The concept presented in this paper is so called honeytoken – a value the application is using in databases, files, parameters, etc., which should never be changed or touched by the application in normal application lifecycle.
|
Break
|
Policy and Risk Track
Chair: Stjepan Groš |
M. Štampar (Zavod za sigurnost informacijskih sustava, Zagreb, Croatia), K. Fertalj (Fakultet elektrotehnike i računarstva, Zagreb, Croatia) Artificial Intelligence in Network Intrusion Detection
In the beginning of the Internet era detection of network attacks has solely been done by human operators. They anticipated network anomalies in front of consoles, where based on their expert knowledge applied necessary security measures. With the exponential growth of network bandwidth, this task slowly demanded substantial improvements in both speed and accuracy. One proposed way how to achieve this has been the usage of artificial intelligence (AI), progressive and promising computer science branch, particularly one of its subfields – machine learning (ML) – where main idea is learning from data. In this paper author will try to give a general overview of AI and ML algorithms, with main focus on their usage for network intrusion detection.
|
J. Vukalović, D. Delija (INsig2 d.o.o., Zagreb, Croatia) Advanced Persistent Threats – Detection and Defense
The term “Advanced Persistent Threat” refers to a well-organized, malicious group of people who launch stealthy attacks against computer systems of specific targets, such as governments, companies or military. The attacks themselves are long-lasting, difficult to expose and often use very advanced hacking techniques. Since the attacks are advanced in nature, prolonged and persistent, the organizations behind them have to possess a high level of knowledge, advanced tools and competent personnel to execute them. The attacks are usually preformed in several phases – reconnaissance, preparation, execution, gaining access, information gathering and connection maintenance. In each of the phases attacks can be detected with different probabilities. There are several ways to increase the level of security of an organization in order to counter these attacks. First and foremost, it is necessary to educate users and system administrators on different attack vectors and provide them with knowledge and protection so that the attacks are unsuccessful. Second, implement strict security policies. That includes access control and restrictions (to information or network), protecting information by encrypting it and installing latest security upgrades. Finally, it is possible to use software IDS tools to detect such attacks (e.g. Snort, OSSEC, Sguil).
|
I. Sedinić, T. Perušić (Hrvatski Telekom d.d., Zagreb, Croatia) Security Risk Management in Complex Organization
Abstract: Security Risk Management is foundation and starting point for implementation of security measures in any organization and challenge by itself. But in complex organizations there are additional challenges, how to align IT Security Risk Management with overall Security Risk Management and later with company’s overall Risk Management. When organization is part of some international corporation, corporative rules also need to be followed in addition to legal and regulation rules. In telecom industry in regular operations also is very important that security assessment could be performed in short timeslot as support for operational decisions. Croatian Telecom as a part of Deutsche Telecom Group is facing all of this issues in addition to ISO 27001 requirements according which company is certified. To solve the challenge, company developed three methodologies for Information Security Risk Management. All of these methodologies are merged in common Risk Register as well as aligned with Corporate Risk Management. In this paper each Information Security Risk Management methodology will be described including its application area, as well as how recognized security risks are shown in common Risk Register and how they relate to Corporate Risk Management.
|
Privacy Track
Chair: Tonimir Kišasondi |
S. Vukojević (HAKOM, Zagreb, Croatia) Violation of User Privacy by IPTV Packet Sniffing in Home Network
The aim of this paper is to determine the possibility of learning about and the quantity of collected information about the habits of users of Internet Protocol television (IPTV) in Croatia on the basis of unauthorised monitoring of the IPTV traffic in the users’ home network.
The experimental part of the presented work includes collecting IPTV traffic in home networks of IPTV users of the two largest electronic communications operators in Croatia while preforming ordinary user activities (initiating the STB devices, switching TV channels, using EPG, program recording, using video on demand etc.). The paper does not explore the possibility and the manner of achieving the unauthorised access to the users’ home network itself; instead, it is assumed that it has already been obtained.
Based on the gathered data, each user’s action is analysed from the aspect of indicating users’ behavioral habits and the violation of their privacy. The results of the conducted analysis presented in the paper provide an overview of gathered information and some concluding remarks regarding the possibility of violation of privacy by IPTV traffic sniffing in the user’s home network.
|
M. Žagar, D. Mendeš Poljak (Tehničko Veleučilište Zagreb, Zagreb, Croatia) Have we been monetized and become commodity without our consent - Privacy in the time of Big Data Technology
U ovom radu bit će kritički diskutirana pitanja zaštite osobnih podataka u eri Big Data tehnologije na praktičnoj i zakonskoj razini . Prema Ericu Schmidtu, Google CEO-u, količina podataka koja se danas generira u samo dva dana jednaka je količini podataka koja se generirala od početka civilizacije do 2003. godine. Skup tehnologija koji se koristi za spremanje i analiziranje velike količine podataka nazivamo Big Data, a danas se primjenjuje u raznim aspektima ljudskog djelovanja. Kako se u Big Data tehnologiji koriste strukturirani i nestrukturirani izvori podataka nameće se pitanje što je s osobnim podacima i zaštitom privatnosti? Da li i na koji način različite tvrtke, agencije ili službe prikupljaju i analiziraju osobne podatke iz socijalnih mreža da bi povećali svoju efikasnost, da bi ostvarili dobit ili da bi povećani ukupnu sigurnost građana. Da li su osobni podaci koji se svakodnevno spremaju i analiziraju postali roba? Zakon o zaštiti osobnih podataka uređuje zaštitu osobnih podataka o fizičkim osobama te nadzor nad prikupljanjem, obradom i korištenjem osobnih podataka u Republici Hrvatskoj. Odredbe ovog Zakona primjenjuju se na obradu osobnih podataka od strane državnih tijela, tijela lokalne i područne (regionalne) samouprave te pravnih i fizičkih osoba koje obrađuju osobne podatke.
|
Accepted Papers
|
Security Awareness and Education Track
Chair: Tonimir Kišasondi |
V. Taneski, M. Heričko, B. Brumen (University of Maribor, Faculty of electrical engineering and computer science, Maribor, Slovenia) Impact of Security Education on Password Change
Background: Passwords are the most common authentication method for most information systems. Despite the fact that they suffer from a number of problems that still exist today, passwords are still widely used. Users and their passwords are the Achille's heel (the weakest link) of security, because they tend to create passwords that are weak, easy to remember and contain words that a familiar to them. They also tend to trade security for memorability. Users' lack of security consciousness and their behaviour can be influenced by information security training.
Objective: Our research explores the effect of password security training on strength of the passwords chosen by the users and their consciousness about security and the importance of creating strong and hard-to-guess passwords. The objective of this paper is to explore possible differences in the quality of passwords between students from different faculties with different foreknowledge and education about passwords and security. In this paper we analyse the passwords of the students from the Faculty of Tourism and compare the results to the ones from the Faculty of electrical engineering and computer science, published in our previous work.
Methods: We collected the data by means of an online questionnaire, performed among undergraduate students from the Faculty of electrical engineering and computer science and the Faculty of Tourism at the University of Maribor. The survey consisted of two phases. Between the two phases, the students received lectures about the importance of creating strong and secure passwords, how to choose such passwords and how to manage them.
Results: We observe an improvement in the characteristics of the passwords for the desktop and University accounts in the second phase of the study. The results from the first phase show that users rarely write their passwords down, but never change them since their first use, or change them less than once a year. The results from the second phase show that despite our lectures and recommendations, most users (23.53% for the notebook account, 82.35% for the University, and 35.29% for the Google account) did not change their passwords after attending the lectures.
Conclusion: The lectures and recommendations had a positive effect regarding users’ password characteristics, but not quite positive regarding password change. Despite our efforts to educate the users about the importance of frequent password change, a large percent of users did not change their passwords following the lectures. The overall conclusion of this preliminary study is that users still lack of security knowledge regarding password change and need to be further educated in this direction.
|
K. Šolić (Medicinski fakultet, Osijek, Croatia), T. Velki (Fakultet za odgojne i obrazovne znanosti, OSIJEK, Croatia), T. Galba (Elektrotehnički fakultet, Osijek, Croatia) Empirical study on ICT system’s users' risky behavior and security awareness
In this study authors gathered information on ICT users from different Croatian areas with different knowledge, experience, working place, age and gender background in order to get picture on today's situation in Republic Croatia (n=703) regarding ICT users' potentially risky behavior and security awareness. Validated questionnaire Users’ Information Security Awareness Questionnaire (UISAQ) was used.
Analysis results represent overall grades of ICT users in Croatia regarding 6 subareas (grade equals average from one to five): Usual risky behavior (u1=4.52), Personal computer maintenance (u2=3.18), Borrowing access data (u3=4.74), Criticism on security in communications (u4=3.48), Fear of loosing data (u5=2.06), Rating importance of backup (u6=4.18). In this work comparison between users regarding demographic variables (age, gender, professional qualification, occupation, management position, institution category and geographic area) is given.
Maybe the most interesting information is percentage of questioned users that have reviled their password for professional e-mail system (29.1 %). This information should alert security experts and security managers in companies, government institutions and also schools and faculties.
Results of this study should be used to develop solutions and induce actions with aim to raise awareness among Internet users on information security and privacy issues.
|
B. Brumen, V. Taneski (University of Maribor, Faculty of electrical engineering and computer science, Maribor, Slovenia) Moore's Curse on Textual Passwords
Background: Passwords are still the predominant way of authentication in information systems, and are mostly at user's responsibility. They conceive, use, re-use, abuse and forget passwords. In absence of strict password policies and at minimum required user training, passwords tend to be short, easy to remember, connected to the user's personal or professional life and consequently easy to break. The additional problem with passwords is their aging: Moore's law is affecting the available computing power to crack passwords and those deemed secure today may easily be broken in the near future.
Objective: The aim of this paper is to study various scenarios of the effect the Moore's law is having on passwords and their security. In addition, advancements in other fields, e.g. quantum computing and Internet of Things, are taken into the account.
Method: We analized various password types and the lengths required to withstand an off-line brute-force attack. The analysis was performed under various scenarios and combinations thereof: the Moore's law will continue to be in the effect for years to come with varying parameters, quantum computing will become feasible, improvements in hash tables computations will speed up the cracking process, and others.
Results: The paper shows the minimum password length in characters for each password type under various scenarios. Even the most optimistic scenario shows that the minimum required password length today should be of 11 randomly drawn characters, rendering most of the passwords inappropriate due to their poor memorability.
Conclusion: The current textual passwords are coursed by the Moore's law and other advancements in the field. Soon, classical textual passwords will need to be replaced by other mechanisms, which are, fortunately, already emerging.
|
Digital Forensics Track
Chair: Tonimir Kišasondi |
D. Delija (Insig2 d.o.o, Zagreb, Croatia) Concepts and Methodology in Mobile Devices Digital Forensics Education and Training
This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education.
|
K. Hausknecht, D. Foit, J. Burić (INsig2 d.o.o., Zagreb, Croatia) RAM Data Significance in Digital Forensics
In present modern times when operating systems require larger amounts of RAM or Random Access Memory, we usually come across computers with 4 GB RAM, but given the price drops, it is quite usual to come across computers with 64 GB Random Access Memory as well. By imaging this part of computer memory and by performing forensics analysis of the data located in RAM, it can be easily concluded that performing RAM imagining and analysis should be one of the essential procedures in any forensic investigation. This paper will show the importance of forensics of active computers and artefacts which can be found as well as methods, procedures and tools which are used for extracting and analyzing data from Random Access Memory. Furthermore, it will be shown that sometimes in forensic investigations, data contained in RAM can contain enough evidence to solve the whole case and actually be everything you really need.
|
D. Foit, J. Vukalović, K. Hausknecht (INsig2 d.o.o, Zagreb, Croatia) Competencies and Skills needed for Digital Forensic Trainer
Today we live in a time where everything is digitalized and technology moves rapidly forward. This big technology progress is closely linked to increase of cybercrime. In an effort to fight e-crime and to collect relevant digital evidence, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. They are challenged by the need to train officers and specialists to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems and mobile devices. With a lack of resources to send new people to the trainings, very often recently trained officers and experts become trainers to their colleagues. This role demands specific competencies and skills that can be learned on specialized courses. Based on an empirical analysis done on specimen of 20 experienced digital forensic specialists, this paper shows results of this research, offers explanation of competencies and skills needed for digital forensic trainer and helps law enforcement agencies as well as the private sector to recognize potential trainers in their ranks, and helps them in their fight with the e-crime.
|
J. Burić, D. Delija (INsig2 d.o.o., Zagreb, Croatia) Challenges in Network Forensics
Network forensics is a branch of digital forensics that focuses on monitoring, capturing, recording, and analysis of network traffic. More accurately, it is the use of scientifically proved techniques to collect and analyze network packets and events for investigative purposes. Network forensics is an extension of the network security model which traditionally emphasizes prevention and detection of network attacks. Current network forensics approaches are costly and time consuming. However, unlike other areas of digital forensics, network forensics deals with volatile and dynamic data. It helps organizations to investigate attacks that originated from outside and inside of the company. It’s also important for law enforcement agencies when solving crimes. Paper presents different challenges that are facing investigators due to the rapid growth of network and attacker’s skill, and possible framework solutions that would help to solve or minimize problems.
|
K. Hajdarevic (University Sarajevo, Faculty of Electrical Engineering, Sarajevo, Bosnia and Herzegovina), V. Dzaltur (International Burch University, Sarajevo, Bosnia and Herzegovina) An Approach to Digital Evidence Collection for Successful Forensic Application: An Investigation of Blackmail Case
Every computer forensic case is unique and in this paper we presented case where network resources were used to collect computer digital evidences of company blackmail attempt by one of the employee responsible for data base administration. Evidences were collected with goal that collected data can be used as legally admissible, while whole forensic operation was confidential to avoid any disturbance of blackmail organizer and thus for to reduce risk of deleting and hiding data and other evidences if knowledge is shared that forensic is in process. After successful evidence collection process it was clear that employee committed blackmail and it was clear case for employer to take one of actions such as: face employee with evidences, start legal action, and / or call law enforcement agenicies.
|
Panel |
Cyber Security Strategy |
|
Basic information:
Chairs:
Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia), Željko Hutinski (Croatia)
International Program Committee Chairman:
Petar Biljanović (Croatia)
International Program Committee:
Alberto Abello Gamazo (Spain), Slavko Amon (Slovenia), Vesna Anđelić (Croatia), Michael E. Auer (Austria), Mirta Baranović (Croatia), Ladjel Bellatreche (France), Eugen Brenner (Austria), Andrea Budin (Croatia), Željko Butković (Croatia), Željka Car (Croatia), Matjaž Colnarič (Slovenia), Alfredo Cuzzocrea (Italy), Marina Čičin-Šain (Croatia), Marko Delimar (Croatia), Todd Eavis (Canada), Maurizio Ferrari (Italy), Bekim Fetaji (Macedonia), Tihana Galinac Grbac (Croatia), Paolo Garza (Italy), Liljana Gavrilovska (Macedonia), Matteo Golfarelli (Italy), Stjepan Golubić (Croatia), Francesco Gregoretti (Italy), Stjepan Groš (Croatia), Niko Guid (Slovenia), Yike Guo (United Kingdom), Jaak Henno (Estonia), Ladislav Hluchy (Slovakia), Vlasta Hudek (Croatia), Željko Hutinski (Croatia), Mile Ivanda (Croatia), Hannu Jaakkola (Finland), Leonardo Jelenković (Croatia), Dragan Jevtić (Croatia), Robert Jones (Switzerland), Peter Kacsuk (Hungary), Aneta Karaivanova (Bulgaria), Dragan Knežević (Croatia), Mladen Mauher (Croatia), Igor Mekjavic (Slovenia), Branko Mikac (Croatia), Veljko Milutinović (Serbia), Vladimir Mrvoš (Croatia), Jadranko F. Novak (Croatia), Jesus Pardillo (Spain), Nikola Pavešić (Slovenia), Vladimir Peršić (Croatia), Goran Radić (Croatia), Slobodan Ribarić (Croatia), Janez Rozman (Slovenia), Karolj Skala (Croatia), Ivanka Sluganović (Croatia), Vlado Sruk (Croatia), Uroš Stanič (Slovenia), Ninoslav Stojadinović (Serbia), Jadranka Šunde (Australia), Aleksandar Szabo (Croatia), Laszlo Szirmay-Kalos (Hungary), Davor Šarić (Croatia), Dina Šimunić (Croatia), Zoran Šimunić (Croatia), Dejan Škvorc (Croatia), Antonio Teixeira (Portugal), Edvard Tijan (Croatia), A Min Tjoa (Austria), Roman Trobec (Slovenia), Sergio Uran (Croatia), Tibor Vámos (Hungary), Mladen Varga (Croatia), Marijana Vidas-Bubanja (Serbia), Boris Vrdoljak (Croatia), Robert Wrembel (Poland), Damjan Zazula (Slovenia)
Registration / Fees:
REGISTRATION / FEES
|
Price in EUR
|
Before May 11, 2015
|
After May 11, 2015
|
Members of MIPRO and IEEE |
180
|
200
|
Students (undergraduate and graduate), primary and secondary school teachers |
100
|
110
|
Others |
200
|
220
|
Contact:
Stjepan Groš
Faculty of Electrical Engineering and Computing
Unska 3
HR-10000 Zagreb, Croatia
E-mail: stjepan.gros@fer.hr
Opatija - 170 years of tourism:
Opatija – the cradle of European and Croatian tourism, a favourite destination of the aristocracy, film and music stars, artists, writers and visitors from all over the world, who come here every year to enjoy the charm of this Adriatic town – this year celebrates its 170th anniversary as a tourist resort.
This is a tradition that provides certain obligations, but is also a guarantee of quality. The reputation of a top destination that stretches back seventeen decades is today reflected in the wide range of facilities and services on offer that all together make Opatija an attractive destination for all seasons.
Opatija owes its unique image to its ideal location on the spot where the wooded slopes of Mount Učka descend all the way down to the coast, providing perfect shade along the thirteen-kilometre-long Lungomare seafront promenade. Just as the Opatija area is a meeting point of the sea and the mountain, its visual impression is a blend of different styles, as this is a melting pot where magnificent Central European elegance, playful Mediterranean charm and the historically-rich medieval architecture of the small towns in the hinterland come together.
In addition to the architecture that leaves a strong impression on every visitor, especially when the town is viewed from the sea, and its lush parks and gardens that have been Opatija's trademarks since its beginnings as a tourist resort, Opatija also has hotels and restaurants whose quality ranks alongside that of any other European destination. Opatija's gastronomic offer is based on a Mediterranean cuisine rich in fresh fish and seafood and locally grown seasonal ingredients, while the traditional recipes of this region reveal a wealth of flavours and can be sampled in the area's numerous taverns.
Opatija entered the European stage in the mid-19th century as a health resort for the European nobility, and health tourism has remained one of the main segments of the town's tourism offer right up to the present day. However, top medical experts and a wide range of spa & wellness services are just one of the reasons for visiting this town located at the top of Kvarner Bay. Also known as "the town of festivals", Opatija boasts a number of events throughout the year. The theatrical performances and concerts that take place at the magnificent Open Air Theatre are particularly impressive.
For more details please look at www.opatija.hr/ and www.opatija-tourism.hr/.
|
|
|
Currently there are no news |
|
|
|
|