Hybrid Event

Event program

Wednesday, 5/22/2024 4:00 PM - 7:00 PM, Collegium, Grand hotel Adriatic, Opatija 4:00 PM - 7:00 PM Papers  1. K. Klasan, S. Seljan, I. Dunđer (University of Zagreb, Faculty of Humanities and Social Sciences, Zagreb, Croatia) Assessing Information Security Awareness among Secondary School Teachers  Every year there is a continuous increase in cyber threats all over the world. Threats appear in both the private and the public sectors. In Croatia, state services in the public sector are particularly affected. This is especially pronounced in schools of all levels of education. They are considered sources of confidential information, valuable to hackers, with relatively unprotected computer systems. In addition, insufficient knowledge of school employees and teachers about the dangers of cyber threats does not help either, and can result in uncertainty and confusion when crisis situations occur. The level of information security-related knowledge of every computer user is not the same, therefore this paper aims to investigate the awareness of information security among teachers. The authors decided to conduct a focused study on secondary school teachers in Karlovac County, examining their knowledge on potential threats and security measures. This research is based on a survey and subsequent quantitative and qualitative analyses. The results can provide insights into information security awareness levels and the current state of knowledge of employees in the public education system. This may also reveal topics that need to be addressed during lifelong learning activities to increase understanding of potential threats and appropriate countermeasures. 2. D. Delija, G. Sirovatka, M. Žagar (TVZ, Zagreb, Croatia) Forensic Analysis of the NIST Hacking Case: Integrating Autopsy Tools and Artificial Intelligence in Teaching Digital Forensics  This article examines the forensic analysis of the NIST Hacking Case, where an abandoned laptop was found with potential traces of hacking. Through the use of the forensic tool Autopsy and consultation with ChatGPT, students conducted in-depth analysis, identifying artifacts, clues, and attempting to link the computer to the suspect. The results of the analysis, the methodology used during the research and the identified challenges provide insight into contemporary approaches to digital forensics. 3. A. Cerimagic-Hasibovic, A. Tanovic (Faculty of Electrical Engineering/Department of Computer Science, University of Sarajevo, Sarajevo, Bosnia and Herzegovina) Review of ISO 9001:2015 and ISO 27001:2013 implementation in financial institution – case study  In today’s technologically-driven world, protecting ICTs (Information and Communication Technologies) is of great importance. Due to the amount of personal data and the obligations of high transaction accuracy, financial institutions such as banks and insurance companies are even more sensitive to data protection. On the business side, ICT is fundamental for day-to-day operations, so investing in ICT is investing in business continuity, operating and resilience. Integration of ISO 27001:2013 and ISO 9001:2015 standards into an organization's Information Security Management System (ISMS) and Quality Management System (QMS), respectively, further enhances the importance of protecting ICT. It is also important for organizations to implement these standards as a useful baseline for further compliances, such as for example GDPR (General Data Protection Regulation). These standards provide a framework for continually improving management systems in critical areas, which is just one more reason for implementation. 4. E. Leka, L. Lamani (Polytechnic University of Tirana, Tirane, Albania), E. Hoxha (Albanian University, Tirane, Albania) Securing the Foundations of 6G: Innovative Intelligent Controls at the Physical Layer for Trustworthiness and Resilience  In the dynamic landscape of communication technologies, the imminent arrival of 6G networks promises a transformative change that requires a proactive strategy to strengthen the underlying infrastructure. This research is driven by the mission to ensure the security, trustworthiness, and resilience of 6G networks by introducing innovative, intelligent controls at the physical layer. This involves integrating adaptive systems that dynamically adjust to evolving network conditions while alerting to and remediating security risks in real-time. This study aims to provide a robust foundation for 6G networks by eliminating vulnerabilities that could be exploited by malicious entities, with a focus on the physical layer. The proposed intelligent controls utilise advanced machine learning and adaptive algorithms to assess and improve the network's security posture continuously. Based on a theoretical analysis, this research aims to contribute to the conceptual development of 6G networks that drive technological innovation and embody a secure and resilient architecture essential for the upcoming era of wireless communications. It will explore how intelligent physical layer controls, adaptive algorithms, and machine learning have improved the security of 6G networks. 5. K. Šolić (Faculty of Medicine, J.J. Strossmayer University of Osijek, Osijek, Croatia), I. Fosić (HEP Telecommunication d.o.o., Osijek, Croatia), D. Matijašić-Bodalec (Faculty of Dental Medicine and Health, J.J. Strossmayer University of Osijek, Osijek, Croatia), T. Velki (Faculty of Education, J.J. Strossmayer University of Osijek, Osijek, Croatia) Comparative Study on Online Security Awareness and Behavior Among Healthcare Professionals in Croatia  Healthcare professionals predominantly operate under additional stress, and the assumption was that they exhibit riskier online behavior compared to the average internet user. Therefore, the aim was to assess the security awareness and the degree of risky online behavior among healthcare professionals. The research was structured as an empirical study and was conducted across four hospitals, two faculties, and among general population. The online Behavioral-Cognitive Internet Security Questionnaire (BCISQ) was used, supplemented by demographic inquiries and questions regarding prior knowledge, including a deceptive question concerning the acceptance of terms and conditions. Despite two-thirds of participants assessed their information security knowledge as good, less than one-third received specific education on internet security. Relatively low average score for risky behavior and comparatively high average score for security awareness were observed, without significant difference between healthcare professionals and the general population. Students showed slightly better results. However, only 7.25% of all participants responded correctly to the deceptive question. The findings suggest that healthcare professionals, similar to the average user, behave rather safely when online. The lack of specific education wasn’t negatively correlated to online behavior or security awareness. Nevertheless, most participants provided consent to terms and conditions without reading them. 6. D. Regvart (Visoko učilište Algebra, Zagreb, Croatia), M. Mikuc (Fakultet elektrotehnike i računarstva, Zagreb, Croatia), L. Zgrablić, Z. Morić (Visoko učilište Algebra, Zagreb, Croatia) Enhancing Security of Intermediate Devices in the Connection Between IoT Devices and Cloud Service  The wide spectrum of security challenges, spanning from physical tampering to transport layer vulnerabilities, necessitates a holistic and interdisciplinary strategy. By leveraging existing research while filling in the discerned gaps, this literature review seeks to make contributions to the creation of robust security mechanisms. These mechanisms are intended to fortify the IoT ecosystem and ensure the secure transmission of data to the Cloud environment, with a specific focus on OSI layers incorporated within network intermediate devices. This paper aims to elucidate the current advancements and identify areas of research deficiency within security strategies, protocols, and optimal practices crafted to shield these intermediary components—physical network devices. This pursuit safeguards the security of data transmission and bolsters the overall network's resilience, especially concerning the security of the data transfer. 7. S. Rauti, E. Vuorinen, P. Puhtila, R. Carlsson (University of Turku, Turku, Finland) Analysis of Third-Party Data Leaks on Finnish Mental Health Websites  Mental health websites process private and sensitive personal data, and it is essential to prevent this confidential data from being compromised. However, the increasing practice of using various third-party services on modern websites poses a threat to online privacy, including online services focusing on mental well-being. We present a study on the privacy of 10 Finnish mental health websites and conduct a network traffic analysis to see whether these online services inadvertently share sensitive data with third-party entities. Our findings indicate all of the studied websites leak sensitive contextual data (such as the visited URLs) to third parties. The current paper analyzes the characteristics of these data leaks, and gives suggestions to avoid such privacy concerns in future. 8. P. Treglia (Università La Sapienza di Roma, Rome, Italy) PiSecurityCheck: Server Security Check in One Hand  Nowadays, due to the Ukrainian-Russian war, Denial of Service attacks against major Institutions across Europe are increasing. The majority of them are application layer (L7) attacks in which slow HTTP attacks play a major role. In this paper, it is presented PiSecurityCheck, an Android application designed to check in an intuitive and fast way with a minimum amount of bandwidth, if a web server may be prone to slow HTTP attacks. It will be shown how a mobile application can emulate a DoS attack, based on different parameters set by the user. Apache and IIS will be tested in their default configuration and the results compared with slowhttptest output, to corroborate the validity of PiSecurityCheck 9. R. Idlbek (Fakultet turizma i ruralnog razvoja u Požegi, Požega, Croatia), M. Pešić, K. Šolić (Medicinski fakultet, Osijek, Croatia) Enhancing Digital Image Forensics with Error Level Analysis (ELA)  This paper explores the role of Error Level Analysis (ELA) in digital image forensics. It provides a guide to ELA fundamentals, applications, and future developments. ELA, a technique that detects inconsistencies in digital images, has become increasingly important in identifying and combating digital image forgery. The paper explains the mechanics of ELA and its role in detecting image manipulation. Also, it can be used with other techniques for enhanced analysis, such as Local Binary Patterns Histograms (LBPH). The paper also discusses advancements in ELA techniques, including integrating artificial intelligence and machine learning, since the evolving landscape of digital image manipulation presents numerous challenges that can be utilised with AI and related technology. The paper concludes by emphasising the importance of ELA in preserving the integrity of our digital world in the face of sophisticated image manipulation techniques. 10. K. Josić, S. Papić (Algebra University, Zagreb, Croatia) Security Challenges in Network Communication Caused by the Quic Protocol   Quic (Quick UDP Internet Connections) emerges as an innovative protocol aimed at enhancing the speed and security of HTTP traffic, potentially superseding TCP/TLS in web applications. While some web browsers have incorporated it as a default setting, its adoption by various websites is on the rise. A significant challenge arises as network security devices categorize Quic traffic merely as generic UDP rather than distinct web traffic. Consequently, conventional web filter mechanisms fail to scrutinize or log Quic traffic, leading to potential vulnerabilities by allowing access to prohibited or malicious sites. This study delves into the functionality of Quic, and its implications for network security, and offers insights from leading firewall vendors on addressing the nuances of Quic protocol inspection. Furthermore, our evaluation of a FortiGate virtual appliance underscores that the existing web filter engine remains ineffectual in inspecting, logging, or reporting Quic web traffic.

Basic information:

Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia)

Marin Golub (Croatia), Krešimir Grgić (Croatia), Miljenko Mikuc (Croatia), Toni Perković (Croatia), Marin Vuković (Croatia), Drago Žagar (Croatia)

Stjepan Groš (Croatia), Tihomir Katulić (Croatia), Tonimir Kišasondi (Croatia), Dejan Škvorc (Croatia), Boris Vrdoljak (Croatia)

Registration / Fees:

The discount doesn't apply to PhD students.

NOTE FOR AUTHORS: In order to have your paper published, it is required that you pay at least one registration fee for each paper. Authors of 2 or more papers are entitled to a 10% discount.

Stjepan Gros
University of Zagreb
Faculty of Electrical Engineering and Computing
Unska 3
HR-10000 Zagreb, Croatia

E-mail: stjepan.gros@fer.hr

The best papers will get a special award.
Accepted papers will be published in the ISSN registered conference proceedings. Papers in English presented at the conference will be submitted for inclusion in the IEEE Xplore Digital Library. 
.............
There is a possibility that the selected scientific papers with some further modification and refinement are being published in the following journals: Journal of Computing and Information Technology (CIT), MDPI Applied Science, MDPI Information Journal, Frontiers and EAI Endorsed Transaction on Scalable Information Systems.