|
Hibridni događaj
15:00-19:00 Radovi |
B. Novković (Fakultet elektrotehnike i računarstva, Zagreb, Croatia) A Taxonomy of Defenses against Memory Corruption Attacks
Vulnerabilities caused by memory corruption related bugs are a pervasive and seemingly insurmountable threat, continually undermining the security of the whole computing environment. Along with a concise enumeration of existing attacks and bugs, we give a brief insight into state-of-the-art defenses introduced throughout the years, with a special focus on operating system defenses.
|
V. Korzhik, V. Starostin, M. Kabardov, V. Yakovlev, A. Gerasimovich, A. Zhuvikin (The Bonch-Bruevich Saint-Petersburg State University of Telecommunications, Saint-Petersburg , Russian Federation) Optimization of the Key Sharing Protocol for Noiseless Public Channels without the Use of Cryptographic Assumptions
Traditional physical-layer based secret key sharing scheme typically suggests some cryptographic assumption. In this paper we develop the key sharing protocol for noiseless public channels without any cryptographic assumptions that was proposed recently by the same group of authors. But in contrast to our previous investigations we introduce here more profound research of previous approach. First of all we replace four-step protocol presented before to two-step protocol without loss of key security. A comparison of protocol with and without additional sub key channel is given. Impossibility to use integers instead of matrices in execution of information exchange over the channel is demonstrated. Selecting of the main key sharing protocol parameters in order to minimize channel traffic, given the key bit reliability and information-theoretic security is provided. As a source of random date that are needed for a creation of matrices is tested a compact hardware device generating of truly random sequences. It follows from our investigations that the proposed key sharing protocol can be easily executed by individuals involvedinto ordinary Internet activity providing information theoretical security level even during post quantum period.
|
D. Delija, G. Sirovatka (TVZ, Zagreb, Croatia), I. Špoljarić (MUP, Zagreb, Croatia) Preparation and Planning of the Development of a Proficiency Test in the Field of Digital Forensics
This paper presents the planning and preparation of an proficiency test for the field of digital forensics. The paper provides elaboration of the idea and procedure of creating a forensic experiment, the result of which will be a test of expertise applicable for various organizations engaged in digital forensics. The whole process of planning, selecting forensic tools, defining forensic procedures, and producing test forensic images is shown, explaining and elaborating the criteria used in the selection, and the expected results. The proficiency test is planned for a smart electric bike.
|
B. Novković, A. Božić, M. Golub, S. Groš (Fakultet elektrotehnike i računarstva, Zagreb, Croatia) Confidential Computing as an Attempt to Secure Service Provider's Confidential Client Data in Multi-Tenant Cloud Environment
Cloud-oriented infrastructure posed itself as a predominant deployment paradigm in the recent decade due to its ease of provisioning and relatively low cost. However, entrusting a third party with sensitive data in a multi-tenant environment brings about increased data breach risks.
The aim of this paper is to give an insight into challenges and threats encountered in mitigating data breach and repudiation risks for service providers utilizing cloud-based environments.
Through constructing and studying a possible cloud-based service, we form a corresponding threat model with a special focus on risks originating from internal actors.
We explore confidential computing as a possible solution for data confidentiality in cloud-based systems.
|
D. Delija, Ž. Petrović, G. Sirovtka, M. Žagar (TVZ, Zagreb, Croatia) An Analysis of Wireless Network Security Test Results provided by Raspberry Pi Devices on Kali Linux
This paper provides an analysis of the results of wireless network security testing. Wireless network testing was done using a Raspberry Pi device under the Kali Linux operating system. A legal testing procedure was carried out, tools and testing procedures were presented and the influence of various tools on the reliability of test results was analyzed. The obtained results of various tools have been compared and interpreted with the aim of understanding the actual state of user wireless networks. Analysis of test results indicates serious safety issues that pose a risk to both owners and service providers.
|
K. Knežević (Visoko učilište Algebra, Zagreb, Croatia) Generating Prim Numbers Using Genetic Algorithms
Genetic algorithms are well-known and frequently used heuristic methods for solving optimization problems. The theme of the paper is the application of genetic algorithms
for generating large prime numbers that have special significance in cryptography. An introduction to the theory of prime numbers and the methods used to check the primality of a large number are shown. The implementation of a genetic algorithm for generating prime numbers is presented with a convenient representation and genetic operators. The results were analyzed and graphically presented for different genetic algorithm parameters.
|
D. Delija, I. Mohenski, G. Sirovatka (Zagreb University of Applied Sciences, Zagreb, Croatia) Comparative Analysis of Network Forensic Tools on Different Operating Systems
This paper deals with the theoretical and practical elaboration of the mentioned topics, which gives an insight into digital forensics, network forensics, collection and analysis of digital evidence, and the tools with which the above is done. An insight into the comparison of tools is provided, which begins with the selection of tools according to the stated criteria and the description of the tools with the operating systems on which they run. The comparison itself begins with defining tasks to test functionality. Upon completion of the above tasks, the obtained results are recorded and later used to analyze the performance of the tool. After the tool comparison, the obtained results are scored and ranked, and then a conclusion is given about the acquired knowledge and experience during the preparation of this paper.
|
D. Lawal, D. Gresty, D. Gan, L. Hewitt (University of Greenwich, London, United Kingdom) Have You Been Framed and Can You Prove it?
This work addresses the potential for a frameup attack through the use of a programmable USB e.g., a ‘Rubber Ducky’ to plant false evidence on someone else’s computer. The aim is to determine who performed these actions, the human or the Rubber Ducky. Experiments were undertaken where a human interacted with a computer and a Rubber Ducky performed the same actions using identical computers, with identical baseline configurations, to detect differences in the artifacts left behind in each case. Forensics images generated from each experiment were analysed using forensics tools. Our findings pose the question can a programmable USB device be used to masquerade as a human, and can the forensic analyst or legal counsel make informed decisions about the provenance of any artifacts identified, as the expert may not be able to differentiate between the actions of the human user or the programmable USB, which could lead to a miscarriage of justice. This work alerts investigators and experts to the potential presence of a programmable USB device, and presents some artifacts that show that a programmable USB could have carried out these actions, which might prevent an innocent individual being wrongfully convicted of a crime they did not commit.
|
I. Nađ (OŠ Eugena Kvaternika, Velika Gorica; Visoko učilište Algebra, Zagreb; Fakultet hrvatskih studija, Zagreb, Croatia) Kriptografija u nastavi matematike u osnovnoj školi
Nastavnici matematike se često u nastavi susreću s pomanjkanjem interesa i motivacije učenika za matematiku. Kako istraživanja pokazuju da rad nastavnika matematike utječe i na rad i motivaciju učenika, na nastavnicima je velika odgovornost da svojim pristupom i zalaganjem obogate nastavni proces novim sadržajima i aktivnostima koji bi bili motivirajući učenicima. U članku se kratko opisuju šifre primjerene za rad u osnovnoj školi, predlažu nastavni sadržaji iz matematike u koje bi se te šifre mogle uključiti te opisuju korelacije s drugim predmetima u osnovnoj školi.
|
|
Osnovni podaci:
Voditelji:
Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia), Mario Spremić (Croatia)
Prijava/Kotizacija:
PRIJAVA / KOTIZACIJE
|
CIJENA U EUR-ima
|
Do 13.9.2021.
|
Od 14.9.2021.
|
Članovi MIPRO i IEEE |
200
|
230
|
Studenti (preddiplomski i diplomski studij) te nastavnici osnovnih i srednjih škola |
120
|
140
|
Ostali |
220
|
250
|
Popust se ne odnosi na studente doktorskog studija.
Kontakt:
Stjepan Groš
Fakultet elektrotehnike i računarstva
Unska 3
10000 Zagreb, Hrvatska
E-mail: stjepan.gros@fer.hr
Najbolji radovi bit će nagrađeni.
Prihvaćeni radovi bit će objavljeni u zborniku radova s ISSN brojem. Prezentirani radovi na engleskom jeziku bit će poslani za uključenje u digitalnu bazu IEEE Xplore.
.............
Postoji mogućnost da se odabrani znanstveni radovi uz određenu doradu objave u međunarodnom časopisu Journal of Computing and Information Technology (CIT).
Mjesto održavanja:
Opatija, sa 170 godina dugom turističkom tradicijom, vodeće je ljetovalište na istočnoj strani Jadrana i jedno od najpoznatijih na Mediteranu. Ovaj grad aristokratske arhitekture i stila već 170 godina privlači svjetski poznate umjetnike, političare, kraljeve, znanstvenike, sportaše, ali i poslovne ljude, bankare, menadžere i sve kojima Opatija nudi svoje brojne sadržaje.
Opatija svojim gostima nudi brojne komforne hotele, odlične restorane, zabavne sadržaje, umjetničke festivale, vrhunske koncerte ozbiljne i zabavne glazbe, uređene plaže i brojne bazene i sve što je potrebno za ugodan boravak gostiju različitih afiniteta.
U novije doba Opatija je jedan od najpoznatijih kongresnih gradova na Mediteranu, posebno prepoznatljiva po međunarodnim ICT skupovima MIPRO koji se u njoj održavaju od 1979. godine i koji redovito okupljaju preko tisuću sudionika iz četrdesetak zemalja. Ovi skupovi Opatiju promoviraju u nezaobilazan tehnološki, poslovni, obrazovni i znanstveni centar jugoistočne Europe i Europske unije općenito.
Detaljnije informacije se mogu potražiti na www.opatija.hr i www.visitopatija.com.
|
|