Proceedings of the Third Central European Cybersecurity Conference最新文献

{"title":"Cybercrime victimization and seeking help: A survey of students in Slovenia","authors":"Kaja Prislan, Igor Bernik, Gorazd Meško, Rok Hacin, Blaz Markelj, Simon L. R. Vrhovec","doi":"10.1145/3360664.3360731","DOIUrl":"https://doi.org/10.1145/3360664.3360731","url":null,"abstract":"Most cyberspace users fell victim to some cybercrime. This poster reports on a survey of students conducted to provide an overview of cybercrime victimization and related help-seeking behaviors. The results suggest that unwelcome private messages with sexual content or requests, infections with a virus, unauthorized access to online accounts, and offensive and hostile messages were most common cybercrimes. Respondents would most often turn to their friends, the police, and family members for help.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129451913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bitcoin adoption: Scams and anonymity may not matter but trust into Bitcoin security does","authors":"Aleksander Murko, Simon L. R. Vrhovec","doi":"10.1145/3360664.3360679","DOIUrl":"https://doi.org/10.1145/3360664.3360679","url":null,"abstract":"Bitcoin is the most successful cryptocurrency with more than half of the market capitalization of all more than 2,000 currently existing cryptocurrencies. In recent years, there have been several high-profile hacks and scams that resulted in billions of stolen funds. In this paper, we focus on the impact of Bitcoin cybersecurity and privacy characteristics on its adoption. A survey (N = 152) has been conducted among users and non-users of Bitcoin in Slovenia to test the proposed research model. The results suggest that in addition to known factors (i.e., usefulness, ease of use and subjective norm) trust into Bitcoin security also influences Bitcoin adoption. The results however show no support for the influence of perceived threat of Bitcoin scams or Bitcoin anonymity on Bitcoin adoption.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124170174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing","authors":"Stefan Marksteiner, R. Ramler, Hannes Sochor","doi":"10.1145/3360664.3362698","DOIUrl":"https://doi.org/10.1145/3360664.3362698","url":null,"abstract":"Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116508724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Digital Forensics vs. Due Process: Conflicting Standards or Complementary Approaches?","authors":"U. Ewald","doi":"10.1145/3360664.3362697","DOIUrl":"https://doi.org/10.1145/3360664.3362697","url":null,"abstract":"Cybersecurity and digital forensics are closely related to current and even more to future criminal proceedings due to the fact that digital evidence is more and more dominating the body of evidence in criminal trials. It is also fair to say that digital forensics to a large extent performs in cybersecurity as a production of digital evidence. Not only in cybercrime but also in ordinary crimes like car theft, drug related crimes and forms of traditional organized crimes judicial decision-making and reasoning at trials and finally in judgments are more and more based on references to digital traces and data which are provided by forensic IT experts as exhibits. At the first glance providing digital data as evidence to criminal courts appears to be a straightforward more technical process. This paper claims that turning digital traces into digital evidence is anything but a simple and linear technical process just having to respect state-of-the-art technical standards and following rules for the chain of custody. Instead it will demonstrate that digital forensics is one part in a more complex social construction process where standards and methods of IT forensics of the 21st century meet evidentiary procedural rules in criminal justice of the 19th century, hence applied by a judiciary of the 20th century. This state of asynchrony leads to basic conflicts between digital forensics on the one side, rule of law, to process and fair trial on the other. The paper will reflect upon the central question if and how this conflict between digital forensics and traditional due process in the transition from analog to digital evidence in criminal justice proceedings can be turned into an integrated and complementary approach for the final sake of justice and security in the society. While the current situation is leading to a gap between data and judicial decision (digital divide), new standards for producing procedural truth in a comprehensible data-to-decision-cycle covering both the forensic acquisition, preparation and analysis at the pretrial stage, as well as presenting, testing (verifying/falsifying) and interpreting digital evidence at trial by judges, prosecutors and defense attorneys. Only if both sides, the forensic and judicial, are in balance the digital divide in today's criminal justice practice will fade away. Firstly, the paper will outline a conceptual view on the challenges electronic evidence based on digital code and machine language poses to a traditional judicial method of communicating evidentiary information relying on natural language and unstructured narratives in direct personal communication during trial which inevitably will lead to a paradigm shift in the judicial hermeneutic method. Criminal proceedings and judgments as their outcome are traditionally based on enlightenment principles of oral and direct communication in public hearings, hence human language and narrative is the crucial medium of communication and understanding d","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126490732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Achieving Consistency of Software Updates against Strong Attackers","authors":"Lamya Abdullah, S. Hahn, F. Freiling","doi":"10.1145/3360664.3360670","DOIUrl":"https://doi.org/10.1145/3360664.3360670","url":null,"abstract":"Update systems regularly distribute updates for installed software to end users. Problems arise when the update system is misused and malicious updates are sent to a small set of users only. Such situations can occur if the software supplier has been successfully attacked or is coerced by government agencies to distribute handcrafted updates containing promiscuous functionality like backdoors. In this paper, we define a set of general security requirements for update systems that encompass protection against malicious updates. We then introduce the design of an update system that satisfies the requirements and present an implementation as an extension to the advanced package tool (APT) for the Debian OS. We evaluate the strengths and weaknesses of the system and discuss its large-scale applicability with respect to security and performance overhead.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124774197","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Simulating and Detecting Attacks of Untrusted Clients in OPC UA Networks","authors":"C. V. Neu, Ina Schiering, A. Zorzo","doi":"10.1145/3360664.3360675","DOIUrl":"https://doi.org/10.1145/3360664.3360675","url":null,"abstract":"The usage of machine to machine communication and Industrial Internet of Things is increasing nowadays, in particular in industry environments. Devices with low hardware capabilities may e.g. be used for sensing data, for example, on an industrial network. Specific protocols and frameworks were being developed for these use cases. One such framework is OPC UA, which allows signed and encrypted communication and therefore addresses already important security requirements. However, an attacker may also be able to encrypt malicious packets so that it may bypass security systems and/or empower the attack, as encrypted packets typically need more hardware consumption to be handled. In this paper the focus is on Denial of Service attacks in OPC UA networks. An analysis of possible Denial of Service attacks is presented and an approach to detect such attacks is implemented in the context of a simulation scenario. Our evaluations show how such attacks may affect server CPU consumption and could be very powerful when a large number of devices is compromised.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126591682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Fake News to Virtual Reality: Fake News and Digital Manipulations at the Age of Modern Technology","authors":"Tal Pavel","doi":"10.1145/3360664.3361145","DOIUrl":"https://doi.org/10.1145/3360664.3361145","url":null,"abstract":"The cyberspace, the new and only man-made domain, presents a wide range of new advantages and challenges -- as well as risks to the end user, organizations, states and even humanity. Modern mankind is dependent completely on ICT, the internet and the cyberspace for daily operation and existence. The cyberspace has several unique features including the attribution problem, no meaning for boundaries, time, or threshold as an entry level for different malicious players to create potential diversity of damages. Disruption, or even shutdown of this dimension may be fatal and constitutes new means and weapons in the hands of various players, among them, non-state actors, such as terrorist organizations, cybercriminals and state actors, in a matter that cyber capabilities are seen as even a doomsday weapon. But the cyberspace can be the trigger to physical wars, criminal activities, social unrest, political changes. All created by not only by fake news but by creating new, alternative and manipulated reality. Fake news is \"a type of yellow journalism or propaganda that consists of deliberate disinformation or hoaxes spread via traditional print and broadcast news media or online social media\". Therefore, in the hands of a given nation, armed with motivation and online abilities, rumors and disinformation can be spread, in order to create distrust, nationalistic feelings among minorities, denying the government legitimacy, panic, havoc and mayhem. Those can create riots, uprising and revolt from the inside boundaries on one hand, as well as war with neighbouring states from the outside boundaries on the other hand. All those without the need of the perpetrator firing a single shot.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116187121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the Feasibility of Secure Logging for Industrial Control Systems Using Blockchain","authors":"Stefan Schorradt, Edita Bajramovic, F. Freiling","doi":"10.1145/3360664.3360668","DOIUrl":"https://doi.org/10.1145/3360664.3360668","url":null,"abstract":"With industrial control systems (ICSs) being increasingly networked, the need for sound forensic capabilities for such systems increases. One vital source of information in forensic investigation are log files. Techniques for secure logging aim to protect log files from manipulation. We investigate how a blockchain can enable secure logging for ICSs. We argue that a blockchain fits well both into general models of secure logging and into the Purdue model for ICSs. We report on experiences from connecting the syslog functionality of a Siemens SIMATIC S7-1500 programmable logic controller to the public Ethereum blockchain network. While the level of manipulation protection is comparably high, the transaction time for the public Ethereum blockchain severely limits the usefulness of this type of secure logging for ICSs.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124085122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Retrospective Tracking of Suspects in GDPR Conform Mobile Access Networks Datasets","authors":"Louis Tajan, D. Westhoff","doi":"10.1145/3360664.3360680","DOIUrl":"https://doi.org/10.1145/3360664.3360680","url":null,"abstract":"This work discusses several use cases of post-mortem mobile device tracking in which privacy is required e.g. due to client-confidentiality agreements and sensibility of data from government agencies as well as mobile telecommunication providers. We argue that our proposed Bloom filter based privacy approach is a valuable technical building block for the arising General Data Protection Regulation (GDPR) requirements in this area. In short, we apply a solution based on the Bloom filters data structure that allows a 3rd party to perform some privacy saving set relations on a mobile telco's access logfile or other mobile access logfile from harvesting parties without revealing any other mobile users in the proximity of a mobile base station but still allowing to track perpetrators.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128428466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Forensic Investigations in Vehicle Data Stores","authors":"Nico Vinzenz, Tobias Eggendorfer","doi":"10.1145/3360664.3360665","DOIUrl":"https://doi.org/10.1145/3360664.3360665","url":null,"abstract":"This research locates vehicle data stores and analyzes their forensic information value based on digital forensic principles. Four distinct data store types were located in this process -- airbag Event Data Recorder (EDR), Electronic Control Unit (ECU), Telematic Platform and Infotainment System. Based on the analysis of approximately 11,000 samples from vehicle crashes the airbag EDR is found useful for getting a high resolution short-term snapshot of a vehicle crash. The investigated telematic platform did not store any forensically valuable data by default. Nevertheless, with an architectural optimization, it could store data valuable for both post-crime and post-crash investigations.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133330167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}