Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 18

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

Information Systems Development and Usage with Consideration of Privacy and Cyber Security Aspects

,

DOI: http://dx.doi.org/10.15439/2019F261

Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 547554 ()

Full text

Abstract. One of the contemporary problems, and at the same time a challenge, with development und usage of supply chain Information Systems are the issues associated with privacy and cyber security, which emerged due to new requirements of legal regulations and directives. The human factor belongs to the biggest risks within these issues. Leak of information, phishing, unauthorized access are the main problems. Also vulnerability of the systems due to new information technologies is an important topic. In this paper we discuss development and usage of Information Systems with regard to the security aspects associated to the software development lifecycle. We present our approach on examples of a user authentication process in logistics.

References

  1. General Data Protection Regulation, “Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” EU 2016/679, 2016.
  2. Payment Services Directive 2, “Directive on payment services in the internal market”, EU 2015/2366 Official Journal of the European Union Payment Service Directives 2. EU 2015/2366, 2015.
  3. Fintech: www.investopedia.com/terms/f/fintech.asp
  4. M. P. Papazoglou, and P. M.A. Ribbes, E-business: organizational and technical foundations, John Wiley and sons. London, 2006.
  5. L. Gil, and A. Liska, “Security with AI and machine learning. using advanced tools to improve security at the edge”, New York O’Reily, 2019.
  6. Global Economic Crime and Fraud Survey, Pulling fraud out of the shadows. The biggest competitor you didn’t know you had. 2018. https://www.pwc.com/gx/en/forensics/global-economic-crime-and-fraud-survey-2018.pdf
  7. D. Bohn, “Android at 10: the world most dominant technology”, 2018 https://www.theverge.com/2018/9/26/17903788/google-android-history-dominance-marketshare-apple
  8. Hybrid warfare. Wikipedia https://en.wikipedia.org/wiki/Hybrid_warfare
  9. T. Magee, “The most notorious hacke groups”, ComputerworldUK https://www.computerworlduk.com/security/most-notorious-hacker-groups-3679258/
  10. G. Perkovitz and A. E. Levite, Eds., “Understanding Cyber Conflict”, Georgetown University Press, 2017.
  11. D. Sorin, The cyber dimension of modern hybrid warfare and its relevance for NATO Europolitcs, vol. 10-1, 2016. http://europolity.eu/wp-content/uploads/2016/07/Vol.-10.-No.-1.-2016-editat.7-23.pdf
  12. W. Stallings, and L. Brown, “Computer Security: Principles and Practice”, Pearson Education 2018.
  13. OWASP Foundation. The free and open software security community, https://www.owasp.org
  14. C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage services in cloud computing”, IEEE Transactions on Services Computing, vol. 5-2, April-June 2012, pp. 220 – 232, http://dx.doi.org/10.1109/TSC.2011.24
  15. D. Mills, K. Wang, B. Malone, A. Ravi, J. Marquardt, Chen, A. Badev, T. Brezinski, L. Fahy, K. Liao, V. Kargenian, M. Ellithorpe, W. Ng, and M. Baird, “Distributed ledger technology in payments, clearing, and settlement”, Finance and Economics Discussion Series 2016-095, 2016. Washington: Board of Governors of the Federal Reserve System, https://doi.org/10.17016/FEDS.2016.095.
  16. Official Journal of the European Union. Technical Specification for assurance levels for electronic identification. 1502/2015EN.
  17. C. E. Schannon, “Communication theory of secrecy systems”, The Bell System Technical Journal, vol. 28-4 , Oct. 1949.
  18. L. Chen, S. Jordan, Y-K. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone, “NISTIR 8105 Report on Post-Quantum Cryptography”, http://dx.doi.org/10.6028/NIST.IR.8105 https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.8105
  19. Adips, RUBLON, “Trusted access multi-factor authentication”, Zielona Góra, 2016. https://rublon.com/
  20. J. Jabłoński, “Encryption system with one-off key”, no. 218339, submitted 20-04-2011, date of the patent 10-09-2014.
  21. Project POIR .01.01.01-00-0257/16 - CryptOne unconditional secure crypto-processor, DCD Digital Core Design Bytom, Poland 2016-2019.
  22. J. Jasperneite, “What is Industrie 4.0“, Computer&Automation, 2012
  23. S. Robak, B. Franczyk, and M. Robak, “Business process optimization with big data analytics under consideration of privacy”, Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, p 1199–1204, 2016, http://dx.doi.org/http://dx.doi.org/10.15439/2016F542
  24. B. Schwarzbach, M. Glöckner, A. Pirogov, M. M. Röhling, and B. Franczyk, “Secure service interaction for collaborative business processes in the inter-cloud,” in 2015 Federated Conference on Computer Science and Information Systems, ser. Annals of Computer Science and Information Systems, IEEE, 2015, pp. 1377–1386. http://dx.doi.org/10.15439/2015F282
  25. D. Agrawal, S. Das and A. E. Abbadi, „Big data and cloud computing: current state and future opportunities“. EDBT 2011, March 22-24, 2011, Uppsala, Sweden. ACM 978-1-4503-0528-0/11/0003.
  26. RFC 6287 “OCRA: OATH Challenge-response algorithm”, Internet Engineering Task Force IETF 2011, https://tools.ietf.org/html/rfc6287
  27. P. Grassi, M. Garcia, and J. Fenton, “Digital authentication guideline”, NIST SP 800-63-3, 2016.
  28. R. Ross, K. Dempsey, P. Viscuso, M. Riddle, and G. Guissanie, “Protecting controlled unclassified information in nonfederal information systems and organizations” NIST SP 800-171, 2016.
  29. HTTP - Hypertext Transfer Protocol, https://www.w3.org/Protocols/
  30. S. Rivest,. A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Comm. of the ACM, vol. 21-2, 1978, pp. 120–126.
  31. B. Schneier, “Cryptanalysis of MD5 and SHA: Time for a new standard”, Computerworld, 2014. 
  32. S. Goldwasser, and S. Micali, “Probabilistic encryption”, Journal of Computer and System Sciences, vol. 28-2, 1984, pp. 270-299. https://doi.org/10.1016/0022-0000(84)90070-9
  33. A. Toffler, The third wave. Bantam Books, 1980.
  34. M. Wolden, R. Valverde, and M. Talla, “The effectiveness of COBIT5 information security framework for reducing cyber attacks on supply chain management system”, IFAC-PapersOnLine Vol. 48-3, 2015, pp. 1846-1852. https://doi.org/10.1016/j.ifacol.2015.06.355
  35. L. Wainstein, “7 supply chain security concerns to address in 2019”. https://supplychainbeyond.com/7-supply-chain-security-concerns-to-address-in-2019/
  36. M. Robak, and E. Buchmann, “Deriving workflow privacy patterns from legal documents”, Federated Conference on Computer Science and Information Systems, 2019 – accepted paper.
  37. V. Gupta, D. Stebila, S. Fung, S.C. Shanz, N. Gura, and H. Eberle, “Speeding up Secure Web Transactions Using Elliptic Curve Cryptography”, http://research.sun.com/projects/crypto