Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 547–554 (2019)
Abstract. One of the contemporary problems, and at the same time a challenge, with development und usage of supply chain Information Systems are the issues associated with privacy and cyber security, which emerged due to new requirements of legal regulations and directives. The human factor belongs to the biggest risks within these issues. Leak of information, phishing, unauthorized access are the main problems. Also vulnerability of the systems due to new information technologies is an important topic. In this paper we discuss development and usage of Information Systems with regard to the security aspects associated to the software development lifecycle. We present our approach on examples of a user authentication process in logistics.
- General Data Protection Regulation, “Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” EU 2016/679, 2016.
- Payment Services Directive 2, “Directive on payment services in the internal market”, EU 2015/2366 Official Journal of the European Union Payment Service Directives 2. EU 2015/2366, 2015.
- Fintech: www.investopedia.com/terms/f/fintech.asp
- M. P. Papazoglou, and P. M.A. Ribbes, E-business: organizational and technical foundations, John Wiley and sons. London, 2006.
- L. Gil, and A. Liska, “Security with AI and machine learning. using advanced tools to improve security at the edge”, New York O’Reily, 2019.
- Global Economic Crime and Fraud Survey, Pulling fraud out of the shadows. The biggest competitor you didn’t know you had. 2018. https://www.pwc.com/gx/en/forensics/global-economic-crime-and-fraud-survey-2018.pdf
- D. Bohn, “Android at 10: the world most dominant technology”, 2018 https://www.theverge.com/2018/9/26/17903788/google-android-history-dominance-marketshare-apple
- Hybrid warfare. Wikipedia https://en.wikipedia.org/wiki/Hybrid_warfare
- T. Magee, “The most notorious hacke groups”, ComputerworldUK https://www.computerworlduk.com/security/most-notorious-hacker-groups-3679258/
- G. Perkovitz and A. E. Levite, Eds., “Understanding Cyber Conflict”, Georgetown University Press, 2017.
- D. Sorin, The cyber dimension of modern hybrid warfare and its relevance for NATO Europolitcs, vol. 10-1, 2016. http://europolity.eu/wp-content/uploads/2016/07/Vol.-10.-No.-1.-2016-editat.7-23.pdf
- W. Stallings, and L. Brown, “Computer Security: Principles and Practice”, Pearson Education 2018.
- OWASP Foundation. The free and open software security community, https://www.owasp.org
- C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage services in cloud computing”, IEEE Transactions on Services Computing, vol. 5-2, April-June 2012, pp. 220 – 232, http://dx.doi.org/10.1109/TSC.2011.24
- D. Mills, K. Wang, B. Malone, A. Ravi, J. Marquardt, Chen, A. Badev, T. Brezinski, L. Fahy, K. Liao, V. Kargenian, M. Ellithorpe, W. Ng, and M. Baird, “Distributed ledger technology in payments, clearing, and settlement”, Finance and Economics Discussion Series 2016-095, 2016. Washington: Board of Governors of the Federal Reserve System, https://doi.org/10.17016/FEDS.2016.095.
- Official Journal of the European Union. Technical Specification for assurance levels for electronic identification. 1502/2015EN.
- C. E. Schannon, “Communication theory of secrecy systems”, The Bell System Technical Journal, vol. 28-4 , Oct. 1949.
- L. Chen, S. Jordan, Y-K. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone, “NISTIR 8105 Report on Post-Quantum Cryptography”, http://dx.doi.org/10.6028/NIST.IR.8105 https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.8105
- Adips, RUBLON, “Trusted access multi-factor authentication”, Zielona Góra, 2016. https://rublon.com/
- J. Jabłoński, “Encryption system with one-off key”, no. 218339, submitted 20-04-2011, date of the patent 10-09-2014.
- Project POIR .01.01.01-00-0257/16 - CryptOne unconditional secure crypto-processor, DCD Digital Core Design Bytom, Poland 2016-2019.
- J. Jasperneite, “What is Industrie 4.0“, Computer&Automation, 2012
- S. Robak, B. Franczyk, and M. Robak, “Business process optimization with big data analytics under consideration of privacy”, Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, p 1199–1204, 2016, http://dx.doi.org/http://dx.doi.org/10.15439/2016F542
- B. Schwarzbach, M. Glöckner, A. Pirogov, M. M. Röhling, and B. Franczyk, “Secure service interaction for collaborative business processes in the inter-cloud,” in 2015 Federated Conference on Computer Science and Information Systems, ser. Annals of Computer Science and Information Systems, IEEE, 2015, pp. 1377–1386. http://dx.doi.org/10.15439/2015F282
- D. Agrawal, S. Das and A. E. Abbadi, „Big data and cloud computing: current state and future opportunities“. EDBT 2011, March 22-24, 2011, Uppsala, Sweden. ACM 978-1-4503-0528-0/11/0003.
- RFC 6287 “OCRA: OATH Challenge-response algorithm”, Internet Engineering Task Force IETF 2011, https://tools.ietf.org/html/rfc6287
- P. Grassi, M. Garcia, and J. Fenton, “Digital authentication guideline”, NIST SP 800-63-3, 2016.
- R. Ross, K. Dempsey, P. Viscuso, M. Riddle, and G. Guissanie, “Protecting controlled unclassified information in nonfederal information systems and organizations” NIST SP 800-171, 2016.
- HTTP - Hypertext Transfer Protocol, https://www.w3.org/Protocols/
- S. Rivest,. A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Comm. of the ACM, vol. 21-2, 1978, pp. 120–126.
- B. Schneier, “Cryptanalysis of MD5 and SHA: Time for a new standard”, Computerworld, 2014.
- S. Goldwasser, and S. Micali, “Probabilistic encryption”, Journal of Computer and System Sciences, vol. 28-2, 1984, pp. 270-299. https://doi.org/10.1016/0022-0000(84)90070-9
- A. Toffler, The third wave. Bantam Books, 1980.
- M. Wolden, R. Valverde, and M. Talla, “The effectiveness of COBIT5 information security framework for reducing cyber attacks on supply chain management system”, IFAC-PapersOnLine Vol. 48-3, 2015, pp. 1846-1852. https://doi.org/10.1016/j.ifacol.2015.06.355
- L. Wainstein, “7 supply chain security concerns to address in 2019”. https://supplychainbeyond.com/7-supply-chain-security-concerns-to-address-in-2019/
- M. Robak, and E. Buchmann, “Deriving workflow privacy patterns from legal documents”, Federated Conference on Computer Science and Information Systems, 2019 – accepted paper.
- V. Gupta, D. Stebila, S. Fung, S.C. Shanz, N. Gura, and H. Eberle, “Speeding up Secure Web Transactions Using Elliptic Curve Cryptography”, http://research.sun.com/projects/crypto