INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND CYBERCRIME Volume 9, Issue 1 / 2020 Scientific journal edited by Romanian Association for Information Security Assurance SITECH Publishing Craiova, 2020
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 © 2020 Editura Sitech Craiova All rights reserved. This book is protected by copyright. No part of this book may be reproduced in any form or by any means, including photocopying or utilized any information storage and retrieval system without written permission from the copyright owner. SITECH Publishing is part of the list of prestigious Romanian publishing houses recognized by CNATDCU, for Panel 4, which includes the fields: legal sciences, sociological sciences, political and administrative sciences, communication sciences, military sciences, information and public order, economics sciences and business administration, psychological sciences, education sciences, physical education and sport. Editura SITECH Craiova, România Aleea Teatrului, nr. 2, Bloc T1, parter Tel/Fax: +40.251.414.003 E-mail: [email protected] IJISC - International Journal of Information Security and Cybercrime is a peer-reviewed journal published by RAISA - Romanian Association for Information Security Assurance and indexed in international databases of scientific journals. The journal is edited by professors and experts from Department of Police and Behavioral Sciences from Police Faculty - “Alexandru Ioan Cuza” Police Academy, Department of Electronics Technology and Reliability from Faculty of Electronics, Telecommunications and Information Technology - University Politehnica of Bucharest and Service for Countering the Cyber Criminality from General Inspectorate of Romanian Police. The principal aim of IJISC is to bring together the latest research and development in information security and the latest methods to prevent and to combat the cybercrime phenomenon. ISSN: 2285-9225 DOI: 10.19107/IJISC Website: www.ijisc.com E-mail: [email protected]
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 JOURNAL EDITORIAL BOARD EDITORIAL COUNCIL CHAIRMAN Professor Ioan BACIVAROV, PhD The University Politehnica of Bucharest, Romania EDITOR-IN-CHIEF Associate Professor Ioan-Cosmin MIHAI, PhD “Al. I. Cuza” Police Academy, Romania DEPUTY EDITOR-IN-CHIEF Associate Professor Pradeep Kumar SINGH, PhD Jaypee University of Information Technology, India INTERNATIONAL SCIENTIFIC BOARD Professor Emeritus Alessandro BIROLINI, PhD Professor Angelica BACIVAROV, PhD ETH Zurich, Switzerland The University Politehnica of Bucharest, Romania Professor Emevwo BIAKOLO, PhD Professor Ion BICĂ, PhD Pan-Atlantic University, Nigeria The Military Technical Academy, Romania Lecturer Ray GENOE, PhD Professor Fabrice GUERIN, PhD University College Dublin, Ireland ISTIA, University of Angers, France Associate Professor K. JAISHANKAR, PhD Professor Klara KEREZSI, PhD Manonmaniam Sundaranar University, India The National University of Public Service, Hungary Lecturer NhienAn LEKHAC, PhD Professor David NACCACHE, PhD University College Dublin, Ireland Paris II Panthéon-Assas University, France Associate Professor Iulian NĂSTAC, PhD Professor Daniela-Elena POPESCU, PhD The University Politehnica of Bucharest, Romania The University of Oradea, Romania Professor Ion ROCEANU, PhD Professor Sandeep TIWARI, PhD “Carol I” National Defense University, Romania Amity University, India Associate Professor Fergus TOOLAN, PhD Professor Ton van der WIELE, PhD The Norwegian Police University College, Norway Erasmus University Rotterdam, Netherlands
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 JOURNAL EDITORIAL BOARD EXECUTIVE EDITOR Gabriel PETRICĂ, PhD The University Politehnica of Bucharest, Romania ASSOCIATE EDITORS Jorge Luis Gando LEAL, PhD Anurag Sharma, PhD The University of Barcelona, Spain GNA University, India Joshua Del PINO Paulo Miguel Relogio de SOUSA Shimane Prefectural Education Division, The European Institute of Innovation & Technology, Japan Hungary EDITORS Mihai-Ștefan DINU Maxim DOBRINOIU, PhD “Carol I” National Defence University, Romania “Nicolae Titulescu” University, Romania Radu LUPU, PhD Paul ROMAN The University Politehnica of Bucharest, The Directorate for Investigating Organized Crime Romania and Terrorism, Romania GRAPHICS EDITOR Adrian-Constantin ROȘOAIA The Romanian Police REVIEWERS IJISC reviewers are listed on the webpage www.ijisc.com/reviewers/ The content of this journal does not reflect the official opinion of RAISA - Romanian Association for Information Security Assurance or its partners. Responsibility for the information and opinions expressed in articles, reviews or interviews lies entirely with the author(s).
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 ABSTRACTING AND INDEXING IJISC - International Journal of Information Security and Cybercrime is indexed in the following international databases of scientific journals: EBSCOhost CEEOL www.ebscohost.com www.ceeol.com Google Scholar Index Copernicus scholar.google.ro en.indexcopernicus.com Crossref OCLC WorldCat www.crossref.org www.worldcat.org HeinOnline Academia.edu home.wshein.com www.academia.edu Mendeley ResearchGate www.mendeley.com www.researchgate.net MIAR SCIPIO miar.ub.edu www.scipio.ro
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Table of Contents EDITORIAL 2020 - New Challenges, New Approaches. A New (Re)Start?..................................................7 Gabriel PETRICĂ SECTION I: ADVANCES IN INFORMATION SECURITY RESEARCH Vulnerabilities of Information Systems.....................................................................................9 Ovidiu-Vasile BRUMĂ Research on Security Challenges Regarding Online School Education...............................15 Nela-Daniela IONAȘC SECTION II: STUDIES AND ANALYSIS OF CYBERCRIME PHENOMENON Social Networking Security......................................................................................................24 George-Daniel DUMITRU The Phenomenon of Cyber Crime...........................................................................................29 Ioana-Lucia PANDELICĂ SECTION III: CYBER-ATTACKS EVOLUTION AND CYBERCRIME TRENDS Cyber Attacks Against E-Learning Platforms. A Case Study Using Attack Trees...............................................................................................................................37 Gabriel PETRICĂ, Ioan-Cosmin MIHAI The Structure of Cyber Attacks...............................................................................................43 Silviu-Elian MITRĂ SECTION IV: BOOKS REVIEWS AND CONFERENCES ANALYSIS The 17th International Conference in Quality and Dependability.......................................53 Ioan C. BACIVAROV Book Review: \"Dependability of Information Systems\".......................................................55 Marin DRĂGULINESCU ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Editorial 2020 - New Challenges, New Approaches. A New (Re)Start? Gabriel PETRICĂ Faculty of ETTI, University POLITEHNICA of Bucharest, Romania According to the DIKW pyramid 1 , information is the basis of knowledge, and knowledge brings wisdom, but also economic development, financial prosperity, power, and influence. Information is in everything around us; it becomes of vital importance not only for the user himself, but also for the entities to which he belongs (LANs, companies, etc.) and for the devices with which he interacts. In order to not be used for destructive purposes, against users or the components of the surrounding ecosystem (equipment, policies, documents), the information must have adequate protection, both at software and hardware level. The permanent assurance of the three requirements - confidentiality, integrity and availability - which according to ISO / IEC 27000 are fundamental objectives of information security, are considered the true foundation against current cyber-attacks. The concept of security has a broad definition and multiple areas of applicability. Security is closely related to information because the security involves keeping data / objects safe, intact. As the amount of information increases and the techniques for accessing it become more varied, new more risks arise, for which control and protection methods must be developed. Cyber security is a dynamic field, with permanent challenges, being considered in the Global Risk Report of the World Economic Forum as the most important aspect in 2020 from technological point of view2. But the main factor in ensuring security, both at data, computer and network level, remains the human factor. No matter how advanced a security system is, it can always be combated by the human factor through an optimal combination of creativity and intelligence. Introduced in 2015 by Klaus Schwab, Founder and Executive Chairman of the World Economic Forum, the term “Fourth Industrial Revolution” (4IR) refers to technologies that combine hardware, software, and biology (cyber-physical systems) based on advances in telecommunications and connectivity. The need to process a large amounts of data has led to an evolution of digital technologies and the emergence of modern mechanisms in areas such as robotics, artificial intelligence, nanotechnology, quantum computing, biotechnology, IoT (Internet of Things), IIoT (Industrial IoT), decentralized 1 J. Rowley, The wisdom hierarchy: representations of the DIKW hierarchy, Journal of Information Science, 33, 2007, pp.163-180. 2 World Economic Forum, The Global Risks Report 2020, http://www3.weforum.org. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 consensus technologies (blockchain), wireless technologies and 5G networks, 3D printing, fully autonomous vehicles, cloud computing services, big data analysis and processing using artificial intelligence. The objectives to which the current information society is heading are represented by the storage and data processing in cloud, but also by the accelerated development of the IoT concept. The main security issues related to cloud computing are poor access management, security breaches, data loss, unsecured APIs (Application Program Interface) and DoS (Denial of Service) attacks. As the number of IoT devices connected to the Internet increases (estimated to reach 21.5 billion by 20253), so does the amount and variety of digital assets that are stored, processed and shared by organizations. At the same time, IoT amplifies the potential surface of cyber-attacks, as we find IoT devices in various gadgets, cars, smart homes and cities, or industrial equipment. Classic phishing, scamming or social engineering attacks launched via e-mail or Web will continue to exist, but new hardware / software technologies, which come with high, updated performances, also bring specific vulnerabilities, which developers and specialists will have to address. 4IR-specific technologies, through their development requirements such as increased security, minimizing response latency, large amounts of transmitted / received data and increased bandwidth, will consistently reshape economies and societies. However, these technologies are not only seen from the perspective of technological progress but have the leading role of orienting towards changing the way different related products and services are designed, produced and marketed, as well as the way a number of benefits are obtained from these. For a prompt and optimal use of these digital opportunities, the European Commission proposed in 2015 an ambitious strategy: to establish a digital, free and secure single market. This will ensure the long-term competitiveness of the European continent, which will have implications for the general well-being and ensure faster economic growth in the digital management sector. On 9 June 2020, the Council adopted conclusions addressing a wide range of issues related to the implementation of the EU's digital strategy. Areas covered by the findings include connectivity, data economy, artificial intelligence, and digital platforms4. In order to benefit from the advantages of the digital single market, there is a need to continuously improve the quality and security of IT systems and mobile communications equipment. Investments in these two directions, together with increasing the level of digital skills of users, must be permanently supported, representing the key to ensuring a real progress and achieving high competitiveness. The first part of 2020 brought a new global challenge - the coronavirus pandemic - and radical changes in approaches at all levels of activity (health, education, tourism, business, etc.) and in human behavior. The complex situation of the moment has already highlighted the impact and role of digital technologies in combating the pandemic. We will see whether 2020 can be considered a reference year in the evolution of the human species, a (re)start to which modern technologies will contribute substantially to the recovery of societies following the crisis caused by COVID-19. 3 Statista, Internet of Things (IoT) - Statistics & Facts, https://www.statista.com/topics/2637/ internet-of-things/ 4 https://www.consilium.europa.eu/ro/policies/digital-single-market/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Vulnerabilities of Information Systems Ovidiu-Vasile BRUMĂ Faculty of ETTI, University POLITEHNICA of Bucharest, Romania [email protected] Abstract Vulnerability of Information Systems is a major concern these days in all spheres of financial, government and even private sectors. There have been limited attempts in addressing the people who use the computers though they are the greatest loophole in information systems security. Even though most of the organizations have realized the value of information and the part it plays in the success of the business, yet only a few take adequate measures in ensuring the security of their information, preventing unauthorized access, securing data from intrusion and unapproved disclosures etc. This paper examines and addresses the threats end-users pose to systems security and provides solutions for two of the most dangerous vulnerabilities: Buffer Overflow, SQL Injection. Index terms: information systems, vulnerabilities, cyber security References: [1]. M. Rouse, \"TechTarget,\" [Online]. Available: https://whatis.techtarget.com/ definition/vulnerability. [Accessed 30 November 2019]. [2]. S. Mohanty, \"DZone,\" [Online]. Available: https://dzone.com/articles/5-impor tant-software-vulnerability-and-attacks-tha. [Accessed 05 December 2019]. [3]. Veracode, \"WHAT IS A BUFFER OVERFLOW?,\" [Online]. Available: https://www.veracode.com/security/buffer-overflow. [Accessed 05 December 2019]. [4]. MITRE, CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), [Online]. Available: https://cwe.mitre.org/data/ definitions/89.html. [Accessed 30 November 2019]. [5]. Portswigger. [Online]. Available: https://portswigger.net/web-security/sql- injection. [Accessed 06 December 2019]. [6]. P. Rubens, [Online]. Available: https://www.esecurityplanet.com/threats/how- to-prevent-sql-injection-attacks.html. [Accessed 06 December 2019]. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.01 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Research on Security Challenges Regarding Online School Education Nela-Daniela IONAȘC \"Principele Radu\" Grade School, Adjud, Romania [email protected] Abstract The pandemic crisis brought to surface the poignant scarcity of safe and secure use of online environment and knowledge about e-learning tools, especially in impoverished areas, resulting in an inadequate diminished evolution path of pupils and hastening the school dropout phenomenon. This paper is tailored for parents and teachers and aims to contribute to social digital development by raising awareness based on author’s expertise regarding cyber-hygiene, online tool opportunities in the educational process, cyberbullying and other vulnerabilities prompted by virtual interaction. Index terms: Online learning, Security challenges for education, Safe and secure ecosystem for pupils, Online interaction awareness References: [1]. World Economic Forum, Boston Consulting Group, www.weforum.org/agenda/archive/covid-19. [2]. Eurostat Data Browser, General government expenditure by function, https://ec.europa.eu/eurostat/databrowser/view/gov_10a_exp/. [3]. Status report of pre-university education in Romania, 2018. [4]. Periodic public reports, https://edu.ro/rapoarte-publice-periodice/. [5]. Population access to technology and telecommunication, https://insse.ro/cms/sites/default/files/field/publicatii/accesul_populatiei_la_tehno logia_informatiei_si_comunicatiilor_romania_2020.pdf. [6]. PurpleSec Cyber Security Statistics, https://purplesec.us/resources/cyber-security- statistics/. [7]. State of vulnerabilities 2018-2019. Analysis of Events in the life of Vulnerabilities, ENISA, December 2019. [8]. Kaspersky security research platform, www.securelist.com. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.02 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Social Networking Security George-Daniel DUMITRU \"Alexandru Ioan Cuza\" Police Academy, Bucharest, Romania [email protected] Abstract Information protection is very essential these days to anyone using a pc or to any company that employs computers and networking in their day to day operations. That is almost everyone. Information protection need to be at the forefront of everyone’s thinking in view that so a lot of our personal information is out there on the Internet. On this paper, the thinking of protection and privateness in social media, or social networking can be mentioned. First, a short history and the notion of social networking will be introduced. Many of the safety dangers related with the use of social media are presented. Also, the trouble of privateness and how it relates to security are described. Index terms: security, information security, social networking References: Scientific articles, books or specialty studies: [1]. Susan Barnes, A privacy paradox: Social networking in the United States, First Monday, 2006, available online: https://journals.uic.edu/ojs/index.php/fm/article/ view/1394/1312. [2]. Abhishek Kumar, Subham Kumar Gupta, et al., Social Networking Sites and Their Security Issues, International Journal of Scientific and Research Publications, Volume 3, Issue 4, 2013, available online: http://www.ijsrp.org/research-paper- 0413/ijsrp-p1666.pdf. [3]. Vladlena, B., Saridakis, G, et al., The role of security notices and online consumer behaviour: An empirical study of social networking users, International Journal Of Human - Computer Studies, 2015, available online: https://e-space.mmu.ac.uk/ 603608/1/IHCS_Manuscript%20Final%20060215_proofread.pdf. Internet sources (sites or web pages): [1]. Josh Fruhlinger, What is phishing? How this cyber attack works and how to prevent it, CSO Online, 2020, available online: https://www.csoonline.com/article/ 2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent- it.html. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.03 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 The Phenomenon of Cyber Crime Ioana-Lucia PANDELICĂ Faculty of ETTI, University POLITEHNICA of Bucharest, Romania [email protected] Abstract With the rapid growth of computer and network systems in recent years, there has also been a corresponding increase in cyber-crime. Cyber crime takes many forms and has garnered much attention in the media, making information security a more urgent and important priority. With the advances in information technology (IT) criminals are using cyberspace to commit numerous cyber crimes. Cyber infrastructures are highly vulnerable to intrusions and other threats. Physical devices and human intervention are not sufficient for monitoring and protection of these infrastructures. Index terms: cyber attacks, cyber crimes, impact References: [1]. Hemraj Saini, Yerra Shankar Rao, T.C.Panda, Cyber-Crimes and their Impacts: A Review, International Journalof Engineering Research and Applications, Vol. 2, Issue 2, Mar-Apr 2012, pp. 202-209. [2]. Ajeet Singh Poonia, Awadesh Bhardwaj, G.S. Dangayach, Cyber Crime: Practices and Policies for Its Prevention, Special No. of the International Journal of the Computer, the Internet and Management, vol. 19, 2011. [3]. S. Gordon, On the definition and classification of cybercrime, Journal in Computer Virology, vol. 2. [4]. S. Dilek, H. Çakır, M. Aydın, Applications of Artificial Intelligence Techniques to Comating Cyber Crimes: A review, International Journal of Artificial Intelligence & Applications, vol. 6, 2015. [5]. Dictionary.com, https://www.dictionary.com/browse/cybercrime, [Online]. [Accessed 07 12 2019]. [6]. B. S. Fisher, Encyclopedia of Victimology and Crime Prevention, 2010. [7]. S. W. Brenner, Cybercrime: Criminal Threats from Cyberspace, 2010. [8]. M. Bowen, http://www.guru.net/, [Online]. [Accessed 07 12 2019]. [9]. Security Overviews, Oracle, [Online]. Available: http://docs.oracle.com/cd/ B13789_01/ network.101/b10777/overview.htm. [10]. SANS Technology Institute, Security Predictions 2012 & 2013 -The Emerging Security Threa, [Online]. Available: https://www.sans.edu/cyber-research. [11]. L.A. Gordon, M.P. Loeb, T. Sohail, A Framework for Using Insurance for Cyber- Risk Management, 2003. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.04 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 [12]. Sumanjit Das, Tapaswini Nayak, Impact of Cyber Crimes: Issues and Challenges, [13]. International Journal of Engineering Sciences & Emerging Technologies, vol. 6, no. 2, 2013. I.C. Mihai, C. Ciuchi, G. Petrică, Current challanges in the field of cybersecurity - the impact and Romania's contribution to the field, Sitech, 2018, ISBN 978-606- 11-6575-9. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.04 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Cyber Attacks Against E-Learning Platforms. A Case Study Using Attack Trees Gabriel PETRICĂ1, Ioan-Cosmin MIHAI2 1 EUROQUALROM - ETTI, University “Politehnica” of Bucharest, Romania [email protected] 2 “Al. I. Cuza” Police Academy, Bucharest, Romania [email protected] Abstract The global context of the first part of 2020 has led to a change in the way humanity has carried out its professional and educational activity. E-learning platforms have become an interesting target for cyber attackers. This paper presents the evolution of Moodle vulnerabilities and a possible AT (Attack Tree) built around this e-learning platform. The AT highlights software vulnerabilities and physical events that can compromise the security / availability of a Moodle platform. Index terms: e-learning, Moodle, software vulnerabilities, Attack Tree References: [1]. Marsh, The Global Risks Report 2020, https://www.marsh.com/content/dam/ marsh/Documents/PDF/UK-en/wef-global-risks-report-2020.pdf. [2]. World Economic Forum, The Global Risks Report 2020, Available: https://www. mmc.com/insights/publications/2020/Jan/the-global-risks-report-2020.html. [3]. O. Santos, End-to-End Network Security: Defense-in-Depth 1st Edition, Cisco Press, 2007, ISBN 978-1587053320. [4]. Defense in Depth, Network Access, 2015, Available: https://www.networkaccess. com/defense-in-depth/. [5]. G. Petrică, I.C. Mihai, An analysis on security of e-learning platforms in Romanian higher education, Proceedings of the 14th International Scientific Conference \"eLearning and Software for Education\" Bucharest, April 19-20, 2018, Vol. 4, pp. 60-65, ISSN 2360-2198, WOS: 000468620000009. [6]. M. Dougiamas, Improving the effectiveness of tools for Internet based education, Teaching and Learning Forum 2000, Available: https://litec.curtin.edu.au/events/ conferences/tlf/tlf2000/dougiamas.html. [7]. Releases - MoodleDocs, Available: https://docs.moodle.org/dev/Releases. [8]. C.T. Duque, Moodle Reaches 200 Million Users - Moodle 3.9, 4.0 Readying For The Next 200, 2020, Available: https://www.lmspulse.com/2020/moodle-reaches- 200-million-users-moodle-3-9-4-0-readying-for-the-next-200/. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 [9]. G. Petrică, S.D. Axinte, A comparative study on security of e-learning platforms in the Romanian academic field, Considerations on challenges and future directions in cybersecurity, Sitech, 2019, pp. 19-26, ISBN 978-606-11-7004-3. [10]. NVD - Statistics, Available: https://nvd.nist.gov/vuln/search/statistics?form_type= Basic&results_type=statistics&query=moodle&search_type=all. [11]. CVE security vulnerabilities, versions and detailed reports, Available: https:// www.cvedetails.com/product/3590/?q=Moodle. [12]. S. Mauw, M. Oostdijk, Foundations of Attack Trees, ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology, Seoul, Korea, December 01 - 02, 2005, pp. 186-198, doi: 10.1007/11734727_17. [13]. P. Kordy, P. Schweitzer, The ADTool Manual, 2015, https://satoss.uni.lu/ members/piotr/adtool/manual.pdf. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 The Structure of Cyber Attacks Silviu-Elian MITRĂ \"Alexandru Ioan Cuza\" Police Academy, Bucharest, Romania [email protected] Abstract The objective of this portfolio is to ensure a good understanding of the topic of the complex and unique mode of action of cyber attacks, as well as the study of the ways in which they occur. The content of this portfolio includes from the beginning of computer viruses to the specific modern mechanisms of cyber attack undertaken by cybercriminals in order to cause detriment, but also theft or damage to certain information. Furthermore, this paper also provides essential aspects regarding the protection methods that users must undertake so that they can prevent and at the same time face these dangers specific to our age. In the elaboration of this study, there were used both personal methods, by applying my own knowledge accumulated through the study, and accessing external sources containing information necessary to complete the insufficiently analyzed problems. In essence, the elaboration of this study ensured the coverage of all relevant domains and aspects that are based on the structure and conception of cyber attacks, as well as in the manner provided by their action and manifestation. Index terms: cybercrime, Trojan, cyber attack, hacker, information References: [1]. Comodo Antivirus, What is a Computer Virus and its Types, https://antivirus. comodo.com/blog/computer-safety/what-is-virus-and-its-definition/. [2]. CISCO, What Is Cybersecurity?, https://www.cisco.com/c/en/us/products/ security/what-is-cybersecurity.html. [3]. Criminalitatea informatică - Platformă de prevenire a criminalității informatice, https://www.criminalitatea-informatica.ro/. [4]. CISCO, What Is Network Security?, https://www.cisco.com/c/en/us/products/ security/what-is-network-security.html#~types. ISSN: 2285-9225 DOI: 10.19107/IJISC.2020.01.06 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 The 17th International Conference in Quality and Dependability Prof. Ioan C. BACIVAROV, PhD President - Romanian Association for Information Security Assurance The International Conferences in Quality and Dependability - CCF are traditionally organized by the Romanian Society for Quality Assurance (SRAC), under the aegis of several national and international scientific and managerial organizations in the field (including IEEE and EFQM). Over the 35 years since they were organized, the CCF conferences have gained international notoriety, becoming a traditional forum of debate for specialists in the field. In the scientific literature, the CCF is listed as the third longest-lived international conference in the world in the field of quality and reliability, after the RAMS conferences (Reliability, Availability, Maintainability and Safety) in the U.S.A. and the LambdaMiu conferences in France. The 17th edition - CCF 2020 - remains consistent with its predecessors, having as main objective of being a forum for the dissemination of scientific results and the latest information on this modern field that represents quality and dependability. The 17th International Conference in Quality and Dependability - CCF2020 was scheduled to take place - according to the bi-annual periodicity set - in mid-September 2020 in Sinaia, Romania. The coronavirus pandemic that has shaken the world, including the scientific one, forced the organizers to postpone the event until mid-September 2021, when it is hoped that conditions will allow the event to take place face-to-face. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Although many other international conferences preferred to be held online, in the new conditions related to the pandemic, the CCF 2020 organizers preferred to postpone the event for a year, to encourage direct debates and meetings between Romanian and foreign participants, the only ones that can bring a real plus-value for participants*. The International Conferences in Quality and Dependability - CCF are now a well-established brand of excellence among the international scientific meetings in the inter-disciplinary field of quality and dependability (reliability, maintainability, safety/security a.o.). Quality and dependability have become today undeniable strengths contributing to the development of companies, small businesses, or large multinational groups. Their application in different organizations must be the result of research and partnership among industry, academia, and business. International scientific meetings, such as CCF conference is, can contribute to the dialogue between the main actors of the quality and dependability world, mentioned in a recent message Professor Ioan Bacivarov, the Scientific Chairman of the CCF conferences. The traditional participants in the CCF conferences from Romania and abroad are again expected in the hospitable mountain resort of Sinaia in September 2021, to continue the debates on the achievements and future of a topical and important field, within CCF2021. * More information concerning the International Conferences in Quality and Dependability - CCF are available on the site http://ccf-quality-conference.com/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Book Review: “Dependability of Information Systems” Prof. Marin DRĂGULINESCU*, PhD Faculty of Electronics, Telecommunications and Information Technology, University Politehnica of Bucharest, Romania The monograph “Dependability of information systems” (“Dependabilitatea sistemelor informatice” - in Romanian) has been developed around the complex concept of dependability, a fundamental property which represents the ability of any system (an information system in or research) to provide a service that can reasonably be considered trustworthy. G. Petrică, S.D. Axinte, I.C. Bacivarov, Dependabilitatea sistemelor informatice, MATRIX ROM, Bucharest, 2019, ISBN: 978-606-25-0529-5 The results included in this book are part of a series of extensive research in the field of dependability of complex systems of high functional responsibility, in general, and the dependability of information systems, in particular, carried out in recent decades in the EUROQUALROM Laboratory of the Department of Electronic Technology and * Professor Marin DRĂGULINESCU, PhD, is Professor Emeritus within Electronic Technology and Reliability Department, Faculty of Electronics, Telecommunications and Information Technology, University Politehnica of Bucharest, Romania. With a career in academic education and research of over 50 years, he was Dean of ETTI - UPB from 1990 to 2004 and Vice-Rector of UPB from 2004 to 2008. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Reliability from the Faculty of Electronics, Telecommunications and Information Technology (ETTI), University “Politehnica” of Bucharest (UPB). This book is a complex and valuable approach to a concept of dependability (viewed in synergy with its components - reliability, security, survivability, a.o..), an important keyword at present in the field of scientific research both nationally, as well as internationally. The topic of the book is of interest in the context in which computer systems currently present the essential tools in carrying out the activity of any entity, and ensuring information attributes such as security, availability and confidentiality are key objectives in the ICT society that governs us. In the first part of the book the authors make a detailed analysis of the basic concepts related to computer systems, respectively dependability; they present methods for analyzing dependability, emphasizing issues related to reliability, survivability, and performance of computer applications. The authors mention that the threats to the dependability of an information system are faults, failures, and errors. To ensure fault tolerance, the hardware and/or software components of the system are supplemented; this operation will maintain system functions when a fault occurs by masking the failures that occur or by detecting faults and properly reconfiguring the system. The six key attributes of dependability are reliability, safety, maintainability, confidentiality, integrity, and availability. To analyze the reliability of information systems, the authors present methods, such as: FMEA (Failure Mode and Effects Analysis), the Cause-Effect diagram and the Fault Trees Analysis, for each one being performed case studies. This book presents methods to ensure security of information at several levels, not just physical, buy also at logical one, in computer systems, LANs, and online applications. The theft of electronic information (personal data, passwords, or financial information), spying online activity (accessed Web addresses, sent or received e-mails, physical location tracking) or identity spoofing are current criminal activities and challenges. Analysis of threats against information systems’ security and proposing countermeasures can be achieved by Attack-Defense Trees (ADT), a methodology used by both system designers and IT security specialists that provides a graphical analysis of how a target (a computer system, an organization, etc.) can be attacked (an objective can be achieved by a potential threat) and indicates the measures taken by the defender to prevent the attacker from achieving that goal. “Defense in depth” and “Defense in breadth” are two defense techniques used for securing information systems. In a comparative presentation of the two defense models, the authors highlighted the advantages and characteristics of each one. Simultaneous application of both defense models is the optimal measure for the full security of an organization's network, but the choice of best protection techniques should be made after a complex analysis and identification of network critical elements, mention the authors. A separate subchapter of this book is devoted to the analysis of cyber security in Romania: the evolution, structure, and success of cyber-attacks at national level are closely related to both the user's profile on the Internet and his degree of information on threats and how hardware solutions / software, but also legislative, are implemented at national level. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 In the last part of the book, the authors analyzed the security of Web applications starting from general software vulnerabilities and ending with the presentation of specific security elements for two popular classes of Web applications: CMS systems and e-learning platforms. This book also proposes solutions for securing and optimizing WordPress-based Web applications and identifies ways to improve cybersecurity at the national level. The monograph “Dependability of information systems” is elaborated by two young specialists in the field, Gabriel Petrică, PhD, IT Manager of the EUROQUALROM Laboratory (ETTI - UPB) and Sabina-Daniela Axinte, PhD candidate, tech-lead and expert in quality assurance of computer systems / applications, together with Professor Ioan C. Bacivarov, PhD, a pioneer of research in Romania in the field of the dependability of highly functional systems in general, and the reliability of telecommunications systems, in particular, the field in which he elaborated the first Romanian doctoral thesis, four decades ago. In fact, as stated in recent international scientific meetings, we can speak of a real “Romanian school” in the field of dependability, appreciated at European level, to the foundation and development of which Professor Ioan C. Bacivarov contributed essentially. These contributions have materialized through the university and postgraduate educational programs and projects developed by Professor Bacivarov in the last four decades, through the numerous doctoral theses he has supervised in the field (of which 5 in co-tutoring with universities in France), as well as through the four scientific journals in the field of quality and dependability he founded and coordinated and in which valuable articles were published by Romanian researchers, together with renowned specialists from abroad. And judging by the quality and contributions of young specialists who have graduated in recent years, the future of this field seems assured in Romania. The analyzed monograph is addressed especially to researchers in the field of ICT, as well as to students, Master’s, and doctoral students from the faculties of automation, electronics, telecommunications, and information technology. It is of real theoretical and practical utility for all specialists interested in the reliability and security of information systems. In conclusion, we are in front of a valuable work, dedicated to a modern and dynamic field, written by recognized specialists in the field of reliability and security of information systems. Consequently, I highly recommend this book, which is among the best ones in its category. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 PARTNERS IJISC publishes high quality articles and delivers this research to the widest possible audience. We achieve this by working closely with our partners and authors in order to provide publishing services that support their research needs. We would like to thank the following partners for their commitment to our mission and their ongoing support of IJISC - International Journal of Information Security and Cybercrime. RedHost Web hosting solutions Website: www.redhost.ro MicoStyle Web design & development Website: www.micostyle.ro Crossref Not-for-profit organization for scholarly publishing Website: www.crossref.org Plagiat System for preventing plagiarism Website: www.sistemantiplagiat.ro Sitech Publishing & printing house Website: www.sitech.ro ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 REDHOST WEBHOSTING, RESELLER AND DOMAIN REGISTRATION Reasons to choose RedHost (the simple facts): ✓ More than 11 years of activity; ✓ 100% SSD hosting; ✓ 99.9% guarantee uptime; ✓ Free domains on customer's name; ✓ R1Soft backups; ✓ Unlimited traffic; ✓ LiteSpeed Web Server; ✓ Dedicated IPs (with most packages); ✓ 30 days refund guarantee. RedHost's core business consists of shared webhosting, domain registration and additional services such as reseller hosting and SSL certificates. RedHost has also years of activity in the VPS market where we offer two different products: ✓ KVM VPS – a full virtualization platform which means that the resources are fully committed; ✓ OpenVZ VPS – a paravirtualization platform which means the resources are partially shared with other customers on the same physical node. RedHost also offer dedicated servers and collocations services. Euroweb LTD Gradina Veche, 88, Galati, Romania www.redhost.ro, [email protected] ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 REDHOST WEBHOSTING, RESELLER AND DOMAIN REGISTRATION Another reasons to choose RedHost (the not so simple facts) At RedHost we believe that our main strength is related to the way we get involved when bad things happen to our customers. For instance sometimes a website can get compromised. In most cases this will happen due to very poor administrator login data (this is a particularly large attack vector), outdated CMS (for instance Magento is believed to be outdated in a shocking 97% of cases) and theirs plugins and modules (for instance the Revslider plugin is still causing problems more than 2 years after the vulnerability discovery). When such a vulnerability gets used by an attacker bad things will happen like spam (or even worse like virus spam or phishing spam) that gets sent from the customer's account by the attacker using scripts injected after the breach). In such cases we have to take measures. Most hosting services will simply suspend the account and leave the customer deal with the problem. The big problem is that the customer (and in most cases the webmaster) is not in a good position to correctly identify the underlying problem. In most cases the customer (or the webmaster) will try to remove the effects of the problem. At best, the customer will make some assumptions about what led to the problem but, as we know, the assumption is (in most cases) mother to all...troubles. At RedHost we rarely assume anything except maybe just to start somewhere and only if we can prove the assumption right or wrong. We are glad to say that in most cases, due to careful investigations we are able not only to isolate the actual problem but in a lot of cases we are able to reactivate the customer's site even without the webmaster's involvement (though this is not a normal service for a webhoster and the webmaster should get involved afterwards) or at least to give the customer precise feedback about what must be done to properly solve the problem. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 WWW.SISTEMANTIPLAGIAT.RO THE PROBLEM – PLAGIARISM IN HIGHER EDUCATION Although plagiarism is not a new phenomenon, never before was it so easy to be done. Increased availability of knowledge resources becomes not only a convenience, but also a temptation to write papers, essays, theses and dissertations with the so-called copy-paste method. Moreover, the Internet provides access to ghost writers, who offer writing theses and dissertations for money. These are often also not original works of the paid author, but the compilations of texts of others. At the same time, educators are not always able to carefully verify each and every submitted paper. The problem is global and it cannot be underestimated, as it endangers the quality of education. What is needed is a tool detecting plagiarism in submitted papers and a procedure that guarantees transparency. To help institutions from Romania, Sistemantiplagiat.ro service was created, which is now used by 38 universities from Romania and other types of institutions. THE SOLUTION – SISTEMANTIPLAGIAT.RO Sistemantiplagiat.ro is constantly improved to ensure the best service for our customers. Our company is the leader in the market of anti-plagiarism services from Romania and Poland, our solution being used in over 280 of universities, including in countries such as Germany, the Republic of Moldova, Ukraine, Colombia, Azerbaijan, and Kazakhstan. The user interface of Sistemantiplagiat.ro is available in Romanian, English and Russian languages. The software verifies the originality of texts written in many more languages. The purpose of the technical assistance is the successful implementation of the anti-plagiarism procedures in higher education institutions. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 THE INTERNET ANTIPLAGIARISM SYSTEM IS: ➢ Intuitive – You can upload the document for verification in a few simple steps; ➢ Fast – Results of the antiplagiarism analysis are available in less than 24 hours; ➢ Flexible – It’s adaptable to client’s needs and integrated with LMS. HOW DOES IT WORK The antiplagiarism system can be integrated with an existing LMS system or accessed via website, while the customer can choose the number of user and administrative accounts. Their settings are easily customized. Depending on the needs of a particular institution, the system allows additional functionalities. THE SIMILARITY REPORT The similarity report evaluation facilitates the analysis of the text originality; determines to what extent has been compiled or copied the document; indicates the number of fragments borrowed. The similarity report contains: ➢ Two Similarity Coefficients which indicates the percentage of the analyzed document identical to the identified sources; ➢ A list of sources of fragments marked as copied; ➢ The full text of the analyzed document. Fragments recognized as identical are visibly marked. Information on length and source of the copied text is provided. Highlighting in different colors shows source type. The similarity report is ready after a few hours. The user can be notified of this by an automatically generated e-mail. The intelligible form of the Similarity Report allows quick assessment of the submitted text. Additionally, the similarity report informs about text distortions, which suggest an attempt to conceal unattributed borrowing. To ensure the effectiveness of the verification it is important to combine the software usage with a transparent, simple antiplagiarism procedure. Sistemantiplagiat.ro has the experience in designing procedures and regulations dedicated for Higher Education Institutions and implementing them. Moreover, the company’s specialists provide training and constant user support. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Author Guidelines As an author, you are kindly advised to follow the next instructions. Reading and understanding the requirements before submittal would ensure adherence to IJISC standards and would facilitate acceptance by the scientific reviewers. 1. Papers must be submitted in English, French or Romanian having an even number of pages (maximum 12 pages). At least 50% of the last page should be occupied by text. 2. For papers writing it is recommended the use the text processor Microsoft Word and one of the template models (found on www.ijisc.com/author- guidelines/). We will do the final formatting and all necessary format conversions of your paper. 3. The papers will be submitted using our online interface: www.ijisc.com/ paper-submission/. Please do not send your papers by e-mail! 4. The papers will be reviewed by two scientific reviewers, well-known in their domains of activity. Usually, it takes 1 to 3 months between the moment you finished your submission and a response is given by scientific reviewers. 5. The papers will be send back to the authors for corrections if: 1. The figures, pictures or tables are not contained in the text; 2. The reviewers require modifications or supplementary information. 6. The papers will be rejected if their scientific content is not adequate, if they don’t contain original elements and if they are not properly written in English, French or Romanian. 7. The bibliography must show the authors adequate documentation. At least 7-10 quality references should be cited. Citation standard is IEEE. Please read: www.ieee.org/documents/ieeecitationref.pdf 8. The whole responsibility for the calculation exactitude, experimental data, scientific affirmation and paper translation belongs to the authors. 9. The authors will declare on their own responsibility that the article or parts of it were not published before in others journals. 10. It is mandatory that the authors respect the Copyright Laws. An IJISC Copyright Form will have to accompany your submission. The signed copyright form has to be scanned and uploaded by using the online interface on the website. More information: www.ijisc.com/author-guidelines/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Review Policy The submitted papers are subject of a double blinded peer review process, in order to select for publishing the articles meeting the highest possible standards. IJISC reviewers are experts in the field of information security and cybercrime from academic police structures and university departments. In the reviewing process, the reviewers’ identities are not disclosed to the authors, nor are the authors’ identities disclosed to the reviewers. When a manuscript is submitted to IJISC, it is initially sent to Editorial Board for the primary evaluation in order to determine whether or not the paper fits the scope of the Journal. If the Editorial Board accept it, the paper then enters a blind reviewing process. In the reviewing process, the Editor-in-Chief sends the manuscript to two experts in the field, without the name of authors. The reviewers will consider the following evaluation criteria: • The subject relevancy in the area of the journal topics; • The quality of the scientific content; • The accuracy of data, statistics and facts; • The reasonable conclusions supported by the data; • The correct use of the bibliographic references. After evaluation process, the reviewers must include observations and suggestions for papers improvement that are sent to the authors, without the names of the reviewers. Referees’ evaluations usually include an explicit recommendation of what to do with the paper. Most recommendations are along the lines of the following: • To accept it; • To accept it in the event that its authors improve it in certain ways; • To reject it, but encourage revision and invite resubmission; • To reject it. If the decisions of the two reviewers are not the same (accept/reject), the paper is sent to a third reviewer. If the suggestions of reviewers for improving the paper are rejected by the author, the chief editor invites the author to reply to reviewers with the respect of anonymity. Observing the dialog, the chief editor may send the paper to additional reviewers. The final decision for publication is done by the Editor-in-Chief based on the examination of reviewers and the scope of the Journal. The Editor-in-Chief is responsible for the quality and selection of manuscripts chosen to be published and the authors are always responsible for the content of each article. More information: www.ijisc.com/review-policy/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 Romanian Association for Information Security Assurance RAISA - Romanian Association for Information Security Assurance is a professional, non-governmental, non-partisan political, nonprofit and public benefit association. RAISA AIM The aim of Romanian Association for Information Security Assurance is promoting and supporting information security activities in compliance with applicable laws. RAISA VISION The vision of the Association is to promote research and education in information security field and to contribute to the creation and dissemination of knowledge and technology in this domain. RAISA has a strong representation at the national level, bringing together professors and researchers from top universities and Romanian institutions, PhD, Master’s and license students, as well as companies in the IT segment. RAISA OBJECTIVES To achieve the stated purpose, Romanian Association for Information Security Assurance proposes the following objectives: • Collaboration with the academic community from Romania or abroad in order to organize conferences, scientific seminars and workshops for presenting the development and implementation of effective measures to improve information security; • Collaboration with research centers, associations and companies from Romania or abroad, to organize informative events in information technology security field; • To perform specific programs for education and training of personnel involved in electronic information management (data processing, storage, security); • To ensure the dissemination of notice relating to existing vulnerabilities and nationally and internationally newly identified threats; to provide solutions for data restoration and policies to prevent and combat incidents based on the information provided by suppliers of software solutions; • To publish scientific journals for university staff, PhD students or Master's students, researchers, students and other professional categories in the field of information security and cybercrime; • To grant awards, scholarships or sponsorships to people with outstanding merits in the field of information security. Website: www.raisa.org ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 9 Issue 1/2020 RAISA Members Benefits RAISA MEMBERS Romanian Association for Information Security Assurance is an organization that consists of: • Founding members - are individuals who have participated in the founding process of the Association, have agreed with the Statute of the Association at the date of establishment and are parts of the members’ category, with all their rights. The founding members pay annual membership fee and have the right to deliberative vote during the General Assembly. • Members - are individuals who have joined the Association after the date of esta- blishment. The members pay annual membership fee and have all the rights, respecting the obligations stipulated in Statute of the Association. They have the right to deliberative vote during the General Assembly. • Honorary Members - can be scientists, professors, cultural or religious perso- nalities, valuable professionals, who have rendered outstanding services to the Association. They are exempted from contributions and their vote is advisory. • Collaborators/Volunteers - anyone who wants to participate in Association acti- vities without becoming a member. Their collaborations are on no-cost basis; they don't pay a membership fee and don't have the right to vote. RAISA MEMBERSHIP BENEFITS: • Free access to RAISA scientific events; • Discount to workshops and conferences organized by RAISA; • Discount for professional courses promoted by RAISA on e-learning platform www.cpf.ro; • Possibility to be involved in RAISA projects, support offered for research and development; • Free access to IJISC full-text articles: www.ijisc.com; • 10% discount for books sold by RAISA; • Free subscription to latest news in information security field on RAISA official channel: www.securitatea-informatiilor.ro; • Free subscription to latest news in cybercrime filed on RAISA official channel: www.criminalitatea-informatica.ro; • Member name listing on RAISA website. Get the most from your membership! www.raisa.org/members/ ISSN: 2285-9225 WWW.IJISC.COM
Search
Read the Text Version
- 1 - 31
Pages:
