ARIS2 - Advanced Research on Information Systems Security 2023-02-27T20:17:24+00:00 Prof. Dr. Nuno Mateus-Coelho Open Journal Systems <p>Welcome, colleague.</p> <p>The <em><strong>ARIS<sup>2</sup> - Advanced Research on Information Systems Security, an</strong></em><em><strong> International Journal,</strong> </em>focuses on the original research and practice-driven applications with relevance to Information Security and Data Protection, published by <strong>LAPI2S- Laboratory of Privacy and Information Systems Security </strong>and based in Porto, Portugal, and edited by Prof. Dr. Nuno Mateus-Coelho, and supported by COPLEABS - Universidade Lusófona.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view of modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions.</p> <p>Submitted articles are published immediately after the process of submission, review, and camera ready. All articles are included in editions, and these are published biannually in a volume.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.</p> <p>We have the pleasure of extending a warm welcome to everyone planning to submit to <strong>ARIS<sup>2</sup> – Advanced Research on Information Systems Security.</strong></p> <p><strong>Online ISSN: 2795-4560</strong></p> <p><strong>Print ISSN: </strong><strong>2795-4609</strong></p> <p>Best Regards,</p> <p>Editorial Team</p> Post-Quantum Cryptography 2023-01-12T17:18:12+00:00 Jose Pinto <p><span style="font-size: small;">Cryptography is used broadly in the digital age, making our communications secure, ensuring our data is safe, and enabling secure transactions on which we rely daily. Our reality is connected, we send an email without thinking about all the underlying protocols, we buy online, and we check the weather on our fridge. Utilizations are countless and so is our exposure. Cryptographic systems keep us safe, a shield for our privacy and our fundamental rights. However, we have arrived at the dawn of a new age, the quantum computing era. Seen for a long as a theoretical emanation of quantum mechanics it gives the first baby steps in the real world, making the world as we know it less safe and more dangerous. Post-quantum cryptography is the paladin that is coming to the rescue but will it be up to the challenge of keeping our world safe. </span></p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 José Pinto (In)Security in Wi-Fi networks: a systematic review 2023-01-12T17:18:09+00:00 Diogo Faíscas <p>Everyone wants to be connected to the internet at every second of their lives. Due to the ease and speed of access, Wi-Fi networks are the main internet connection point of users. The amount and coverage of Wi-Fi networks multiplies each passing day, as all the countries are now trying to give free Wi-Fi at public places. If we search for available networks anywhere with our phone, there will be very few places where there are not at least one or two networks available. In this paper we will do a systematic review of papers and literature indexed in Google Scholar; Research Gate or IEEE and on reliable webpages like Cisco, that analyze the risk to which Wi-Fi networks are exposed and why these networks are insecure. We will specially investigate the most used wireless security protocols like WEP; WPA; WPA2 or WPA3.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Diogo Faíscas Can machine learning be used to detect malware? 2023-01-12T17:18:06+00:00 Andre Lima <p>Nowadays everyone has one or even more than one smartphone or tablet. The existing applications with the most diverse purposes allow us to perform a series of tasks such as using home banking or checking the email, using only our smartphone/tablet. Android OS being one of the most used in this type of equipment becomes an appealing target for viruses, malware and others. At a time when technology is evolving faster and faster, both in terms of hardware and software, Artificial Intelligence has more and more weight in technological evolution, being used in the most diverse purposes. This review aims to demonstrate how Machine Learning can assist in identifying vulnerabilities in Android OS.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Andre Lima Steganography and Computer Forensics - the art of hiding information: a systematic review 2023-01-12T17:18:03+00:00 Claudia Sofia Fernandes <p><em>T</em>his paper focuses on<em> the study of steganoprahy as an anti-forensic method. </em>The purpose of steganography techniques is to hide information<em> from individuals unrelated to its content. &nbsp;</em>Through a systematic review, the objectives of this article are:<em> (I</em>) <em>e</em>xplore and investigate the importance of steganography in computer forensics<em>; (II</em>) <em>u</em>nderstand and analyze the methodology used to hide information in a file<em> and (III) u</em>nderstand and analyze the methodology used to extract the information.<em> The results summarize the previous</em> research<em> on this topics and we conclude the article with a warning to</em> <em>develpop more studies regarding this thematic as well as and </em><em>make the security forces aware of this type of digital evidence and, in the same way that the methodology is being developed, the stegananalysis must also seek, at least, to reach the same technological level</em></p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Claudia Sofia Fernandes Web 3.0 and Cybersecurity – Short Paper 2023-01-12T17:18:01+00:00 Sónia Silva <p>The Web 3.0 ecosystem is growing exponentially, which also adds to the cybersecurity concerns it imposes. There is a continuous shift in the Internet architecture, from a read/write model to a newer model known as Web 3.0. Global companies are exploring web 3.0 opportunities in their business processes. Along with opportunities, Web 3.0 poses several cybersecurity risks to organizations that need to detect and mitigate efficiently. Data breaches, computer attacks, and social engineering defined the cybersecurity risk landscape of Web 2.0. This work aims to identify solutions to the problem between the evolution of web 3.0 and companies to evolve their infrastructures promptly to ensure the privacy and security of their data.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Sónia Silva Predicting Cybersecurity Risk - A Methodology for Assessments 2023-01-12T23:42:40+00:00 Daniel Jorge Ferreira Henrique São Mamede <p>Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.<br />However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.<br />There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Daniel Jorge Ferreira, Henrique São Mamede Case study to identify vulnerabilities in applications developed for the Android 2023-02-27T20:17:24+00:00 Tatiani de Andrade <p>The growing use of mobile devices has caused many developers to focus more on design and user experience, but with this neglected security issues, whether due to lack of knowledge in this field or lack of delivery time, thus exposing thousands of users to information leaks among other malicious actions. In this sense, this work aims to expose the main vulnerabilities that impact the security of a mobile application, going through analyzes in mobile applications, with the intention of alerting developers about the flaws that are usually present in the applications due to bad coding practices and to reflect on how to make your apps more secure.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Tatiani de Andrade Cybersecurity Threats for a Web Development 2023-02-27T20:17:12+00:00 João Cunha <p>With the increasing digitization of the world, web development has become an essential part of businesses and organizations worldwide. However, with the rapid development of technology, cyber threats and attacks have become a major concern for web developers. This article looks at some of the most common cybersecurity threats that web developers should be aware of, and the importance of taking preventative measures to secure web applications. By understanding these cyber threats and taking proactive steps to protect against them, web developers can ensure the security of their users data and maintain the integrity of their web applications.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 João Cunha The Editorial of ARIS2 - Advanced Research on Information Security 2023-01-12T17:40:29+00:00 Nuno Mateus-Coelho <p class="p2">The globe continues to support an abnormal occurrence that has a severe influence on cyber security, which is the conflict between Russia and Ukraine that persists in establishing the first cyber war. This assistance comes as the year 2022 reaches its last range. Since the beginning of this fight, two enormous organizations have been formed in order to investigate potential weaknesses in the security measures used by either side. They exploit weaknesses and resort to force or engage in social engineering in order to achieve their goals.</p> 2022-12-30T00:00:00+00:00 Copyright (c) 2022 Nuno Mateus-Coelho