Cyberspace, the ubiquitous space that exists in relation to the Internet, is usually referred to as a dynamic broad domain ranging from Internet and its infrastructures to social networks. More research work in security has been extended from securing computers to securing Cyberspace, which includes the physical-level security, the network-level security, and the application-level security and addresses improvements in Cyberspace management. As a result, recent years have witnessed increasing research attention on securing Cyberspace, and many interesting methods have been proposed to locate suspicious IP, detect gossip content, prevent illegal information publication and distribution, manage social software and applications, and profile user behavior and opinion. This trend has provided the motivation to launch this special issue. Based on an open call in this area and invited best papers from The Fifth International Conference on Applications and Techniques for Information Security (ATIS 2014) and The first International Workshop on Curbing Cyber-Crimes (C3 2014), five submissions have been accepted to best illustrate the main development and perspectives. The papers in this issue report a variety of methods used to tackle the security issues in cyberspace. They aim at improving security in applications ranging from RFID systems, location based service, discovery of software vulnerability to private medical records, and outsourcing in Multi-Cloud. The problems discussed in these papers are also related to disciplines including data mining, network security, digital forensics, and behavioral and psychological sciences. Here, we provide an integrative perspective of this special issue by summarizing each contribution contained therein. In 1, to address security and privacy issue in RFID systems, a new off-line reading order-independent grouping-proof protocol is proposed to generate a proof that a group of tags have been scanned simultaneously in the range of a reader. The proposed protocol defines an ideal grouping-proof functionality aiming at capturing the secure grouping-proof generation for a group of RFID tags in the UC framework. The new protocol maintains its security properties when composed concurrently with an unbounded number of instances of arbitrary protocol. In addition, the protocol conforms to the computational constraints of EPC Class-Gen-2 passive RFID tags. It is suitable for low-cost passive RFID tags, which are widely used in practical applications. In 2, the authors proposed an algorithm to address the problem of preserving privacy for individual users in location-aware applications. They define a novel distance measurement that combines the semantic and Euclidean distance to address the privacy-preserving issue. They conduct performance experiments on the proposed algorithm and distance metric, and results suggest that they can successfully retain the utility of the location services. In 3, to discover software vulnerability, an effective and efficient mechanism is proposed. The method also helps programmers to write secure code to avoid the existence of vulnerability at the early stage of software development. The proposed mechanism uses code clone verification to discover vulnerability in software programs and reduces the false positive of detection by combining the advantages of static and dynamic analysis. In addition, it also mitigates the path explosion problem in the testing process when verifying the existence of vulnerability. As a result, the proposed approach effectively improves the security of software systems, applications, and utilities in various areas of Cyberspace. In particular, it helps to create a reliable environment for the communications of all the social media participants. In 4, the authors analyze the security of Fair Remote Retrieval (FRR) model that is used to ensure the integrity of remote medical records. They show that FRR model fails to achieve its security goals, therefore present an improved protocol, called IFR2̂, to fix the security minor faults while preserving all the properties of FRR. The paper analyzes the correctness and security of IFR2̂ and experimentally verifies the efficiency in terms of computational and communication cost of the model. In 5, the authors propose an identity based storage management and integrity verification protocol for secure outsourcing in Multi-Cloud. The paper aims to fill the gap on guaranteeing fair results on two-party storage checking protocols without third party audit in multi-cloud computing. Specifically, the authors prove the security and efficiency of their protocol by theoretical analysis and simulation experiments without using any trusted organizer. Furthermore, the protocol enjoys many security attributes including prevention of various attacks, user anonymity, and local password verification. Preparation of this issue would have been impossible without the hard work of anonymous reviewers and the authors. Special thanks go to Prof. Geoffrey Fox, editor-in-chief of the journal, for his great support.
Read full abstract