Innovative security technologies against insider threats and data leakage

The last few years have seen a steep growth in research in the area of information security technology developments, with the main focus on network security, including boundary protection and intrusion detection or confidentiality enhancement, based on cryptographic algorithms and authentication protocols, to prevent unauthorized access of the network entities from outside a trusted community domain. Meanwhile, the need for protecting the network assets against insider threats has also become a critical concern due to the observed drastic increase in information leakages by insiders who are legally authorized to access network information. Therefore, there is a clear demand for novel proactive approaches to prevent, detect and respond to insider threats.

It is our great pleasure to offer the readers of the International Journal of Computer Mathematics this special issue consisting of some of the most significant contributions to innovative security technologies against insider threats and data leakage, that have been presented at the Fifth International Workshop on Managing Insider Security Threats (MIST 2013), held at Pukyong National University, Busan, Korea, 24–25 October, 2013, cf. http://isyou.info/conf/mist13/. The selected papers address some showcases of the most recent challenges and advances in technological and managerial security theories, practices and systems from recent works against the insider threat and data leakage to prevent information breaches by insiders, as well as social, managerial and technological countermeasures.

The first paper of this special issue by Zhou et al. [10] proposes a novel cost-effective and practical electronic cash system that supports multiple users while not relying on a random oracle. The proposed scheme is based on the Groth–Sahai proof system and a dynamic group signature scheme based on the Bellare, Shi and Zhang (BSZ) model. The former is meant to maintain the system's anonymity, whereas the latter is designed to ensure the security of the proposed scheme. The proposed scheme is shown to be superior to a few of the selected benchmark schemes in terms of efficiency and security.

The second paper by Kim et al. [3] focuses on investigating an efficient exponentiation algorithm for a secure RSA system resistant to various types of side-channel attacks, including combined attacks. It is shown that the Simple Power Analysis (SPA)/Fault Attack-resistant Boscher Naciri, and Prouff exponentiation algorithm is vulnerable to some combined attack scenarios. Based on this finding, a novel exponentiation algorithm is proposed that is shown to be resistant to the SPA, the Differential Power Analysis, the C-safe Error, and combined attacks. Practical experiments are conducted using an evaluation board wherein the RSA exponentiation algorithm is implemented on an ARM processor, demonstrating that the proposed scheme is suitable for the implementation of a secure RSA cryptosystem in low-resource devices.

The third paper by Guo et al. [1] addresses the problem of linear complexity of attributes proof, by proposing a solution in the form of attributes proof protocols based on a selective aggregate signature technique. The proposed protocols are shown to outperform the accumulator-based protocols with respect to the number of exponentiations and pairings.

In the fourth paper, Singh et al. [7] propose a lattice-based identity-based resplittable threshold public key encryption scheme, and demonstrate that it is semantically secure. It is also argued that the proposed scheme can be exploited to construct some lattice-based unidirectional proxy re-encryption schemes.

The fifth paper by Seo et al. [6] focuses on the problem of protecting the Trust and Reputation Systems (TRS) from various types of attacks. A new TRS that combines several detectors in parallel is proposed, in order to identify and mitigate the attacks using the ensemble combination and fuzzy theory. The proposed system is shown to be robust against new attacks as well as various types of intruder attacks with recommendation capability, while still providing adequate services to its users.

In the sixth paper, Sur et al. [8] study some of the limitations of the previously proposed vehicular ad hoc network-based secure navigation protocols. Based on their findings, they propose a new model for secure navigation systems based on the concept of vehicular cloud. They also propose a secure navigation protocol based on single-use anonymous credentials. This protocol combines a trapdoor hash function and various techniques of credential pseudonymous certificates, as well as a proof of knowledge mechanism, meant to anonymously authenticate the validity of a vehicle and the corresponding hash keys. Through an analytical model, their proposed protocol is shown to provide an efficient protection mechanism against insider threats and data leakage.

The seventh paper by Hernández-Ramos et al. [2] presents a set of Elliptic Curve Cryptography (ECC) optimizations for point and field arithmetic which are used in the design and implementation of a security and capability-based access control mechanism (so-called DCapBAC) on smart objects. The proposed scheme is presented in the form of a fully distributed security approach implemented directly on resource-constrained devices, with the goal of providing scalability, interoperability and end-to-end security. As a proof of concept of the proposed scheme, a real scenario over the Jennic/NXP JN5148 chipset based on a 32-bit RISC CPU is implemented and tested using the AVISPA tool under some common security attacks, showing its effectiveness. In addition, a novel mechanism to mitigate power analysis attacks by combining the non-adjacent form and dummy operations is presented.

In the eighth paper authored by Tsai et al. [9], a secure electronic medical records (EMR) service system (so-called ECC-based Secure EMR Transmission System (ESEMRT)) is proposed. This scheme uses a cloud database, an ECC integration unit, a smart card and portable devices, to provide a secure environment for EMR transmission to the users while reducing the communication load in their portable devices. In addition, a data leakage prevention scheme is implemented on top of the ESEMRT scheme to ensure that illegal duplication of EMR is avoided. Promising simulation results that validate the security level of the proposed scheme are also presented.

The ninth paper by Liu et al. [5] investigates the problem of user privacy protection in mobile online social networks (mOSNs) due to the recent development of the mobile Internet. A new privacy-preserving location sharing system for mOSNs is proposed (so-called N-Mobishare), which is based on the Mobishare scheme. Compared to the Mobishare design, the N-Mobishare design is quite simple and is also consistent with the characteristics of the social networks in the sense that rather than using cellular towers, a social network server is used to forward the user's location update request to the location server while preserving the location privacy. In addition, the location encryption is always performed in the mobile devices. To fulfil these tasks, the only assumption is that the social network server and the location server should be connected by high-speed secure links, and that the users cannot directly visit the location server in order to prevent malicious access.

In the tenth paper authored by Lee et al. [4], a novel detection and prevention scheme that protects the Android device against privilege escalation attacks, including root exploits, is proposed. The approach makes use of the attack pattern of these attacks and the characteristics of the Android framework to design the security mechanism. Typically, some important system calls are identified and monitored from an application process; if a system call must be made by the privileged Android system components in the normal operation state, the proposed scheme will prevent its execution. The attacks are detected by instructing an unauthorized mount request from an authorized one, where an unauthorized mount request is identified by means of a check mechanism. Through simulations, it is shown that the proposed scheme can effectively detect and prevent new and unknown malware as well as currently known ones.

We hope that readers will enjoy studying these papers and will find them valuable for their research. The readers are also encouraged to contact the authors of any of the aforementioned papers if they need further clarification regarding the works that are presented. We would also like to take this opportunity to express a few words of gratitude. We thank all authors who submitted their papers to this special issue, as well as all referees for their peer reviewing. We also would like to express our gratitude to Helen Gray and Lucy Francis from the Taylor & Francis Group for their continuous support in preparing and coordinating the pre-publication process of this special issue.