Introduction to the Special Issue on User-Centric Security and Safety for CPS

Abstract

The recent spate of cyber security attacks has reinforced the importance of cyber security. Cyber security is no longer just a technical issue requiring the proficiency and capabilities of technical experts, it is a global phenomenon requiring the attention of stakeholders across different information domains. We organize this special issue on user-centric security and safety aspects of cyber-physical systems (CPS) with the aim of filling gaps between user behaviour and the design of complex CPS. These include different stakeholders’ roles and responsibilities, user-centric decision-making capabilities and situational awareness, user experience design, mitigation of user errors and analysing their impact, adaptive risk management, user or operator’s trust, security and safety in the device’s or system’s authentication, access control, and configuration management, hence, the relation to the development of the system’s security and safety in the cyber-physical world. It is presumed that alignment of user-oriented processes, standards, and guidelines for security and safety are required to cope with the complexities and interoperability of cyber-physical systems. In other words, this special issue aims to publish the latest advancements in user-centric security and safety techniques and controls for CPS and related components. The following seven contributed articles are included in this special issue: The first article, entitled “Efficient Multi-factor User Authentication Protocol with Forward Secrecy for Real-time Data Access in WSNs,” proposes a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user’s device) are the main energy bottleneck. This work is the first one that can satisfy all 12 criteria of the state-of-the-art evaluation metric under the harshest adversary model so far. The second article, entitled “A Multi-label Fuzzy Relevance Clustering System for Malware Attack Attribution in the Edge Layer of Cyber Physical Networks,” proposes a novel multi-label fuzzy clustering system for malware attack attribution. The authors first observed that a multilabel classifier does not classify a part of the samples when classifying malware families. To overcome this problem, the authors developed an ensemble-based multi-label fuzzy classification method to suggest the relevance of a malware instance to the stricken families. The third article, entitled “A User-centric Security Solution for Internet of Things and Edge Convergence,” proposes a user-centric security solution to ensure the trustworthiness of the data for emergency evaluation in Edge datacenters (EDCs). A user centric security approach by authenticating users and devices before any communications is established. The fourth article, entitled “MobileTrust: Secure Knowledge Integration in VANETs,” is about the security of Vehicular Ad hoc NETworks (VANET). The authors propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal utilizes cloud