Title: Human-centric security service and its application in smart space
Abstract: Information Communication Technology paradigms are standing on the new Internet era, "Internet of Things," which is going to rapidly evolve smart space. The concept of smart space would create the environment where real world myriad things and intelligent devices are connected via wire/wireless networks. As the smart space is approaching, this phenomenon will pose an important challenge in the perspective of information security. While the characteristics of the existing environment include passive information process and system-based computing, smart space possesses the characteristics of kinetic information process and user context-based service. In this environment, the information could be easily collected and misused in various ways, because of connection between virtual and physical space, regardless of time and physical limitation. To guarantee confidentiality, integrity, and availability of information in this environment, the existing security service/system would encounter some limitations. Considering the characteristics of recent incidents, utilizing the state-of-the-art technology, information leakage takes place via diverse channels, including social engineering. In this vein, it is time to change paradigms, which is focused on human behavioral aspects of security system. What is called human-centric security is to upgrade the existing information security system by considering various elements of our daily life including human behavior, characteristics of organization or nation, changes in modern society, and integrated/converged information security management (including physical security, technical security, and managerial security). Specifically, this security service is capable of profiling a certain information system user's future action by accumulating and analyzing user log data, behavior, knowledge about information security, attitude, and behavior. Accordingly, a number of papers included in this special issue focus on law and regulation issue in smart space (open environment), organizational security behavior, security evaluation for organization, social security culture, security policy and awareness, privacy and security issue, methodology for human-centric security service design, multi-dimensional user pattern recognition security system, intelligent intrusion detection, prevention and response, intelligent digital forensics and diagnostics, and security case studies. More specifically, the paper entitled "Human-centric visual monitoring of multi-clients system behavior and BiT for trust computing" by Eun-Ha Song, Su-Hyun Yang, and Young-Sik Jeong proposes the trusted platform board monitoring system that enabled effectively detecting and managing abnormal phenomenon based on the trusted platform board not only for security but also for multiple clients connected on the Web. The paper entitled "Unified Threat Model for Analyzing and Evaluating Software Threats" by XiaoHong Li, Ke He, Zhiyong Feng, and Guangquan Xu proposes to improve the trustworthiness of software designs that is a unified threat model for representing, analyzing, and evaluating software threats at various design stages. The paper entitled "A novel user authentication scheme with anonymity for wireless communications" by Jianwei Niu and Xiong Li proposes a novel user authentication scheme with anonymity based on elliptic curve cryptosystem, which can resist various known types of attacks and is more practical for wireless and mobile communications. The paper entitled "UFLE: A User-friendly Location-free Encryption System for Mobile Users" by Yi-Jun He, Patrick P. F. Chan, Lucas C. K. Hui, and S. M. Yiu proposes a user-friendly location-free encryption system for mobile users (UFLE) to improve the solution mobile user location-specific encryption from Studer and Perrig on both the security and usability. The paper entitled "Applying biometrics to design three-factors remote user authentication scheme with key agreement" by Xiong Li, Jianwei Niu, Zhibo Wang, and Caisen Chen proposes to design a three-factor remote user authentication scheme with key agreement using biometrics. The paper entitled "A spatial transformation scheme supporting data privacy and query integrity for security of outsourced databases" by Hyeong-Il Kim, Al-Amin Hossain, and Jae-Woo Chang proposes a spatial transformation scheme that makes use of shearing transformation with rotation shifting. The paper entitled "A novel approach to detection of mobile rogue access points" by Iluk Kim, Jungtaek Seo, Taeshik Shon, and Jongsub Moon proposes a method to detect rogue access points (APs) over mobile networks using round-trip time measurements, without relying on information from authorized lists of APs or users. Through experiments, it proved that the proposed method could detect rogue APs successfully. The paper entitled "Multi-camera-based security log management scheme for smart surveillance" by Daehoon Kim, Eenjun Hwang, and Seungmin Rho proposes a new security log management scheme for smart surveillance in a multi-camera environment. The paper entitled "A study of privacy problem solving using device and user authentication for M2M environments" by Jin-Mook Kim, Hwa-Young Jeong, and Bong-Hwa Hong proposes privacy problem solving using device and user authentication that can support the certification process between device and user communicating the subject in M2M environment and can support the user in another certification work about various services. Privacy problem solving using device and user authentication proposes a design that can pass through a light certification process based on existent system. The paper entitled "Privacy protection in human-centric healthcare home environment" by Deok-Seok Seo, Soon Seok Kim, Yong Hee Lee, Gwang Hee Kim, and Yoon Seok Shin proposes a new architecture and system to secure the privacy of person for the newly published international standard technology. The proposed technology is expected to provide a more secure and realistic alternative in the future human-centric healthcare home environment. The paper entitled "Improved cancelable fingerprint templates using minutiae-based functional transform" by Daesung Moon, Jang-Hee Yoo, and Mun-Kyu Lee proposes that the proposed method significantly improves the security of the original template by preventing the attacker from reconstructing the transform because the information on the original template will not be available to the attacker even when a system is compromised. The paper entitled "Robust password changing and DoS resilience for human-centric password authentication" by Xiangxue Li, Haifeng Qian, Yu Yu, Jian Weng, and Ziping Wang proposes the requirements of robust password changing in authentication and presents SPCA, a password authentication scheme with robust password changing, DoS resilience, and card-compromise security. Thus, the proposal can be viewed as a suitable candidate instantiation for authentication services of human-centric security, by embedding in the computer and software systems. Strong Password Check Authentication (SPCA) also achieves other appealing features, such as self-healing ability and strong privacy protection, which may be useful for human-centric applications. The paper entitled "A security communication model based on certificateless online/offline signcryption for Internet of Things" by Ming Luo, Min Tu, and Jianfeng Xu defines the formal models of certificateless online/offline signcryption and proposes a concrete certificateless online/offline signcryption scheme for Internet of things environment. The paper entitled "Discovering anomaly on the basis of flow estimation of alert feature distribution" by Xuejiao Liu, Yingjie Xia, Yanbo Wang, and Jing Ren proposes the flow estimation of abrupt changes in feature distribution caused by anomalies, by computing Kullback–Leibler distance of alert feature values under observation in comparison with a reference distribution, which is the mixture of a distribution drawing a tread from historical alerts, and a distribution derived from expertise provided by administrators. The paper entitled "Modeling and formal verification of smart environments" by Fulvio Corno and Muhammad Sanaullah proposes a design time modeling and formal verification methodology to consider correctness, reliability, safety, and security in the design process of SmE and their related components. The paper entitled "Real-time robust 3D object tracking and estimation for surveillance system" by Jin-hyung Park, Seungmin Rho, and Chang-sung Jeong proposes a new 3D object tracking algorithm that supports multiple planar and nonplanar objects with real-time processing speed and high accuracy. This algorithm provides high accuracy and real-time performance while detecting not only planar objects but also nonplanar objects. The paper entitled "A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic" by Sang-soo Choi, Jungsuk Song, Seokhun Kim, and Sookyun Kim proposes a security monitoring and response model to analyze cyber threats trend and to trace potential attackers based on darknet traffic. The paper entitled "Human centric security policy and management design for small and medium business" by Yanghoon Kim and Hangbae Chang proposes a model to measure security levels of small and medium business and a human-centric security policy. The paper entitled "A study on the influences of R&D investment on information security for mechanical and electronics industry" by Seung-Ryung Oh and Kun Woo Kim proposes Expected Net Present Value (ENPV), which has been deduced by real option according to R&D investment, reflects market value well, and possesses a strong correlation with R&D investment, Real Option Value (ROV), ENPV, and market value. Eventually, we would like to extend our sincere appreciation to all the authors for their priceless dedication and also to the referees for their support and hard work for reviewing the papers in a timely manner despite of busyness. We firmly believe that the accepted papers would be a meaningful contribution to researchers, students, and practitioners studying this field of human-centric security service and its application in smart space. Our special thanks go to the editorial board for this SI and Professor Hsiao-Hwa Chen and Hamid R. Sharif, who is the Editor-in-Chief of Security and Communication Networks for his support throughout the whole publication processes.