Editorial for special issue on security and trust on networked systems

The world is becoming increasingly connected, from Internet of Things (IoT) and social networks to big data and cloud computing. Networked systems are not just relevant to information technology but have been already integrated with the engineering and cyber-physical systems domains. The agents of networked systems (e.g., sensor networks) can sense, compute, and interact based on a given task. However, networked systems suffer from many security and trust issues, as these systems are mostly designed based on traditional IT infrastructure. For example, attackers can compromise one internal sensor nodes and infect other nodes afterwards. There was an increase in malware attacks on IoT/Connected Devices of 77% in the first half of 2022, according to a recent report by Sonic Wall. This special issue focuses on how to build a trust and secure networked systems, and identifies new issues and directions for future research and development work. In the first contribution entitled “Privacy-preserving and efficient user matching based on attribute encryption in mobile social networks,” Wu et al. aimed to protect users' privacy and introduced an attribute-based encryption scheme based on the defined policy. Then the server does not need to decrypt the attribute matching file frequently for dating users. The proposed scheme can provide several benefits: (1) it allows two-way matching to support suitable publishers recommended to requesters with dating interests, (2) our scheme protects the privacy of users by encrypting the tagged keywords of the interest information collected from requesters and the personal attribute information of publishers, and (3) the scheme can reduce the computational cost by transferring most of the decryption work to the matching server and dividing the encryption into preparation and online stages. In the second contribution entitled “Privacy Preserving distributed smart grid system based on Hyperledger Fabric and Wireguard,” Yao et al. focused on the security issues of Smart Grid and designed a secure and decentralized energy trading platform in edge area of smart grid system by means of Hyperledger Fabric and WireGuard VPN. WireGuard can customize network gateway and controls traffic by WireGuard Interface, which includes an exclusive private key generated by the elliptic curve, a User Datagram Protocol (UDP) listening port, and a group of peer nodes. The proposed architecture was composed of four main layers, including application, blockchain platform, network structure, and physical infrastructure. In the experiment, the authors tested the bandwidth in WireGuard network and transactions throughput capacity of HyperLedger Fabric blockchain. It showed the feasibility of the proposed architecture, even with the WireGuard communication latency. In the third contribution entitled “Intelligent detection of vulnerable functions in software through neural embedding-based code analysis,” Zeng et al. found that convolutional neural network (CNN) is only suitable for extracting local features but not effective for extracting long-distance dependent features. This work proposed a function-level vulnerability detection framework based on CodeBERT, by adding two fully connected layers and fine-tuning techniques. That is, during fine-tuning, the authors added artificially synthesized data to deepen the network depth. To enhance the ability of capturing bigger contextual dependencies of sequence, the authors used BERT and utilized the bidirectional structure of Transformer. The authors also utilized the synthetic C test samples for fine-tuning the proposed framework. Experimental results indicated that the fine-tuned model can effectively improve the detection performance and outperform several baseline systems. In the fourth contribution entitled “MACPABE: Multi Authority-Based CP-ABE with Efficient Attribute Revocation for IoT-Enabled Healthcare Infrastructure,” Das et al. aimed to solve key escrow problems and introduced a fine-grained access control scheme to support efficient attribute revocation. The proposed scheme is based on less expensive elliptic-curve cryptography (ECC) operations, which can resist collision attacks. The multiple authorities are responsible for generating keys related to the attributes of the user. Post-collection of data from IoT devices and the data owner (DO) encrypts the data and defines an access policy for the authorized users. Then, the DO uploads these data to the cloud server. The cloud service provider then re-encrypts this encrypted data and stores it in its database. To reduce the decryption overhead of end-users, the decryption process is outsourced to a decryption assistant (DA). In the fifth contribution entitled “A federated semi-supervised learning approach for network traffic classification,” Jin et al. identified that most of the collected traffic data is unlabeled, and it is very labor-intensive and expensive to label data. For this issue, the authors proposed an approach using federated semi-supervised learning (SSL) to conduct the network traffic classification task. It allows multiple parties to jointly train a traffic classification model without disclosing and sharing their local user data. This not only resolves the problem of exposing user data but also solves the problem of data islands in the traffic field. The authors then tested different classification models based on convolutional neural networks (CNNs) for reaching SSL in the federated learning environment. These models can combine unsupervised learning with supervised learning, in order to use a large amount of unlabeled data and a small amount of labeled data simultaneously to train a global model. In the evaluation, the authors showed that the proposed approach is more practical than the existing centralized deep learning methods. On the whole, the special issue papers cover a broad range of research on security, privacy and trust on networked systems, for example, IoT, and discuss many potential security threats and promising solutions. The team of guest editors would like to thank Editor-in-Chief James Won-Ki Hong for their great support, as well as the paper authors and the reviewers for their contributions. Data sharing not applicable to this article as no datasets were generated or analyzed during the current study. Dr. Weizhi Meng is currently an Associate Professor in the Department of Applied Mathematics and Computer Science, Technical University of Denmark (DTU), Denmark. He obtained his Ph.D. degree in Computer Science from the City University of Hong Kong, Hong Kong. Prior to joining DTU, he worked as Research Scientist in Institute for Infocomm Research, A*STAR, Singapore. He won the Outstanding Academic Performance Award during his doctoral study and is a recipient of the Hong Kong Institution of Engineers (HKIE) Outstanding Paper Award for Young Engineers/Researchers in both 2014 and 2017. He also received the IEEE ComSoc Best Young Researcher Award for Europe, Middle East, and Africa Region (EMEA) in 2020. His primary research interests are cyber security and intelligent technology in security, including intrusion detection, IoT security, biometric authentication, and blockchain. He serves as an associate editor/editorial board member for many reputed journals such as IEEE TDSC, as well as PC chair for various international conferences. He is an ACM Distinguished Speaker. Sokratis K. Katsikas is the Director of the Norwegian Center for Cybersecurity in Critical Sectors and Professor with the Dept. of Information Security and Communication Technology of the Norwegian University of Science and Technology (NTNU). His research activity has resulted in more than 300 published books, book chapters, journal papers, and papers in conference proceedings. He has led or participated in more than 60 funded national and international R&D projects. Jiageng Chen received his B.S. degree from the School of Computer Science and Technology, Huazhong University of Science and Technology (HUST) in 2004 and received his M.S. and Ph.D. of computer science from the School of Information Science, Japan Advanced Institute of Science and Technology (JAIST) in 2007 and 2012, respectively. He was working as an Assistant Professor in School of Information Science, Japan Advanced Institute of Science and Technology from 2012 to 2015. And currently, he is an Associate Professor at the School of Computer, Central China Normal University. He is the Associate Editor of Journal of Information Security and Application, and he has served as a guest editor for several International Journals such as the “Future Generation Computer Systems” and “Wireless Communications and Mobile Computing,” “IEICE,” “Security and Communication Networks,” and so on. His research areas include cryptography, especially in the areas of cryptographic protocols, algorithms, cryptanalysis, data analysis, fast implementations, and so on. Chao Chen is currently a Senior Lecturer in RMIT University, Australia. He received his Ph.D. degree in Information Technology from Deakin University in 2017. From 2016 to 2018, he worked as a Data Scientist at Telstra to create customer value from huge and heterogeneous data sources using advanced analytics and big data techniques. He then worked at Swinburne University of Technology as a Research Scientist from 2018 to 2020. He is conducting interdisciplinary research between cybersecurity and artificial intelligence (AI), such as AI for cybersecurity and security issues in AI models. He has published more than 30 research papers in refereed international journals and conferences, such as IEEE Transactions on Information Forensics and Security (TIFS), Privacy Enhancing Technologies Symposium (PETS), and ACM Asia Conference on Computer and Communications Security (ASIACCS). One of his papers was the featured article of that issue (IT Professional Mar.–Apr. 2016).