Dynamic Network Services and Security 2015 |
Since the Bell System introduced “dynamic routing” several decades ago using the SS-7 signaling system, dynamic network services have been an important tool for network management and intelligence. For the Science of Security community, dynamic methods are useful toward solving the hard problems of resiliency, metrics, and composability. The work cited here was presented in 2015.
M. K. Sharma, R. S. Bali and A. Kaur, “Dynamic Key Based Authentication Scheme for Vehicular Cloud Computing,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1059-1064. doi: 10.1109/ICGCIoT.2015.7380620
Abstract: In recent years, Vehicular Cloud Computing (VCC) has emerged as new technology to provide uninterrupted information to the vehicles from anywhere, anytime. The VCC provides two types of services such as safety related messages and non-safety related messages to the users. The vehicles have less computational power, storage etc. so that the vehicles collect information and send these information to the local or vehicular cloud for computation or storage purposes. But due to the dynamic nature, rapid topology changes and open communication medium, the information can be altered so that it leads to misguiding users, wrong information sharing etc. In the proposed scheme, Elliptic Curve Cryptography used for secure communication in the network that also ensures the security requirements such as confidentiality, integrity, privacy etc. The proposed scheme ensures the mutual authentication of both sender and receiver that wants to communicate. The scheme uses additional operation such as one-way hash function and concatenation to secure the network against various attacks i.e. spoofing attack, man-in-the-middle attack, replay attack etc. The effectiveness of the proposed scheme is evaluated using the different metrics such as packet delivery ratio, throughput and end-to-end delay and it is found better where it is not applied.
Keywords: automobiles; cloud computing; intelligent transportation systems; public key cryptography; vehicular ad hoc networks; VCC; dynamic key-based authentication scheme; elliptic curve cryptography; mutual authentication; open communication medium; vehicular cloud computing; Authentication; Cloud computing; Elliptic curve cryptography; Elliptic curves; Receivers; Vehicles; Intelligent Transportation System; Key Authentication; Key Generation; VANET's; Vehicular Cloud Computing (ID#: 16-10976)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380620&isnumber=7380415
C. J. Chung, T. Xing, D. Huang, D. Medhi and K. Trivedi, “SeReNe: On Establishing Secure and Resilient Networking Services for an SDN-Based Multi-Tenant Datacenter Environment,” Dependable Systems and Networks Workshops (DSN-W), 2015 IEEE International Conference on, Rio de Janeiro, 2015, pp. 4-11. doi: 10.1109/DSN-W.2015.25
Abstract: In the current enterprise data enter networking environment, a major hurdle in the development of network security is the lack of an orchestrated and resilient defensive mechanism that uses well-established quantifiable metrics, models, and evaluation methods. In this position paper, we describe an emerging Secure and Resilient Networking (SeReNe) service model to establish a programmable and dynamic defensive mechanism that can adjust the system's networking resources such as topology, bandwidth allocation, and traffic/flow forwarding policies, according to the network security situations. We posit that this requires addressing two interdependent technical areas: (a) a Moving Target Defense (MTD) framework both at networking and software levels, and (b) an Adaptive Security-enabled Traffic Engineering (ASeTE) approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. We believe that our position can greatly benefit the virtual networking system established in data Centerior enterprise virtual networking systems that have adopted latest Open Flow technologies.
Keywords: bandwidth allocation; cloud computing; computer centres; computer network security; software defined networking; virtual machines; ASeTE; MTD framework; OpenFlow technologies; SDN-based multitenant datacenter environment; SeReNe service model; VM; VN; adaptive security-enabled traffic engineering; cloud virtual networking system; dynamic defensive mechanism; enterprise virtual networking systems; moving target defense; network bandwidth allocations; network security; programmable defensive mechanism; secure and resilient networking services; software defined networking; virtual machines; Bridges; Cloud computing; Computational modeling; Computer bugs; Home appliances; Security; multi-tenant datacenter; security and resilience (ID#: 16-10977)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7272544&isnumber=7272533
M. Ennahbaoui, H. Idrissi and S. E. Hajji, “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 314-319. doi: 10.1109/INNOVATIONS.2015.7381560
Abstract: Grid Computin60g is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.
Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring (ID#: 16-10978)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381560&isnumber=7381480
A. Bouchami, E. Goettelmann, O. Perrin and C. Godart, “Enhancing Access-Control with Risk-Metrics for Collaboration on Social Cloud-Platforms,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 864-871. doi: 10.1109/Trustcom.2015.458
Abstract: Cloud computing promotes the exchange of information, resources and tasks between different organizations by facilitating the deployment and adoption of centralized collaboration platforms: Professional Social Networking (PSN). However, issues concerning security management are preventing their widespread use, as organizations still need to protect some of their sensitive data. Traditional access control policies, defined over the triplet (User, Action, Resource) are difficult to put in place in such highly dynamic environments. In this paper, we introduce risk metrics in existing access control systems to combine the fine-grained policies defined at the user level, with a global risk-policy defined at the organization's level. Experiments show the impact of our approach when deployed on traditional systems.
Keywords: authorisation; cloud computing; data protection; groupware; organisational aspects; resource allocation; risk management; social networking (online); PSN; access-control; action; centralized collaboration platform; fine-grained policies; global risk-policy; organization level; professional social networking; resource; risk-metrics; security management; sensitive data protection; social cloud-platform; user; Access control; Collaboration; Companies; Context; Social network services; Access-Control; Professional Social Networking; Risk; Security (ID#: 16-10979)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345366&isnumber=7345233
N. Soule, B. Simidchieva, F. Yaman et al., “Quantifying & Minimizing Attack Surfaces Containing Moving Target Defenses,” Resilience Week (RWS), 2015, Philadelphia, PA, 2015, pp. 1-6. doi: 10.1109/RWEEK.2015.7287449
Abstract: The cyber security exposure of resilient systems is frequently described as an attack surface. A larger surface area indicates increased exposure to threats and a higher risk of compromise. Ad-hoc addition of dynamic proactive defenses to distributed systems may inadvertently increase the attack surface. This can lead to cyber friendly fire, a condition in which adding superfluous or incorrectly configured cyber defenses unintentionally reduces security and harms mission effectiveness. Examples of cyber friendly fire include defenses which themselves expose vulnerabilities (e.g., through an unsecured admin tool), unknown interaction effects between existing and new defenses causing brittleness or unavailability, and new defenses which may provide security benefits, but cause a significant performance impact leading to mission failure through timeliness violations. This paper describes a prototype service capability for creating semantic models of attack surfaces and using those models to (1) automatically quantify and compare cost and security metrics across multiple surfaces, covering both system and defense aspects, and (2) automatically identify opportunities for minimizing attack surfaces, e.g., by removing interactions that are not required for successful mission execution.
Keywords: security of data; attack surface minimization; cyber friendly fire; cyber security exposure; dynamic proactive defenses; moving target defenses; resilient systems; timeliness violations; Analytical models; Computational modeling; IP networks; Measurement; Minimization; Security; Surface treatment; cyber security analysis; modeling; threat assessment (ID#: 16-10980)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287449&isnumber=7287407
B. Bhargava, P. Angin, R. Ranchal and S. Lingayat, “A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing,” Reliable Distributed Systems Workshop (SRDSW), 2015 IEEE 34th Symposium on, Montreal, QC, 2015, pp. 31-35. doi: 10.1109/SRDSW.2015.16
Abstract: The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds makes it difficult to guarantee any service level agreements. On the other hand, providing quality of service guarantees to users of mobile and cloud services that involve collaboration of multiple services is contingent on the existence of mechanisms that give accurate performance estimates and security features for each service involved in the composition. In this paper, we propose a distributed service monitoring and dynamic service composition model for network computing, which provides increased resiliency by adapting service configurations and service compositions to various types of changes in context. We also present a greedy dynamic service composition algorithm to reconfigure service orchestrations to meet user-specified performance and security requirements. Experiments with the proposed algorithm and the ease-of-deployment of the proposed model on standard cloud platforms show that it is a promising approach for agile and resilient network computing.
Keywords: cloud computing; quality of service; security of data; software fault tolerance; software prototyping; agile network computing; distributed service monitoring; dynamic service composition model; greedy dynamic service composition algorithm; quality of service; security requirement; service orchestration reconfiguration; Cloud computing; Context; Heuristic algorithms; Mobile communication; Monitoring; Quality of service; Security; adaptability; agile computing; monitoring; resilience; service-oriented computing (ID#: 16-10981)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371438&isnumber=7371403
D. Zhang and J. P. G. Sterbenz, “Measuring the Resilience of Mobile Ad Hoc Networks with Human Walk Patterns,” Reliable Networks Design and Modeling (RNDM), 2015 7th International Workshop on, Munich, 2015, pp. 161-168. doi: 10.1109/RNDM.2015.7325224
Abstract: MANET (mobile ad hoc network) technology has become increasingly attractive for real-world applications in the past decade. Dynamic and intermittent connectivity caused by node mobility poses a huge challenge to the operation of MANETs that require end-to-end paths for communication. The attacks against critical nodes could result in a more degraded network service. In this paper, we evaluate the network resilience of real-world humans' walking traces under different malicious attacks. We propose a new flexible attack strategy by selecting different centrality metrics to measure node significance according to network topological properties. We employ a resilience quantification approach to evaluate the node pair communication ability spanning a range of network operational states. Resilience of topological robustness is evaluated for different combinations of network parameters, and resilience of application layer service using different routing protocols are compared given a range of states of topological flow robustness. Our results show that flexible attacks impact overall network resilience more than attacks based on any single centrality metric with varying network connectivities.
Keywords: mobile ad hoc networks; routing protocols; telecommunication network topology; telecommunication security; MANET technology; application layer service; critical nodes; dynamic connectivity; end-to-end paths; flexible attack strategy; flexible attacks; intermittent connectivity; malicious attacks; mobile ad hoc network technology; network operational states; network resilience; network topological properties; node mobility; node pair communication ability; resilience quantification approach; single centrality metric; topological robustness resilience; varying network connectivities; Ad hoc networks; Measurement; Mobile computing; Network topology; Resilience; Robustness; Topology; MANET; mobile wireless topology challenge modeling; ns-3 simulation; resilient survivable disruption-tolerant network; time-varying weighted graph (ID#: 16-10982)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7325224&isnumber=7324297
D. Zhang and J. P. G. Sterbenz, “Robustness Analysis of Mobile Ad Hoc Networks using Human Mobility Traces,” Design of Reliable Communication Networks (DRCN), 2015 11th International Conference on the, Kansas City, MO, 2015, pp. 125-132. doi: 10.1109/DRCN.2015.7149003
Abstract: With the rapid advancement of wireless technology and the exponential increase of wireless devices in the past decades, there are more consumer applications for MANETs (mobile ad hoc networks) in addition to the traditional military uses. A resilient and robust MANET is essential to high service quality for applications. The dynamically changing topologies of MANETs pose a huge challenge to normal network operations. Furthermore, malicious attacks against critical nodes in the network could result in the deterioration of the network. In this paper, we employ several real-world human mobility traces to analyze network robustness in the time domain. We apply attacks against important nodes of the human topology and compare the impact of attacks based on different centrality measures. Our results confirm that nodes with high betweenness in a well-connected large dynamic network play the most pivotal roles in the communication between all node pairs.
Keywords: mobile ad hoc networks; telecommunication security; MANET; human mobility traces; malicious attacks; robustness analysis; Ad hoc networks; Correlation; Measurement; Mobile computing; Network topology; Robustness; Topology; Dynamic networks; Graph centrality; Human mobility traces; MANETs; Resilience and survivability; Robustness (ID#: 16-10983)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149003&isnumber=7148972
C. J. Chung, T. Xing, D. Huang, D. Medhi and K. Trivedi, “SeReNe: On Establishing Secure and Resilient Networking Services for an SDN-based Multi-tenant Datacenter Environment,” Dependable Systems and Networks Workshops (DSN-W), 2015 IEEE International Conference on, Rio de Janeiro, 2015, pp. 4-11. doi: 10.1109/DSN-W.2015.25
Abstract: In the current enterprise data enter networking environment, a major hurdle in the development of network security is the lack of an orchestrated and resilient defensive mechanism that uses well-established quantifiable metrics, models, and evaluation methods. In this position paper, we describe an emerging Secure and Resilient Networking (SeReNe) service model to establish a programmable and dynamic defensive mechanism that can adjust the system's networking resources such as topology, bandwidth allocation, and traffic/flow forwarding policies, according to the network security situations. We posit that this requires addressing two interdependent technical areas: (a) a Moving Target Defense (MTD) framework both at networking and software levels, and (b) an Adaptive Security-enabled Traffic Engineering (ASeTE) approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. We believe that our position can greatly benefit the virtual networking system established in data Centerior enterprise virtual networking systems that have adopted latest Open Flow technologies.
Keywords: bandwidth allocation; cloud computing; computer centres; computer network security; software defined networking; virtual machines; ASeTE; MTD framework; OpenFlow technologies; SDN-based multitenant datacenter environment; SeReNe service model; VM; VN; adaptive security-enabled traffic engineering; cloud virtual networking system; dynamic defensive mechanism; enterprise virtual networking systems; moving target defense; network bandwidth allocations; network security; programmable defensive mechanism; secure and resilient networking services; software defined networking; virtual machines; Bridges; Cloud computing; Computational modeling; Computer bugs; Home appliances; Security; multi-tenant datacenter; security and resilience (ID#: 16-10984)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7272544&isnumber=7272533
D. Oliveira, P. Carvalho and S. R. Lima, “Towards Cloud Storage Services Characterization,” Computational Science and Engineering (CSE), 2015 IEEE 18th International Conference on, Porto, 2015, pp. 129-136. doi: 10.1109/CSE.2015.40
Abstract: Monitoring of Internet services shows that there is a global and growing trend in the use of Cloud Services. This paper aims to identify and quantify the use of Cloud Services taking the University of Minho (UMinho) network as a practical case study. Thus, this study focuses on characterizing Cloud Storage services, identifying the most accessed Cloud Storage Providers and the characteristics of corresponding traffic. As a first step, this involves identifying appropriate techniques for traffic classification and the definition of a model for processing the collected traces. Cloud Storage services present several characteristics that turn the current classification methods insufficient or too complex to apply, namely the use of dynamic communication ports and security protocols encrypting the traffic. This has motivated the use of a new classification approach based on Tstat tool, which allows extracting signatures of servers during SSL handshaking. The obtained results provide global statistics regarding the most used services at UMinho, focusing subsequently on Cloud Storage services. For these, the top Cloud Storage Providers within user preferences are identified and the corresponding traffic characteristics discussed.
Keywords: cloud computing; pattern classification; storage management; telecommunication traffic; Internet services monitoring; SSL handshaking; Tstat tool; UMinho network; University of Minho networks; cloud storage providers; cloud storage services characterization; dynamic communication ports; encryption; global statistics; security protocols; signatures extraction; traffic characteristics; traffic classification; user preferences; Cloud computing; Cryptography; Payloads; Ports (Computers); Protocols; Servers; cloud services; cloud storage; traffic classification (ID#: 16-10985)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371365&isnumber=7371335
S. Jegadeeswari, P. Dinadayalan and N. Gnanambigai, “A Neural Data Security Model: Ensure High Confidentiality and Security in Cloud Datastorage Environment,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 400-406. doi: 10.1109/ICACCI.2015.7275642
Abstract: Cloud computing is a computing paradigm which provides a dynamic environment for end users to guarantee Quality of Service (QoS) on data towards confidentiality on the out sourced data. Confidentiality is about accessing a set of information from a cloud database with a high security level This research proposes a new cloud data security model, A Neural Data Security Model to ensure high confidentiality and security in cloud data storage environment for achieving data confidentiality in the cloud database platform. This cloud Neural Data Security Model comprises Dynamic Hashing Fragmented Component and Feedback Neural Data Security Component. The data security component deals with data encryption for sensitive data using the RSA algorithm to increase the confidentiality level. The fragmented sensitive data is stored in dynamic hashing. The Feedback Neural Data Security Component is used to encrypt and decrypt the sensitive data by using Feedback Neural Network. This Feedback Neural Network is deployed using the RSA security algorithm. This work is efficient and effective for all kinds of queries requested by the user. The performance of this work is better than the conventional cloud data security models as it achieve a high data confidentiality level.
Keywords: cloud computing; digital storage; neural nets; public key cryptography; quality of service; QoS; RSA algorithm; RSA security algorithm; cloud data security model; cloud data storage environment; cloud database platform; cloud neural data security model; data confidentiality; data encryption; dynamic hashing fragmented component; feedback neural data security component; feedback neural network; fragmented sensitive data; high confidentiality; sensitive data decryption; Data models; Encryption; Memory; Quality of service; Training; Cloud Computing; Confidentiality; Data security; Feedback Neural Network; Neural Network; RSA (ID#: 16-10986)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275642&isnumber=7275573
M. K. Sharma, R. S. Bali and A. Kaur, “Dynamic Key Based Authentication Scheme for Vehicular Cloud Computing,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1059-1064. doi: 10.1109/ICGCIoT.2015.7380620
Abstract: In recent years, Vehicular Cloud Computing (VCC) has emerged as new technology to provide uninterrupted information to the vehicles from anywhere, anytime. The VCC provides two types of services such as safety related messages and non-safety related messages to the users. The vehicles have less computational power, storage etc. so that the vehicles collect information and send these information to the local or vehicular cloud for computation or storage purposes. But due to the dynamic nature, rapid topology changes and open communication medium, the information can be altered so that it leads to misguiding users, wrong information sharing etc. In the proposed scheme, Elliptic Curve Cryptography used for secure communication in the network that also ensures the security requirements such as confidentiality, integrity, privacy etc. The proposed scheme ensures the mutual authentication of both sender and receiver that wants to communicate. The scheme uses additional operation such as one-way hash function and concatenation to secure the network against various attacks i.e. spoofing attack, man-in-the-middle attack, replay attack etc. The effectiveness of the proposed scheme is evaluated using the different metrics such as packet delivery ratio, throughput and end-to-end delay and it is found better where it is not applied.
Keywords: automobiles; cloud computing; intelligent transportation systems; public key cryptography; vehicular ad hoc networks; VCC; dynamic key-based authentication scheme; elliptic curve cryptography; mutual authentication; open communication medium; vehicular cloud computing; Authentication; Cloud computing; Elliptic curve cryptography; Elliptic curves; Receivers; Vehicles; Intelligent Transportation System; Key Authentication; Key Generation; VANET's; Vehicular Cloud Computing (ID#: 16-10987)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380620&isnumber=7380415
M. A. Abdrabou, A. D. E. Elbayoumy and E. A. El-Wanis, “LTE Authentication Protocol (EPS-AKA) Weaknesses Solution,” 2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS), Cairo, 2015, pp. 434-441. doi: 10.1109/IntelCIS.2015.7397256
Abstract: Extensible Authentication Protocol (EAP) is an authentication framework in Long Term Evolution (LTE) networks. EAP-AKA is one of the methods of EAP which uses the Authentication and Key Agreement (AKA) mechanism based on challenge-response mechanisms, EAP-AKA is used in the 3rd generation mobile networks then modified and inherited to 4th generation mobile networks (LTE) as Evolved Packet System Authentication and Key Agreement (EPS-AKA) mechanism which is used when the user access the network through EUTRAN. EPS-AKA vulnerabilities are disclosure of the user identity, Man in the Middle attack and Denial of Services (DoS) attacks so a robust authentication mechanism must replace EPSAKA to avoid such attacks. In this paper, Modified Evolved Packet System Authentication and Key Agreement (MEPS-AKA) protocol based on Simple Password Exponential Key Exchange (SPEKE) and symmetric key cryptography is proposed to solve these problems by performing a pre-authentication procedure to generate a dynamic key every time user access to the network, also each message send or received is confidentially protected. Scyther tool is used to verify the efficiency of the proposed protocol. EPS-AKA and MEPS-AKA are simulated using C programming language to calculate the execution time for both algorithms. The proposed protocol is simulated using a client-server application program using C# programming language.
Keywords: Long Term Evolution; protocols; telecommunication security; 3rd generation mobile networks; 4th generation mobile networks; AKA mechanism; C programming language; C# programming language; Denial of Services; DoS attacks; EPS-AKA mechanism; EPS-AKA weaknesses solution; LTE authentication protocol; LTE network; SPEKE; Scyther tool; authentication and key agreement; authentication framework; challenge response mechanisms; client-server application program; evolved packet system authentication and key agreement; extensible authentication protocol; long term evolution; preauthentication procedure; robust authentication mechanism; simple password exponential key exchange; symmetric key cryptography; Long Term Evolution; Protocols; Redundancy; AES; EAP-AKA; EPS-AKA; LTE; Scyther (ID#: 16-10988)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7397256&isnumber=7397173
N. W. Lo, M. C. Chiang and C. Y. Hsu, “Hash-Based Anonymous Secure Routing Protocol in Mobile Ad Hoc Networks,” Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, Kaohsiung, 2015, pp. 55-62. doi: 10.1109/AsiaJCIS.2015.27
Abstract: A mobile ad hoc network (MANET) is composed of multiple wireless mobile devices in which an infrastructure less network with dynamic topology is built based on wireless communication technologies. Novel applications such as location-based services and personal communication Apps used by mobile users with handheld wireless devices utilize MANET environments. In consequence, communication anonymity and message security have become critical issues for MANET environments. In this study, a novel secure routing protocol with communication anonymity, named as Hash-based Anonymous Secure Routing (HASR) protocol, is proposed to support identity anonymity, location anonymity and route anonymity, and defend against major security threats such as replay attack, spoofing, route maintenance attack, and denial of service (DoS) attack. Security analyses show that HASR can achieve both communication anonymity and message security with efficient performance in MANET environments.
Keywords: cryptography; mobile ad hoc networks; mobile computing; mobility management (mobile radio); routing protocols; telecommunication network topology; telecommunication security; DoS attack; HASR protocol; Hash-based anonymous secure routing protocol; MANET; denial of service attack; dynamic network topology; handheld wireless devices; location-based services; message security; mobile users; personal communication Apps; route maintenance attack; wireless communication technologies; wireless mobile devices; Cryptography; Mobile ad hoc networks; Nickel; Routing; Routing protocols; communication anonymity; message security; mobile ad hoc network; routing protocol (ID#: 16-10989)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153936&isnumber=7153836
M. Ennahbaoui, H. Idrissi and S. E. Hajji, “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 314-319. doi: 10.1109/INNOVATIONS.2015.7381560
Abstract: Grid Computing is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.
Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring
(ID#: 16-10990)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381560&isnumber=7381480
M. Ahmadi, M. Gharib, F. Ghassemi and A. Movaghar, “Probabilistic Key Pre-Distribution for Heterogeneous Mobile Ad Hoc Networks Using Subjective Logic,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 185-192. doi: 10.1109/AINA.2015.184
Abstract: Public key management scheme in mobile ad hoc networks (MANETs) is an inevitable solution to achieve different security services such as integrity, confidentiality, authentication and nonrepudiation. Probabilistic asymmetric key pre-distribution (PAKP) is a self-organized and fully distributed approach. It resolves most of MANET's challenging concerns such as storage constraint, limited physical security and dynamic topology. In such a model, secure path between two nodes is composed of one or more random successive direct secure links where intermediate nodes can read, drop or modify packets. This way, intelligent selection of intermediate nodes on a secure path is vital to ensure security and lower traffic volume. In this paper, subjective logic is used to improve PAKP method with the aim to select the most trusted and robust path. Consequently, our approach results in a better data traffic and also improve the security. Proposed algorithm chooses the least number of nodes among the most trustworthy nodes which are able to act as intermediate stations. We exploit two subjective logic based models: one exploits the subjective nature of trust between nodes and the other considers path conditions. We then evaluate our approach using network simulator ns-3. Simulation results confirm the effectiveness and superiority of the proposed protocol compared to the basic PAKP scheme.
Keywords: cryptographic protocols; mobile ad hoc networks; public key cryptography; radio links; telecommunication security; telecommunication traffic; MANET; PAKP; data traffic; heterogeneous mobile ad hoc network security; intermediate node intelligent selection; network simulator ns-3; probabilistic asymmetric key predistribution; protocol; public key management scheme; random successive direct secure link; subjective logic; Ad hoc networks; Mobile computing; Probabilistic logic; Public key; Uncertainty; Probabilistic asymmetric key pre-distribution; Subjective logic; Trust (ID#: 16-10991)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097969&isnumber=7097928
S. R. M. Krishna, P. V. K. Prasad, M. N. S. Ramanath and B. M. Kumari, “Security in MANET Routing Tables with FMNK Cryptography Model,” Electrical, Electronics, Signals, Communication and Optimization (EESCO), 2015 International Conference on, Visakhapatnam, 2015, pp. 1-7. doi: 10.1109/EESCO.2015.7254021
Abstract: MANET-Mobile Ad hoc Network is an assembly of movable nodes which pass on information with each other by means of multi-hop wireless associates. As nodes travel often, it won't be having an unchanging infrastructure as a result it is unsafe and will be inclined by various attacks. Each node has a finite interaction range, which will be behaves as a router to communicate the packets to another node. DOS (Denial-of-Service) attack, Flooding attack are some serious threats in MANET which causes data unsafety in MANET. The main problem in MANET is that, the routing tables which consists of each neighbour node information which maintained by the each node for the dynamic topology creation which is insecure. So to overcome this drawback, a optimized FMNK (Finger print Minutiae point non-invertible Key) algorithm is produced utilizing Biometric image models are introduced which can afford security and authentication. An optimized FMNK-SSL-AES-256(Finger print non invert able key Secure Socket Layer-Advance Encryption Standard) encryption algorithm is being introduced to encrypt the information applying a key to increase the security in MANET. Once the algorithm was developed the tables are protected with this proposed model and the message communication among nodes shown through NS2 tool. This showed the communication among starting node to end with minimum cost by dynamic calculation of Euclidian distance Model.
Keywords: cryptography; mobile ad hoc networks; telecommunication network routing; telecommunication network topology; telecommunication security; DOS; Euclidian distance model; FMNK cryptography model; MANET routing table security; NS2 tool; biometric image models; denial-of-service attack; dynamic topology creation; finger print minutiae point noninvertible key algorithm; finger print noninvertable key secure socket layer-advance encryption standard encryption algorithm; finite interaction range; flooding attack; message communication; mobile ad hoc network; movable nodes; multihop wireless associates; neighbour node information; optimized FMNK-SSL-AES-256; starting node; Ciphers; Encryption; Fingerprint recognition; Mobile ad hoc networks; Peer-to-peer computing; FMNK; MANET; SSL-AES-256; crossover operator; fingerprint; minutiae points (ID#: 16-10992)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7254021&isnumber=7253613
S. Sicari, A. Rizzardi, L. A. Grieco and A. Coen-Porisini, “GoNe: Dealing with Node Behavior,” Consumer Electronics - Berlin (ICCE-Berlin), 2015 IEEE 5th International Conference on, Berlin, 2015, pp. 358-362. doi: 10.1109/ICCE-Berlin.2015.7391280
Abstract: The detection of malicious nodes still represents a challenging task in wireless sensor networks. This issue is particularly relevant in data sensitive services. In this work a novel scheme, namely GoNe, is proposed, able to enforce data security and privacy leveraging a machine learning technique based on self organizing maps. GoNe provides an assessment of node reputation scores on a dynamic basis and in presence of multiple kinds of malicious attacks. Its performance has been extensively analized through simulations, which demonstrate its effectiveness in terms of node behavior classification, attack identification, data accuracy, energy efficiency and signaling overhead.
Keywords: data privacy; learning (artificial intelligence); self-organising feature maps; telecommunication computing; wireless sensor networks; GoNe; attack identification; data accuracy; data privacy; data security; energy efficiency; machine learning technique; malicious nodes; node behavior classification; node reputation scores; self organizing maps; wireless sensor networks; Cryptography; Data models; Data privacy; Engines; Neurons; Wireless sensor networks; Reputation; Security; Wireless Sensor Network
(ID#: 16-10993)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7391280&isnumber=7391194
P. Shen, K. Guo, M. Xiao and Q. Xu, “Spy: A QoS-Aware Anonymous Multi-Cloud Storage System Supporting DSSE,” Cluster, Cloud and Grid Computing (CCGrid), 2015 15th IEEE/ACM International Symposium on, Shenzhen, 2015, pp. 951-960. doi: 10.1109/CCGrid.2015.88
Abstract: Constructing an overlay storage system based on multiple personal cloud storages is a desirable technique and novel idea for cloud storages. Existing designs provide the basic functions with some customized features. Unfortunately, some important issues have always been ignored including privacy protection, QoS and cipher-text search. In this paper, we present Spy, our design for an anonymous storage overlay network on multiple personal cloud storage, supporting a flexible QoS awareness and cipher-text search. We reform the original Tor protocol by extending the command set and adding a tail part to the Tor cell, which makes it possible for coordination among proxy servers and still keeps the anonymity. Based on which, we proposed a flexible user-defined QoS policy and employed a Dynamic Searchable Symmetric Encryption (DSSE) scheme to support secure cipher-text search. Extensive security analysis prove the security on privacy preserving and experiments show how different QoS policy work according to different security requirements.
Keywords: cloud computing; cryptography; data privacy; information retrieval; quality of service; storage management; DSSE; QoS-aware anonymous multicloud storage system; Spy; Tor cell; Tor protocol; anonymous storage overlay network; cipher-text search; dynamic searchable symmetric encryption scheme; flexible QoS awareness; flexible user-defined QoS policy; multiple personal cloud storage; multiple personal cloud storages; overlay storage system; privacy protection; security requirements; Cloud computing; Encryption; Indexes; Quality of service; Servers; Cipher-text search; PCS; Privacy Preserving; QoS (ID#: 16-10994)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7152581&isnumber=7152455
W. Sun, X. Liu, W. Lou, Y. T. Hou and H. Li, “Catch You If You Lie to Me: Efficient Verifiable Conjunctive Keyword Search over Large Dynamic Encrypted Cloud Data,” Computer Communications (INFOCOM), 2015 IEEE Conference on, Kowloon, 2015, pp. 2110-2118. doi: 10.1109/INFOCOM.2015.7218596
Abstract: Encrypted data search allows cloud to offer fundamental information retrieval service to its users in a privacy-preserving way. In most existing schemes, search result is returned by a semi-trusted server and usually considered authentic. However, in practice, the server may malfunction or even be malicious itself. Therefore, users need a result verification mechanism to detect the potential misbehavior in this computation outsourcing model and rebuild their confidence in the whole search process. On the other hand, cloud typically hosts large outsourced data of users in its storage. The verification cost should be efficient enough for practical use, i.e., it only depends on the corresponding search operation, regardless of the file collection size. In this paper, we are among the first to investigate the efficient search result verification problem and propose an encrypted data search scheme that enables users to conduct secure conjunctive keyword search, update the outsourced file collection and verify the authenticity of the search result efficiently. The proposed verification mechanism is efficient and flexible, which can be either delegated to a public trusted authority (TA) or be executed privately by data users. We formally prove the universally composable (UC) security of our scheme. Experimental result shows its practical efficiency even with a large dataset.
Keywords: cloud computing; cryptography; trusted computing; computation outsourcing model; data users; dynamic encrypted cloud data; efficient verifiable conjunctive keyword search; encrypted data search scheme; file collection size; public trusted authority; result verification mechanism; semitrusted server; universally composable security; Conferences; Cryptography; Indexes; Keyword search; Polynomials; Servers (ID#: 16-10995)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218596&isnumber=7218353
M. Feiri, R. Pielage, J. Petit, N. Zannone and F. Kargl, “Pre-Distribution of Certificates for Pseudonymous Broadcast Authentication in VANET,” Vehicular Technology Conference (VTC Spring), 2015 IEEE 81st, Glasgow, 2015, pp. 1-5. doi: 10.1109/VTCSpring.2015.7146029
Abstract: In the context of vehicular networks, certificate management is challenging because of the dynamic topology and privacy requirements. In this paper we propose a technique that combines certificate omission and certificate pre-distribution in order to reduce communication overhead and to minimize cryptographic packet loss. Simulation results show that this technique is useful to improve awareness quality during pseudonym changes.
Keywords: cryptography; telecommunication security; vehicular ad hoc networks; VANET; certificate management; certificate pre-distribution; communication overhead; cryptographic packet loss; pseudonymous broadcast authentication; vehicular networks; Bandwidth; Cryptography; Privacy; Vehicles; Vehicular ad hoc networks; Wireless communication (ID#: 16-10996)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146029&isnumber=7145573
W. C. Hsieh, C. C. Wu and Y. W. Kao, “A Study of Android Malware Detection Technology Evolution,” Security Technology (ICCST), 2015 International Carnahan Conference on, Taipei, 2015, pp. 135-140. doi: 10.1109/CCST.2015.7389671
Abstract: According to the report of International Data Corporation (IDC), Android OS has dominated the worldwide smart phone Operating System (OS) Market with a 78% share at the first quarter of 2015; also, in the report of F-Secure, 99% of new smart phone threats emerged in the first quarter of 2014 are designed for Android. In recent years, many kinds of malware, such as Botnet, Backdoor, Rootkits, and Trojans, start to attack smart phones for conducting crimes such as fraud, service misuse, information stealing, and root access. In general, they have some shared characteristics, such as constantly scanning for Bluetooth to shorten the device's battery life, accessing the GPS to send the position information to Internet, and jamming the communication between device and the base station to paralyze the wireless network. According to these characteristics, there are a lot of detection method proposed, such as behavior checking, permission-based analysis, and Static Analysis, applied in malware detection software and anti-virus software. However, advanced hackers can utilize some techniques, such as emulator detection, packer, and code obfuscation, to prevent their attacks from being detected. This paper focuses on reviewing the malware evolution which makes malware detection more and more difficult, as well as the development of malware detection software which makes smart phones safer. Finally, our survey gives an insight into the malware evolution trend to increase the detecting rate of unknown malware for malware detection software.
Keywords: Android (operating system); invasive software; program diagnostics; smart phones; Android OS; Android malware detection technology evolution; Bluetooth; F-Secure; IDC; International Data Corporation; anti-virus software; backdoor; base station; behavior checking; botnet; code obfuscation; detection method; emulator detection; fraud; information stealing; malware detection software; malware evolution; operating system; packer; permission-based analysis; root access; rootkits; service misuse; smart phone threats; static analysis; trojans; wireless network; Cryptography; Mobile communication; Operating systems; Smart phones; Trojan horses; Android malware; Behavioral Analysis; Dynamic Analysis; Static Analysis; anti-virus (ID#: 16-10997)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389671&isnumber=7389647
M. Alajeely, A. Ahmad and R. Doss, “Malicious Node Traceback in Opportunistic Networks Using Merkle Trees,” 2015 IEEE International Conference on Data Science and Data Intensive Systems, Sydney, NSW, 2015, pp. 147-152. doi: 10.1109/DSDIS.2015.86
Abstract: Security is a major challenge in Opportunistic Networks because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security threats in OppNets since neither source nodes nor destination nodes have the knowledge of where or when the packet will be dropped. In this paper, we present a malicious nodes detection mechanism against a special type of packet dropping attack where the malicious node drops one or more packets and then injects new fake packets instead. Our novel detection and traceback mechanism is very powerful and has very high accuracy. Each node can detect and then traceback the malicious nodes based on a solid and powerful idea that is, Merkle tree hashing technique. In our defense techniques we have two stages. The first stage is to detect the attack, and the second stage is to find the malicious nodes. We have compared our approach with the acknowledgement based mechanisms and the networks coding based mechanism which are well known approaches in the literature. Simulation results show this robust mechanism achieves a very high accuracy and detection rate.
Keywords: computer network security; cryptography; Merkle tree hashing technique; acknowledgement based mechanisms; destination nodes; malicious node traceback; malicious nodes detection mechanism; networks coding based mechanism; opportunistic networks; packet dropping attack; source nodes; Australia; Electronic mail; Information technology; Network coding; Routing; Security; Wireless communication; Denial-of-Service; Malicious Node Detection; OppNets; Opportunistic Networks; Packet Dropping Attacks; Security (ID#: 16-10998)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7396496&isnumber=7396460
K. Fan, N. Huang, Y. Wang, H. Li and Y. Yang, “Secure and Efficient Personal Health Record Scheme Using Attribute-Based Encryption,” Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, New York, NY, 2015, pp. 111-114. doi: 10.1109/CSCloud.2015.40
Abstract: With the rapid development of the cloud computing, personal health record (PHR) has attracted great attention of many researchers all over the world recently. However, PHR, which is often outsourced to be stored at a third party, has many security and efficiency issues. Therefore, the study of secure and efficient Personal Health Record Scheme to protect users' privacy in PHR files is of great significance. In this paper, we present a secure and efficient Personal Health Record scheme called SE-PHR. In the SE-PHR scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, the Key-Aggregate Encryption called KAE is exploited. For the users of PUD, we use outsource-able multi-authority attribute-based encryption (MA-ABE) to largely eliminate the overhead for users and support efficient attribute revocation without updating the user's private key. Our scheme also presents a new algorithm which enables dynamic modification of access policies. Function and performance testing results show the security and efficiency of the proposed SE-PHR.
Keywords: cloud computing; cryptography; data privacy; electronic health records; MA-ABE; SE-PHR; key-aggregate encryption; multiauthority attribute-based encryption; personal domain; personal health record; public domain; security issue; user privacy; Cloud computing; Encryption; Heuristic algorithms; Servers; Transforms; Cloud Computing; Data Sharing; Personal health record; Privacy Protection (ID#: 16-10999)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371468&isnumber=7371418
S. D. Taru and V. B. Maral, “Object Oriented Accountability Approach in Cloud for Data Sharing with Patchy Image Encryption,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 1688-1693. doi: 10.1109/ICACCI.2015.7275856
Abstract: Cloud computing presents a new approach for delivery model and consumption of different IT services based on internet. Highly scalable and virtualized resources are provided as a service on demand basis. Cloud computing provides flexibility for deploying applications at lower cost while increasing business agility. The main feature of using cloud services is that user's data are more often processed at remote machines which are unknown to user. As user do not own these remote machine used for speed up data processing or operate them in cloud, users can lose control of own confidential data. Despite of all of advantages of cloud this remains a challenge and acts as a barrier to the large scale adoption of cloud. To address above problem in this paper we present object oriented approach that performs automated logging mechanism to ensure any access to user's data will trigger authentication with use of decentralized information accountability framework called as CIA (Cloud Information Accountability) [1]. We use the JAR (JAVA Archive File) programmable capabilities to create dynamic travelling object containing user's data. To strengthen the distributed data security we use the chaos image encryption technique specific to image files. Chaos is patchy image encryption technique based on pixel shuffling. Randomness of the chaos is made utilized to scramble the position of the pixel of image.
Keywords: Java; chaos; cloud computing; cryptography; image coding; message authentication; object-oriented programming; CIA; JAR; JAVA archive file; automated logging mechanism; chaos image encryption technique; cloud information accountability; data sharing; distributed data security; object oriented accountability approach; pixel shuffling; user authentication; Authentication; Chaos; Ciphers; Cloud computing; Encryption; Accountability; Chaos encryption; Cloud computing; Data sharing; Logging mechanism
(ID#: 16-11000)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275856&isnumber=7275573
M. Portnoi and C. C. Shen, “Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption,” Computing, Networking and Communications (ICNC), 2015 International Conference on, Garden Grove, CA, 2015, pp. 89-93. doi: 10.1109/ICCNC.2015.7069321
Abstract: Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.
Keywords: Bluetooth; authorisation; cryptography; mobile computing; Bluetooth low energy beacons; Loc-Auth; attribute-based encryption; authentication security; encoded access policies; encrypted messages; hard-to-remember passwords; location awareness; location-enabled authentication; mobile sign-on scheme; two-factor authentication; user authentication; user experience; Conferences; Cryptography; Decision support systems; Handheld computers; Information security; Radio frequency; authentication; bluetooth low energy; security (ID#: 16-11001)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069321&isnumber=7069279
J. Chen, Q. Yuan, G. Xue and R. Du, “Game-Theory-Based Batch Identification of Invalid Signatures in Wireless Mobile Networks,” Computer Communications (INFOCOM), 2015 IEEE Conference on, Kowloon, 2015, pp. 262-270. doi: 10.1109/INFOCOM.2015.7218390
Abstract: Digital signature has been widely employed in wireless mobile networks to ensure the authenticity of messages and identity of nodes. A paramount concern in signature verification is reducing the verification delay to ensure the network QoS. To address this issue, researchers have proposed the batch cryptography technology. However, most of the existing works focus on designing batch verification algorithms without sufficiently considering the impact of invalid signatures. The performance of batch verification could dramatically drop, if there are verification failures caused by invalid signatures. In this paper, we propose a Game-theory-based Batch Identification Model (GBIM) for wireless mobile networks, enabling nodes to find invalid signatures with the optimal delay under heterogeneous and dynamic attack scenarios. Specifically, we design an incomplete information game model between a verifier and its attackers, and prove the existence of Nash Equilibrium, to select the dominant algorithm for identifying invalid signatures. Moreover, we propose an auto-match protocol to optimize the identification algorithm selection, when the attack strategies can be estimated based on history information. Comprehensive simulation results demonstrate that GBIM can identify invalid signatures more efficiently than existing algorithms.
Keywords: cryptography; digital signatures; game theory; mobile communication; quality of service; telecommunication security; GBIM; Nash Equilibrium; QoS network; batch cryptography technology; batch identification; batch verification; digital signature; dynamic attack; game theory based batch identification model; invalid signatures; message authentication; signature verification; wireless mobile networks; Algorithm design and analysis; Games; Heuristic algorithms; Magnetic resonance imaging; Mobile communication; Mobile computing; Testing; Batch identification (ID#: 16-11002)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218390&isnumber=7218353
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.