A framework to protect mobile agents by using reference states

To protect mobile agents from attacks by their execution environments, or hosts, one class of protection mechanisms uses 'reference states' to detect modification attacks. Reference states are agent states that have been produced by non-attacking, or reference hosts. This paper examines this class of mechanisms and present the bandwidth of the achieved protection. First, a new general definition of attacks against mobile agents is presented. As this general definition does not lead to a practicable protection scheme, the notion of reference states is introduced. This notion allows to define a protection scheme that can be used to practically realize a whole number of mechanisms to protect mobile agents. Therefore, after an initial analysis of already existing approaches, the abstract features of these approaches are extracted. A discussion examines the strengths and weaknesses of the general protection scheme, and a framework is presented that allows an agent programmer to choose a level of protection using the reference states scheme. An example illustrates the usage of the framework, measurements present the overhead of the framework for the case of the example mechanism

A secure protocol based on a sedentary agent for mobile agent environments

The main challenge when deploying mobile agent environments pertains to security issues concerning mobile agents and their executive platform. This paper proposes a secure protocol which protects mobile agents against attacks from malicious hosts in these environments. Protection is based on the perfect cooperation of a sedentary agent running inside a trusted third host. Results show that the protocol detects several attacks, such as denial of service, incorrect execution and re-execution of the mobile agent code. Results also indicate that the traffic generated and run time are barely affected

A protocol to detect malicious hosts attacks by using reference states

To protect mobile agents from attacks by their execution environments, or hosts, one class of protection mechanisms uses 'reference states' to detect modification attacks. Reference states are agent states that have been produced by non-attacking, or reference hosts. This paper presents a new protocol using reference states by modifying an existing approach, called 'traces'. In contrast to the original approach, this new protocol offers a model, where the execution on one host is checked unconditionally and immediately on the next host, regardless of whether this host is trusted or untrusted. This modification preserves the qualitative advantages like asynchronous execution, but also introduces two new problems: input to the execution session on one host cannot be held secret to a second host, and collaboration attacks of two consecutive hosts are possible. The overhead needed for the protocol roughly doubles the cost of the mobile agent execution

Securing mobile agent in hostile environment.

by Mo Chun Man.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 72-80).Abstracts in English and Chinese.Chapter 1 --- INTRODUCTION --- p.1Chapter 1.1 --- The Mobile Agents --- p.2Chapter 1.2 --- The Mobile Agent Paradigm --- p.4Chapter 1.2.1 --- Initiatives --- p.5Chapter 1.2.2 --- Applications --- p.7Chapter 1.3 --- The Mobile Agent S ystem --- p.8Chapter 1.4 --- Security in Mobile Agent System --- p.9Chapter 1.5 --- Thesis Organization --- p.11Chapter 2 --- BACKGROUND AND FOUNDATIONS --- p.12Chapter 2.1 --- Encryption/Decryption --- p.12Chapter 2.2 --- One-way Hash Function --- p.13Chapter 2.3 --- Message Authentication Code (MAC) --- p.13Chapter 2.4 --- Homomorphic Encryption Scheme --- p.14Chapter 2.5 --- One-Round Oblivious Transfer --- p.14Chapter 2.6 --- Polynomial-time Algorithms --- p.14Chapter 2.7 --- Circuit --- p.15Chapter 3 --- SURVEY OF PROTECTION SCHEMES ON MOBILE AGENTS --- p.16Chapter 3.1 --- Introduction --- p.16Chapter 3.2 --- Detection Approaches --- p.17Chapter 3.2.1 --- Execution Traces --- p.17Chapter 3.2.2 --- Partial Result Encapsulation --- p.18Chapter 3.2.3 --- State Appraisal --- p.20Chapter 3.3 --- Prevention Approaches --- p.20Chapter 3.3.1 --- Sliding Encryption --- p.20Chapter 3.3.2 --- Tamper-resistant Hardware --- p.21Chapter 3.3.3 --- Multi-agent Cooperation --- p.22Chapter 3.3.4 --- Code Obfuscation --- p.23Chapter 3.3.5 --- Intention Spreading and Shrinking --- p.26Chapter 3.3.6 --- Encrypted Function Evaluation --- p.26Chapter 3.3.7 --- Black Box Test Prevention --- p.27Chapter 3.4 --- Chapter Summary --- p.29Chapter 4 --- TAXONOMY OF ATTACKS --- p.30Chapter 4.1 --- Introduction --- p.30Chapter 4.2 --- Whatis attack? --- p.31Chapter 4.3 --- How can attacks be done? --- p.32Chapter 4.4 --- Taxonomy of Attacks --- p.33Chapter 4.4.1 --- Purposeful Attack --- p.33Chapter 4.4.2 --- Frivolous Attack --- p.36Chapter 4.4.3 --- The Full Taxonomy --- p.38Chapter 4.5 --- Using the Taxonomy --- p.38Chapter 4.5.1 --- Match to Existing Protection Schemes --- p.38Chapter 4.5.2 --- Insight to Potential Protection Schemes --- p.41Chapter 4.6 --- Chapter Summary --- p.42Chapter 5 --- PROTECTION FOR REACTIVE MOBILE AGENTS --- p.43Chapter 5.1 --- Introduction --- p.43Chapter 5.2 --- The Model --- p.45Chapter 5.2.1 --- The Non-reactive and Reactive Mobile Agent Model --- p.45Chapter 5.2.2 --- The Computation Flow --- p.47Chapter 5.2.3 --- An Example --- p.49Chapter 5.3 --- tools --- p.51Chapter 5.3.1 --- Encrypted Circuit Construction --- p.51Chapter 5.3.2 --- Circuit Cascading --- p.53Chapter 5.4 --- Proposed Protection Scheme --- p.54Chapter 5.4.1 --- Two-hop Protocol --- p.55Chapter 5.4.2 --- Multi-hop Protocol --- p.60Chapter 5.5 --- Security Analysis --- p.60Chapter 5.5.1 --- Security under Purposeful Attacks --- p.61Chapter 5.5.2 --- Security under Frivolous Attacks --- p.62Chapter 5.6 --- Improvements --- p.62Chapter 5.6.1 --- Basic Idea --- p.63Chapter 5.6.2 --- Input Retrieval Protocol --- p.63Chapter 5.6.3 --- Combating Frivolous Attacks --- p.65Chapter 5.7 --- Further Considerations --- p.66Chapter 5.8 --- Chapter Summary --- p.67Chapter 6 --- CONCLUSIONS --- p.68APPENDIX --- p.71BIBLIOGRAPHY --- p.7

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems

A framework for the protection of mobile agents against malicious hosts

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performanceComputingD.Phil