Multi-agent based framework for secure and reliable communication among open clouds

Cloud Computing (CC) is an emerging field of Information Technology. CC environment completely relies on the perception of utility, service-oriented, cluster and grid computing. The idea of virtualization discriminates CC from other fields. CC environment provides better, reliable, and scalable services. Since clouds are working independently smooth, but standalone, cloud operation is complex. Therefore the need of interoperability and portability with other clouds come into play which increases the scope of the cloud environment. Then, the security threats are increased in the cloud environments. In order to address the problem, a Secure Multi-Agent based framework for Communication among Open Clouds is proposed in this paper. In the framework, each cloud has a secure Mobile Agent which is responsible of the secure communication among clouds. Thus, authentication of Mobile Agents is performed by the Directory Agent. Directory agents are included in order to avoid the joining malicious or attacker mobile agents into the cloud. The theoretical and practical results show that Multi-agent based framework is more reliable and secure than other cloud environments.Mehmood, A.; Song, H.; Lloret, J. (2014). Multi-agent based framework for secure and reliable communication among open clouds. Network Protocols and Algorithms. 6(4):60-76. doi:10.5296/npa.v6i4.6028S60766

Secure migration of WebAssembly-based mobile agents between secure enclaves

Cryptography and security protocols are today commonly used to protect data at-rest and in-transit. In contrast, protecting data in-use has seen only limited adoption. Secure data transfer methods employed today rarely provide guarantees regarding the trustworthiness of the software and hardware at the communication endpoints. The field of study that addresses these issues is called Trusted or Confidential Computing and relies on the use of hardware-based techniques. These techniques aim to isolate critical data and its processing from the rest of the system. More specifically, it investigates the use of hardware isolated Secure Execution Environments (SEEs) where applications cannot be tampered with during operation. Over the past few decades, several implementations of SEEs have been introduced, each based on a different hardware architecture. However, lately, the trend is to move towards architecture-independent SEEs. As part of this, Huawei research project is developing a secure enclave framework that enables secure execution and migration of applications (mobile agents), regardless of the underlying architecture. This thesis contributes to the development of the framework by participating in the design and implementation of a secure migration scheme for the mobile agents. The goal is a scheme wherein it is possible to transfer the mobile agent without compromising the security guarantees provided by SEEs. Further, the thesis also provides performance measurements of the migration scheme implemented in a proof of concept of the framework

Data Confidentiality in Mobile Ad hoc Networks

Mobile ad hoc networks (MANETs) are self-configuring infrastructure-less networks comprised of mobile nodes that communicate over wireless links without any central control on a peer-to-peer basis. These individual nodes act as routers to forward both their own data and also their neighbours' data by sending and receiving packets to and from other nodes in the network. The relatively easy configuration and the quick deployment make ad hoc networks suitable the emergency situations (such as human or natural disasters) and for military units in enemy territory. Securing data dissemination between these nodes in such networks, however, is a very challenging task. Exposing such information to anyone else other than the intended nodes could cause a privacy and confidentiality breach, particularly in military scenarios. In this paper we present a novel framework to enhance the privacy and data confidentiality in mobile ad hoc networks by attaching the originator policies to the messages as they are sent between nodes. We evaluate our framework using the Network Simulator (NS-2) to check whether the privacy and confidentiality of the originator are met. For this we implemented the Policy Enforcement Points (PEPs), as NS-2 agents that manage and enforce the policies attached to packets at every node in the MANET.Comment: 12 page

Secure agent data integrity shield

In the rapidly expanding field of E-Commerce, mobile agent is the emerging technology that addresses the requirement of intelligent filtering/processing of information. This paper will address the area of mobile agent data integrity protection. We propose the use of Secure Agent Data Integrity Shield (SADIS) as a scheme that protects the integrity of data collected during agent roaming. With the use of a key seed negotiation protocol and integrity protection protocol, SADIS protects the secrecy as well as the integrity of agent data. Any illegal data modification, deletion, or insertion can be detected either by the subsequent host or the agent butler. Most important of all, the identity of each malicious host can be established. To evaluate the feasibility of our design, a prototype has been developed using Java. The result of benchmarking shows improvement both in terms of data and time efficiency

Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

A general purpose programming framework for ubiquitous computing environments

It is important to note that the need to support ad-hoc and potentially mobile arrangements of devices in ubiquitous environments does not fit well within the traditional client/server architecture. We believe peer-to-peer communication offers a preferable alternative due to its decentralised nature, removing dependence on individual nodes. However, this choice adds to the complexity of the developers task. In this paper, we describe a two-tiered approach to address this problem: A lower tier employing peer-to-peer interactions for managing the network infrastructure and an upper tier providing a mobile agent based programming framework. The result is a general purpose framework for developing ubiquitous applications and services, where the underlying complexity is hidden from the developer. This paper discusses our on-going work; presenting our design decisions, features supported by our framework, and some of the challenges still to be addressed in a complex programming environment

The simplicity project: easing the burden of using complex and heterogeneous ICT devices and services

As of today, to exploit the variety of different "services", users need to configure each of their devices by using different procedures and need to explicitly select among heterogeneous access technologies and protocols. In addition to that, users are authenticated and charged by different means. The lack of implicit human computer interaction, context-awareness and standardisation places an enormous burden of complexity on the shoulders of the final users. The IST-Simplicity project aims at leveraging such problems by: i) automatically creating and customizing a user communication space; ii) adapting services to user terminal characteristics and to users preferences; iii) orchestrating network capabilities. The aim of this paper is to present the technical framework of the IST-Simplicity project. This paper is a thorough analysis and qualitative evaluation of the different technologies, standards and works presented in the literature related to the Simplicity system to be developed