Security in mobile agent systems: an approach to protect mobile agents from malicious host attacks

Mobile agents are autonomous programs that roam the Internet from machine to machine under their own control on behalf of their users to perform specific pre-defined tasks. In addition to that, a mobile agent can suspend its execution at any point; transfer itself to another machine then resume execution at the new machine without any loss of state. Such a mobile model can perform many possible types of operations, and might carry critical data that has to be protected from possible attacks. The issue of agent security and specially agent protection from host attacks has been a hot topic and no fully comprehensive solution has been found so far. In this thesis, we examine the possible security attacks that hosts and agents suffer from. These attacks can take one of four possible forms: Attacks from host to host, from agents to hosts, from agents to agents (peer to peer) and finally from hosts to agents. Our main concern in this thesis is these attacks from a malicious host on an agent. These attacks can take many forms including rerouting, spying out code, spying out data, spying out control flow, manipulation of code, manipulation of data, manipulation of control flow, incorrect execution of code, masquerading and denial of execution. In an attempt to solve the problem of malicious host attacks on agents, many partial solutions were proposed. These solutions ranged across simple legal protection, hardware solutions, partitioning, replication and voting, components, self-authentication, and migration history. Other solutions also included using audit logs, read-only state, append only logs, encrypted algorithms, digital signatures, partial result authentication codes, and code mess-up, limited life time of code and data as well as time limited black box security. In this thesis, we present a three-tier solution. This solution is a combination of code mess up, encryption and time out. Choosing code mess-up as part of the solution was due to the several strengths of this method that is based on obfuscating the features of the code so that any attacker will find it very difficult to understand the original code. A new algorithm iii was developed in this thesis to implement code mess-up that uses the concept of variable disguising by altering the values of strings and numerical values. Several encryption algorithms were studied to choose the best algorithm to use in the development of the proposed solution. The algorithms studied included DES, LUCIFER, MADRYGA, NEWDES, FEAL, REDOC, LOKI, KHUFU & KHAFRE, IDEA and finally MMB. The algorithm used was the DES algorithm due to several important factors including its key length. Not any language can be used to implement mobile agents. Candidate languages should possess the portability characteristic and should be safe and secure enough to guarantee a protection for the mobile agent. In addition to that the language should be efficient in order to minimize the implementation overhead and the overhead of providing safety and security. Languages used to implement mobile agents include Java, Limbo, Telescript, and Safe TCL. The Java language was chosen as the programming language for this thesis due to its high security, platform independence, and multithreading. This is in addition to several powerful features that characterize the Java language as will be mentioned later on. Implementing a mobile agent requires the assistance of a mobile agent system that helps in launching the agent from one host to another. There are many existing agent launching systems like Telescript, Aglets, Tacoma, Agent TCL and Concordia. Concordia was chosen to be the implementation tool used to launch our mobile agent. It is a software framework for developing, running and administering mobile agents, and it proved to be very efficient, and effective. The results of our proposed solutions showed the strength of the proposed model in terms of fully protecting the mobile agent from possible malicious host attacks. The model could have several points of enhancements. These enhancements include changing the code mess-up algorithm to a more powerful one, using a different encryption technique, and implementing an agent re-charge mechanism to recharge the agent after it is timeout

Evolution of network computing paradigms: applications of mobile agents in wired and wireless networks

The World Wide Web (or Web for short) is the largest client-server computing system commonly available, which is used through its widely accepted universal client (the Web browser) that uses a standard communication protocol known as the HyperText Transfer Protocol (HTTP) to display information described in the HyperText Markup Language (HTML). The current Web computing model allows the execution of server-side applications such as Servlets and client-side applications such as Applets. However, it offers limited support for another model of network computing where users would be able to use remote, and perhaps more powerful, machines for their computing needs. The client-server model enables anyone with a Web-enabled device ranging from desktop computers to cellular telephones, to retrieve information from the Web. In today's information society, however, users are overwhelmed by the information with which they are confronted on a daily basis. For subscribers of mobile wireless data services, this may present a problem. Wireless handheld devices, such as cellular telephones are connected via wireless networks that suffer from low bandwidth and have a greater tendency for network errors. In addition, wireless connections can be lost or degraded by mobility. Therefore, there a need for entities that act on behalf of users to simplify the tasks of discovering and managing network computing resources. It has been said that software agents are a solution in search of a problem. Mobile agents, however, are inherently distributed in nature, and therefore they represent a natural view of a distributed system. They provide an ideal mechanism for implementing complex systems, and they are well suited for applications that are communicationscentric such as Web-based network computing. Another attractive area of mobile agents is processing data over unreliable networks (such as wireless networks). In such an environment, the low reliability network can be used to transfer agents rather than a chunk. of data. The agent can travel to the nodes of the network, collect or process information without the risk of network disconnection, then return home. The publications of this doctorate by published works report on research undertaken in the area of distributed systems with emphasis on network computing paradigms, Web-based distributed computing, and the applications of mobile agents in Web-based distributed computing and wireless computing. The contributions of this collection of related papers can be summarized in four points. First, I have shown how to extend the Web to include computing resources; to illustrate the feasibility of my approach I have constructed a proof of concept implementation. Second, a mobile agent-based approach to Web-based distributed computing, that harness the power of the Web as a computing resource, has been proposed and a system has been prototyped. This, however, means that users will be able to use remote machines to execute their code, but this introduces a security risk. I need to make sure that malicious users cannot harm the remote system. For this, a security policy design pattern for mobile Java code has been developed. Third, a mediator-based approach to wireless client/server computing has been proposed and guidelines for implementing it have been published. This approach allows access to Internet services and distributed object systems from resource-constraint handheld wireless devices such as cellular telephones. Fourth and finally, a mobile agent-based approach to the Wireless Internet has been designed and implemented. In this approach, remote mobile agents can be accessed and used from wireless handheld devices. Handheld wireless devices will benefit greatly from this approach since it overcomes wireless network limitations such as low bandwidth and disconnection, and enhances the functionality of services by being able to operate without constant user input

A trustworthy mobile agent infrastructure for network management

Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks

A cooperative cellular and broadcast conditional access system for Pay-TV systems

This is the author's accepted manuscript. The final published article is available from the link below. Copyright @ 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The lack of interoperability between Pay-TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay-TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay-TV systems. As a result, this paper presents the Mobile Conditional Access System (MICAS) as an end-to-end access control solution for Pay-TV systems. It incorporates the mobile and broadcasting systems and provides a platform whereby service providers can effectively interact with their customers, personalize their services and adopt appropriate security measurements. This would result in the decrease of operating expenses and increase of customers' satisfaction in the system. The paper provides an overview of state-of-the-art conditional access solutions followed by detailed description of design, reference model implementation and analysis of possible MICAS security architectures.Strategy & Technology (S&T) Lt

Towards a Framework for Developing Mobile Agents for Managing Distributed Information Resources

Distributed information management tools allow users to author, disseminate, discover and manage information within large-scale networked environments, such as the Internet. Agent technology provides the flexibility and scalability necessary to develop such distributed information management applications. We present a layered organisation that is shared by the specific applications that we build. Within this organisation we describe an architecture where mobile agents can move across distributed environments, integrate with local resources and other mobile agents, and communicate their results back to the user

Management system requirements for wireless systems beyond 3G

This paper presents a comprehensive description of various management system requirements for systems beyond 3G, which have been identified as a result of the Software Based Systems activities within the Mobile VCE Core 2 program. Specific requirements for systems beyond 3G are discussed and potential technologies to address them proposed. The analysis has been carried out from network, service and security viewpoints