Developing a security mechanism for software agents

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2006Includes bibliographical references (leaves: 73-76)Text in English; Abstract: Turkish and Englishx 76 leavesThis thesis proposes a message security solution on multi-agent systems. A general security analysis based on properties of software agents is presented along with an overview of security measures applicable to multi-agent systems. A security design and implementation has been developed to protect communication among agents. And this implementation scheme has been applied to Seagent, a semantic web enabled multi-agent framework. Hence, a set of agent security mechanisms have been adapted for Seagent and have been implemented for message confidentiality, integrity, authentication and nonrepudiation. Then these mechanisms have been tested for communication performance on Seagent

Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

A Secured Agent-based Model for a Peer-to-Peer System

In this paper, information exchange that is devoid of control in the peer-to-peer communication, exposes peer to malicious activities, insecure communication, loss of significant data or failure of the system. The complexity and perceived compromise in peers communicating at different levels necessitates modeling a secured agent-based model for a peer-to-peer system. This work was designed to accommodate peer registration phase that will allow peers on satisfying defined requirement, request for connection to the super peer, subsequently guaranteeing and promoting healthy system. The agent module in the network ascertains successfully connected peers on the network, certifying feedback agent goal and ready for peer communication. The result shows that peculiar security attacks from malicious and un-registered peers are systematically controlled in the peer-to-peer system. Key words : Peer-to-peer, Agent-based, Secured and Communication. DOI: 10.7176/CEIS/12-2-03 Publication date: May30th 202

No Superluminal Signaling Implies Unconditionally Secure Bit Commitment

Bit commitment (BC) is an important cryptographic primitive for an agent to convince a mutually mistrustful party that she has already made a binding choice of 0 or 1 but only to reveal her choice at a later time. Ideally, a BC protocol should be simple, reliable, easy to implement using existing technologies, and most importantly unconditionally secure in the sense that its security is based on an information-theoretic proof rather than computational complexity assumption or the existence of a trustworthy arbitrator. Here we report such a provably secure scheme involving only one-way classical communications whose unconditional security is based on no superluminal signaling (NSS). Our scheme is inspired by the earlier works by Kent, who proposed two impractical relativistic protocols whose unconditional securities are yet to be established as well as several provably unconditionally secure protocols which rely on both quantum mechanics and NSS. Our scheme is conceptually simple and shows for the first time that quantum communication is not needed to achieve unconditional security for BC. Moreover, with purely classical communications, our scheme is practical and easy to implement with existing telecom technologies. This completes the cycle of study of unconditionally secure bit commitment based on known physical laws.Comment: This paper has been withdrawn by the authors due to a crucial oversight on an earlier work by A. Ken

Multi-agent system security for mobile communication

This thesis investigates security in multi-agent systems for mobile communication. Mobile as well as non-mobile agent technology is addressed. A general security analysis based on properties of agents and multi-agent systems is presented along with an overview of security measures applicable to multi-agent systems, and in particular to mobile agent systems. A security architecture, designed for deployment of agent technology in a mobile communication environment, is presented. The security architecture allows modelling of interactions at all levels within a mobile communication system. This architecture is used as the basis for describing security services and mechanisms for a multi-agent system. It is shown how security mechanisms can be used in an agent system, with emphasis on secure agent communication. Mobile agents are vulnerable to attacks from the hosts on which they are executing. Two methods for dealing with threats posed by malicious hosts to a trading agent are presented. The rst approach uses a threshold scheme and multiple mobile agents to minimise the eect of malicious hosts. The second introduces trusted nodes into the infrastructure. Undetachable signatures have been proposed as a way to limit the damage a malicious host can do by misusing a signature key carried by a mobile agent. This thesis proposes an alternative scheme based on conventional signatures and public key certicates. Threshold signatures can be used in a mobile agent scenario to spread the risk between several agents and thereby overcome the threats posed by individual malicious hosts. An alternative to threshold signatures, based on conventional signatures, achieving comparable security guarantees with potential practical advantages compared to a threshold scheme is proposed in this thesis. Undetachable signatures and threshold signatures are both concepts applicable to mobile agents. This thesis proposes a technique combining the two schemes to achieve undetachable threshold signatures. This thesis denes the concept of certicate translation, which allows an agent to have one certicate translated into another format if so required, and thereby save storage space as well as being able to cope with a certicate format not foreseen at the time the agent was created

Trust correlation of mobile agent nodes with a regular node in a Adhoc network using decision-making strategy

A mobile agent offers discrete advantage both in facilitating better transmission as well as controlling the traffic load in Mobile Adhoc Network (MANET). Hence, such forms of network offers maximized dependencies on mobile agents in terms of its trust worthiness. At present, there are various work being carried out towards resisting security breach in MANET; however approaches using mobile agent based mechanism is few to found. Therefore, the proposed system introduces a novel mathematical model where an extensive decision making system has been constructed for identifying the malicious intention of mobile agents in case they go rogues. By adopting multi-tier communication policy and fairness concept, the proposed system offers the capability to resist any form of malicious activity of mobile agent without even presence of any apriori information of adversary. The outcome shows proposed system outshines existing security scheme in MANET

Novel framework using dynamic passphrase towards secure and energy-efficient communication in MANET

At Mobile Adhoc Network (MANET) has been long-researched topic in adhoc network owing to the associated advantages in its cost-effective application as well as consistent loophopes owing to its inherent charecteristics. This manuscript draws a relationship between the energy factor and security factor which has not been emphasized in any existing studies much. Review of existing security approaches shows that they are highly attack specific, uses complex encryption, and overlooks the involvement of energy factor in it. Therefore, the proposed system introduces a novel mechanism where security tokens and passphrases are utilized in order to offer better security. The proposed system also introduces the usage of an agent node which communications with mobile nodes using group-based communication system thereby ensuring reduced computational effort of mobile nodes towards establishing secured communication. The outcome shows proposed system offers better outcome in contrast to existing system

An Agent-Based Approach for Data Fusion in Homeland Security

This article presents an agent-based solution for data fusion in Homeland Security. Communication technology has been developed very fast in the last decades. We can get lots of data in milliseconds. Our current problem is to process such amounts of data in order to provide useful information. We have to focus our effort on developing intelligent information systems able to handle big amounts of data extracting or revealing relations among data and able to produce information easily understandable for the human user. That is the case of data fusion in tactical operations, especially in the field of defense and Homeland security. Our research is focused on obtaining a Multi-agent system able to inference future enemy’s actions or behaviors from data received from heterogeneous sensors

Security enhancement of route optimization in mobile IPv6 networks

Mobile IPv6 (MIPv6) allows Mobile Node (MN) to be always addressable by its home address. Route Optimization (RO) is standard in MIPv6 to route packets between MN and Correspondent Node (CN) using shortest possible path. It provides better bandwidth and faster transmission. RO greatly increases the security risk. This is one of the main reasons that IPv6 is not implemented yet. However, IPSec is used to protect signaling between MN and Home Agent. In this paper, focus is given on enhanced security scheme in terms of RO based Test-bed evaluation experiment. An enhanced security algorithm is developed on top of MIPv6 RO to secure data and prepare a safe communication between MN and CN. This algorithm is able to detect and prevent the attacker from modifying the data with using an encryption algorithm by cost of little bit increase but tolerable delay. The real-time network Test-bed is implemented to prove the efficiency of proposed method. The experimental results show that the proposed security scheme increases the security performance of the network. This gives advantage of safe communication that can significantly improve the data security of RO while maintaining the quality of other network performance