Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation

Preemptive mobile code protection using spy agents

This thesis introduces 'spy agents' as a new security paradigm for evaluating trust in remote hosts in mobile code scenarios. In this security paradigm, a spy agent, i.e. a mobile agent which circulates amongst a number of remote hosts, can employ a variety of techniques in order to both appear 'normal' and suggest to a malicious host that it can 'misuse' the agent's data or code without being held accountable. A framework for the operation and deployment of such spy agents is described. Subsequently, a number of aspects of the operation of such agents within this framework are analysed in greater detail. The set of spy agent routes needs to be constructed in a manner that enables hosts to be identified from a set of detectable agent-specific outcomes. The construction of route sets that both reduce the probability of spy agent detection and support identification of the origin of a malicious act is analysed in the context of combinatorial group testing theory. Solutions to the route set design problem are proposed. A number of spy agent application scenarios are introduced and analysed, including: a) the implementation of a mobile code email honeypot system for identifying email privacy infringers, b) the design of sets of agent routes that enable malicious host detection even when hosts collude, and c) the evaluation of the credibility of host classification results in the presence of inconsistent host behaviour. Spy agents can be used in a wide range of applications, and it appears that each application creates challenging new research problems, notably in the design of appropriate agent route sets

A mobile agent clone detection system using general transferable E-cash and its specific implementation with Ferguson's E-coin.

by Lam Tak-Cheung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 61-66).Abstracts in English and Chinese.Chapter 1. --- Introduction --- p.1Chapter 1.1 --- Evolution of the Mobile Agent Paradigm --- p.2Chapter 1.2 --- Beneficial Aspects of Mobile Agents --- p.3Chapter 1.3 --- Security Threats of Mobile Agents --- p.4Chapter 1.4 --- Organization of the Thesis --- p.6Chapter 2. --- Background of Cryptographic Theories --- p.7Chapter 2.1 --- Introduction --- p.7Chapter 2.2 --- Encryption and Decryption --- p.7Chapter 2.3 --- Six Cryptographic Primitives --- p.8Chapter 2.3.1 --- Symmetric Encryption --- p.8Chapter 2.3.2 --- Asymmetric Encryption --- p.9Chapter 2.3.3 --- Digital Signature --- p.9Chapter 2.3.4 --- Message Digest --- p.10Chapter 2.3.5 --- Digital Certificate --- p.11Chapter 2.3.6 --- Zero-Knowledge Proof --- p.11Chapter 2.4 --- RSA Public Key Cryptosystem --- p.12Chapter 2.5 --- Blind Signature --- p.13Chapter 2.6 --- Secret Sharing --- p.14Chapter 2.7 --- Conclusion Remarks --- p.14Chapter 3. --- Background of Mobile Agent Clones --- p.15Chapter 3.1 --- Introduction --- p.15Chapter 3.2 --- Types of Agent Clones --- p.15Chapter 3.3 --- Mobile Agent Cloning Problems --- p.16Chapter 3.4 --- Baek's Detection Scheme for Mobile Agent Clones --- p.17Chapter 3.4.1 --- The Main Idea --- p.17Chapter 3.4.2 --- Shortcomings of Baek's Scheme --- p.18Chapter 3.5 --- Conclusion Remarks --- p.19Chapter 4. --- Background of E-cash --- p.20Chapter 4.1 --- Introduction --- p.20Chapter 4.2 --- The General E-cash Model --- p.21Chapter 4.3 --- Chaum-Pedersen's General Transferable E-cash --- p.22Chapter 4.4 --- Ferguson's Single-term Off-line E-coins --- p.23Chapter 4.4.1 --- Technical Background of the Secure Tools --- p.24Chapter 4.4.2 --- Protocol Details --- p.27Chapter 4.5 --- Conclusion Remarks --- p.30Chapter 5. --- A Mobile Agent Clone Detection System using General Transferable E-cash --- p.31Chapter 5.1 --- Introduction --- p.31Chapter 5.2 --- Terminologies --- p.33Chapter 5.3 --- Mobile Agent Clone Detection System with Transferable E-cash --- p.34Chapter 5.4 --- Security and Privacy Analysis --- p.37Chapter 5.5 --- Attack Scenarios --- p.39Chapter 5.5.1 --- The Chosen Host Response Attack --- p.39Chapter 5.5.2 --- The Truncation and Substitution Attack --- p.40Chapter 5.6 --- An Alternative Scheme without Itinerary Privacy --- p.41Chapter 5.7 --- Conclusion Remarks --- p.43Chapter 6. --- Specific Implementation of the Mobile Agent Clone Detection System with Transferable Ferguson's E-coin --- p.45Chapter 6.1 --- Introduction --- p.45Chapter 6.2 --- The Clone Detection Environment --- p.46Chapter 6.3 --- Protocols --- p.48Chapter 6.3.2 --- Withdrawing E-tokens --- p.48Chapter 6.3.2 --- The Agent Creation Protocol --- p.51Chapter 6.3.3 --- The Agent Migration Protocol --- p.51Chapter 6.3.4 --- Clone Detection and Culprit Identification --- p.52Chapter 6.4 --- Security and Privacy Analysis --- p.54Chapter 6.5 --- Complexity Analysis --- p.55Chapter 6.5.1 --- Compact Passport --- p.55Chapter 6.5.2 --- Passport growth in size --- p.56Chapter 6.6 --- Conclusion Remarks --- p.56Chapter 7. --- Conclusions --- p.58Appendix 一 Papers derived from this thesis Bibliograph

DNAgents: Genetically Engineered Intelligent Mobile Agents

Mobile agents are a useful paradigm for network coding providing many advantages and disadvantages. Unfortunately, widespread adoption of mobile agents has been hampered by the disadvantages, which could be said to outweigh the advantages. There is a variety of ongoing work to address these issues, and this is discussed. Ultimately, genetic algorithms are selected as the most interesting potential avenue. Genetic algorithms have many potential benefits for mobile agents. The primary benefit is the potential for agents to become even more adaptive to situational changes in the environment and/or emergent security risks. There are secondary benefits such as the natural obfuscation of functions inherent to genetic algorithms. Pitfalls also exist, namely the difficulty of defining a satisfactory fitness function and the variable execution time of mobile agents arising from the fact that it exists on a network. DNAgents 1.0, an original application of genetic algorithms to mobile agents is implemented and discussed, and serves to highlight these difficulties. Modifications of traditional genetic algorithms are also discussed. Ultimately, a combination of genetic algorithms and artificial life is considered to be the most appropriate approach to mobile agents. This allows the consideration of agents to be organisms, and the network to be their environment. Towards this end, a novel framework called DNAgents 2.0 is designed and implemented. This framework allows the continual evolution of agents in a network without having a seperate training and deployment phase. Parameters for this new framework were defined and explored. Lastly, an experiment similar to DNAgents 1.0 is performed for comparative purposes against DNAgents 1.0 and to prove the viability of this new framework

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Essays on behavioral and dynamic contract

This dissertation studies the design of prices or incentives in dynamic settings where customers are privately informed about their psychological biases, or agents are privately informed about the technology. Chapter 1 studies how firms set prices when their consumers have time-inconsistent preferences and naive beliefs. Temptation goods, such as credit card-financed con- sumption, are overvalued by consumers in the short run. It is typically assumed that a monopolistic firm maximizes profit by pricing temptation goods above marginal cost when consumer naivete is observable. However, market evidence contradicts this result. This chapter explains the puzzle by the assumption that consumer naivete is unobservable. Then it is optimal for a monopoly seller to offer a menu of options that have prices both above and below marginal cost. Chapter 2 studies a project manager deciding on workers’ workload assignments. Workers face productivity shocks over time. Workers also tend to procrastinate, although they prefer flexibility in production. Commitment of early production can overcome procrastination. The optimal compensation scheme depends on whether the manager’s objective is to maximize profit or welfare. It also depends on the degree of workers’ procrastination. When the worker is a serious procrastinator, it is optimal for a profit-maximizing manager to monitor midterm output according to a pass-fail criterion. The final chapter studies an investor deciding on resource allocation and manage- rial compensation. The manager privately observes time-varying project quality. A signal that contains information about the evolution of future quality is also privately available to the manager initially. When the manager reports a better initial signal, the investor allocates more resources to the project in every period. Growth of the project scale depends on how strongly the initial signal predicts future quality. How- ever, the project with a better initial signal may grow more slowly and distortions may persist indefinitely

Radio Spectrum and the Disruptive Clarity OF Ronald Coase.

In the Federal Communications Commission, Ronald Coase (1959) exposed deep foundations via normative argument buttressed by astute historical observation. The government controlled scarce frequencies, issuing sharply limited use rights. Spillovers were said to be otherwise endemic. Coase saw that Government limited conflicts by restricting uses; property owners perform an analogous function via the "price system." The government solution was inefficient unless the net benefits of the alternative property regime were lower. Coase augured that the price system would outperform the administrative allocation system. His spectrum auction proposal was mocked by communications policy experts, opposed by industry interests, and ridiculed by policy makers. Hence, it took until July 25, 1994 for FCC license sales to commence. Today, some 73 U.S. auctions have been held, 27,484 licenses sold, and $52.6 billion paid. The reform is a textbook example of economic policy success. We examine Coase‘s seminal 1959 paper on two levels. First, we note the importance of its analytical symmetry, comparing administrative to market mechanisms under the assumption of positive transaction costs. This fundamental insight has had enormous influence within the economics profession, yet is often lost in current analyses. This analytical insight had its beginning in his acclaimed early article on the firm (Coase 1937), and continued into his subsequent treatment of social cost (Coase 1960). Second, we investigate why spectrum policies have stopped well short of the property rights regime that Coase advocated, considering rent-seeking dynamics and the emergence of new theories challenging Coase‘s property framework. One conclusion is easily rendered: competitive bidding is now the default tool in wireless license awards. By rule of thumb, about$17 billion in U.S. welfare losses have been averted. Not bad for the first 50 years of this, or any, Article appearing in Volume II of the Journal of Law & Economics.

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems