Managing Access Control in the Presence of Mobility

The increased pervasiveness of wireless mobile computing devices draws new attention to the need for coordination among small, networked components. The very nature of the environment requires devices to interact even when they meet unpredictably. Because these networks are often decoupled from a fixed infrastructure, reliance on centralized servers for authentication and access policies is impractical. Access control is crucial in such systems, and applications must directly manipulate and examine access policies because they require full control of their data. In this paper, we explore the essential features of general access control policies tailored to the needs of agent coordination in the presence of physical and logical mobility. We propose and evaluate novel constructs to support such policies in mobile applications

BROSMAP: A Novel Broadcast Based Secure Mobile Agent Protocol for Distributed Service Applications

Mobile agents are smart programs that migrate from one platform to another to perform the user task. Mobile agents offer flexibility and performance enhancements to systems and service real-time applications. However, security in mobile agent systems is a great concern. In this paper, we propose a novel Broadcast based Secure Mobile Agent Protocol (BROSMAP) for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality. The proposed system also provides protection from man in the middle, replay, repudiation, and modification attacks. We proved the efficiency of the proposed protocol through formal verification with Scyther verification tool

Arquitectura para escaneo de puertos usando agentes móviles

This article proposes a software architecture for port scanning using mobile agents (AM), in order to facilitate the monitoring of network traffic or detect vulnerabilities in the logical ports of the operating system. The exposed architecture allows: to execute resident processes in each one of the stations to be monitored; include communication mechanisms that provide a high degree of autonomy to the AM; and include route planning mechanisms that choose the optimal route for each agent assigned to perform tasks on a network host. Consequently, a high availability of information in distributed environments is guaranteed, as well as a decrease in network traffic, which allows other AMs in the system to be informed of the probability of an attack on a given port. In this case, given a local network made up of ten computers and AM on a Tahiti server, the architecture is validated by means of the Scan Mobile UD prototype - developed in Java using Aglets - which gives a vulnerability probability of 16, 43% for the proposed scenario.En este artículo se propone una arquitectura de software para el escaneo de puertos usando agentes móviles (AM), con el fin de facilitar el monitoreo de tráfico en la red o detectar vulnerabilidades de los puertos lógicos del sistema operativo. La arquitectura expuesta permite: ejecutar procesos residentes en cada una de las estaciones a ser monitoreadas; incluir mecanismos de comunicación que entregan un alto grado de autonomía a los AM e incluir mecanismos de planeación de rutas que eligen la ruta óptima para cada agente asignado en la ejecución de tareas en un host de la red. En consecuencia, se garantiza una alta disponibilidad de la información en ambientes distribuidos, así como una disminución del tráfico de red, lo cual permite informar a otros AM del sistema la probabilidad de ataque en un puerto determinado. En este caso, dada una red local compuesta por diez equipos de cómputo y AM sobre un servidor Tahití, la arquitectura es validada por medio del prototipo Scan Mobile UD desarrollado en Java haciendo uso de Aglets el cual arroja una probabilidad de vulnerabilidad del 16,43% para el escenario propuesto

SPAWN: Service Provision in Ad-hoc Wireless Networks

The increasing ubiquity of wireless mobile computing platforms has opened up the potential for unprecedented levels of communication, coordination and collaboration among mobile computing devices, most of which will occur in an ad hoc, on-demand manner. This paper describes SPAWN, a middleware supporting service provision in ad-hoc wireless networks. The aim of SPAWN is to provide the software resources on mobile devices that facilitate electronic collaboration. This is achieved by applying the principles of service oriented computing (SOC), an emerging paradigm that has seen success in wired settings. SPAWN is an adaptation and extension of the Jini model of SOC to ad-hoc networks. The key contributions of SPAWN are (1) a completely decentralized service advertisement and request system that is geared towards handling the unpredictability and dynamism of mobile ad-hoc networks, (2) an automated code management system that can fetch, use and dispose of binaries on an on-demand basis, (3) a mechanism supporting the logical mobility of services, (4) an upgrade mechanism to extend the life cycle of services, and (5) a lightweight security model that secures all interactions, which is essential in an open environment. We discuss the software architecture, a Java implementation, sample applications and an empirical evaluation of the system

Architectural components for the efficient design of mobile agent systems

Over the past eighteen months, there has been a renewed interest in mobile agent technology due to the continued exponential growth of Internet applications, the establishment of open standards for these applications, as well as the semantic web developments. However, the lack of a standardised programming model addressing all aspects of mobile agent systems prevents widespread deployment of the potentially useful technology. The architectural requirements dealing with all aspects of a mobile agent system are not clearly stipulated. As a result, the commercially available mobile agent systems and mobile agent tool kits address different mobile agent issues, and little reuse of available technologies and architectures takes place. The purpose of this paper is to describe an architectural model that identifies the components representing the essential aspects of a mobile agent system. Due to the intensive nature of development, implementation and testing of this model, we describe preliminary work. However, in the meanwhile, there are benefits associated with this preliminary model, namely that it provides a clear understanding of the architectural issues of mobile agent computing, giving novice researchers and practitioners who enters the field for the first time a foundation for making sensible decisions when researching, designing and developing mobile agents. The model is also significant in that it provides a benchmark for researchers and developers to measure the capabilities of mobile agents created by commercially available tool kits.Mobile Agent Systems, Software architecture modelSchool of Computin

Security in mobile agent systems: an approach to protect mobile agents from malicious host attacks

Mobile agents are autonomous programs that roam the Internet from machine to machine under their own control on behalf of their users to perform specific pre-defined tasks. In addition to that, a mobile agent can suspend its execution at any point; transfer itself to another machine then resume execution at the new machine without any loss of state. Such a mobile model can perform many possible types of operations, and might carry critical data that has to be protected from possible attacks. The issue of agent security and specially agent protection from host attacks has been a hot topic and no fully comprehensive solution has been found so far. In this thesis, we examine the possible security attacks that hosts and agents suffer from. These attacks can take one of four possible forms: Attacks from host to host, from agents to hosts, from agents to agents (peer to peer) and finally from hosts to agents. Our main concern in this thesis is these attacks from a malicious host on an agent. These attacks can take many forms including rerouting, spying out code, spying out data, spying out control flow, manipulation of code, manipulation of data, manipulation of control flow, incorrect execution of code, masquerading and denial of execution. In an attempt to solve the problem of malicious host attacks on agents, many partial solutions were proposed. These solutions ranged across simple legal protection, hardware solutions, partitioning, replication and voting, components, self-authentication, and migration history. Other solutions also included using audit logs, read-only state, append only logs, encrypted algorithms, digital signatures, partial result authentication codes, and code mess-up, limited life time of code and data as well as time limited black box security. In this thesis, we present a three-tier solution. This solution is a combination of code mess up, encryption and time out. Choosing code mess-up as part of the solution was due to the several strengths of this method that is based on obfuscating the features of the code so that any attacker will find it very difficult to understand the original code. A new algorithm iii was developed in this thesis to implement code mess-up that uses the concept of variable disguising by altering the values of strings and numerical values. Several encryption algorithms were studied to choose the best algorithm to use in the development of the proposed solution. The algorithms studied included DES, LUCIFER, MADRYGA, NEWDES, FEAL, REDOC, LOKI, KHUFU & KHAFRE, IDEA and finally MMB. The algorithm used was the DES algorithm due to several important factors including its key length. Not any language can be used to implement mobile agents. Candidate languages should possess the portability characteristic and should be safe and secure enough to guarantee a protection for the mobile agent. In addition to that the language should be efficient in order to minimize the implementation overhead and the overhead of providing safety and security. Languages used to implement mobile agents include Java, Limbo, Telescript, and Safe TCL. The Java language was chosen as the programming language for this thesis due to its high security, platform independence, and multithreading. This is in addition to several powerful features that characterize the Java language as will be mentioned later on. Implementing a mobile agent requires the assistance of a mobile agent system that helps in launching the agent from one host to another. There are many existing agent launching systems like Telescript, Aglets, Tacoma, Agent TCL and Concordia. Concordia was chosen to be the implementation tool used to launch our mobile agent. It is a software framework for developing, running and administering mobile agents, and it proved to be very efficient, and effective. The results of our proposed solutions showed the strength of the proposed model in terms of fully protecting the mobile agent from possible malicious host attacks. The model could have several points of enhancements. These enhancements include changing the code mess-up algorithm to a more powerful one, using a different encryption technique, and implementing an agent re-charge mechanism to recharge the agent after it is timeout

Perspectives and approaches for the internet of things

Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e de ComputadoresThis thesis was developed based on a scenario in which a CEO of a certain company asked the author to conduct an exploratory work evaluating the potential opportunities and limitations of this emerging area described as the future of the Internet, the Internet of Things (IoT). The objective is thus to provide the reader with a wide view of the vital points for the implementation and exploitation of the IoT, a technology that promises to deliver a new and wider range of applications to the society. In this subject there is a need to gather and organize information produced by several researchers and contributors. Due to the fact of being a new area and researchers work independently of each other, the work is scattered and inconsistencies can be found among different projects and publications. As such, in a first stage some definitions are provided and an attempt to clarify concepts is made. To support and emphasize the exponential growth of IoT, a brief historical overview is provided to the reader. This overview is based on the new trends and expectations that arise every day through news, potential businesses and also in important tools such as Google Trends. Several examples of applications in the context of the IoT, illustrate the benefits, not only in terms of society, but also for business opportunities, safety, and well-being. The main areas of interest to achieve the IoT such as: hardware, software, modeling, methods of connection, security and integration are studied in this work, in order to provide some insight into current strong and weak points. As the Internet of Things become a matter of large interest, various research groups are active in exploring and organizing projects in this area. Some of these projects, namely the ones considered the most important, are also presented in this thesis. Taking into account the facts surrounding this new technology, it becomes quite important to bring them together, clarifying them and trying to open new perspectives for further studies and improvements. Finally, in order to allow a practical evaluation of the technology, a prototype is developed around the connection of an intelligent object – a small mobile robot – to the Internet. A set of conclusions and future work directions are then presented which take into account the findings of the bibliographic analysis as well as the acquired experience with the implementation of the prototype

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems

A multi-agent architecture for internet distributed computing system

This thesis presents the developed taxonomy of the agent-based distributed computing systems. Based on this taxonomy, a design, implementation, analysis and distribution protocol of a multi-agent architecture for internet-based distributed computing system was developed. A prototype of the designed architecture was implemented on Spider III using the IBM Aglets software development kit (ASDK 2.0) and the language Java