Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

Enhancing Mobile Agent Security Level (Proposed Model)

Mobile agents are application design schemes for distributed systems that consist of mobile code ideology including Mobile agent software. In the last period mobile computing process had a vision that’s a set of execution code that’s move from platform to another in the heterogeneous network with an ability of carrying there result and updating them self-sate. This paper presents several enhancements on mobile agent security and provides generalized code protection. Several novel techniques are proposed to protect mobile agents in any environments and to describe and solve practical problems in the mobile agent system

Mobile agent security and reliability issues in electronic commerce.

Chan, Hing-wing.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 76-79).Abstracts in English and Chinese.Abstract --- p.iAbstract (Chinese) --- p.iiAcknowledgements --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter Chapter 1. --- Introduction --- p.1Chapter 1.1. --- Mobile Agents and the Problems --- p.1Chapter 1.2. --- Approach --- p.3Chapter 1.3. --- Contributions --- p.3Chapter 1.4. --- Organization of This Thesis --- p.4Chapter Chapter 2. --- The Mobile Code Paradigm --- p.6Chapter 2.1. --- Mobile Code: an Alternative to Client/Servers --- p.6Chapter 2.1.1. --- Classification of Mobile Codes --- p.8Chapter 2.1.2. --- Applications of Mobile Code Paradigms --- p.10Chapter 2.1.3. --- Supporting Implementation Technologies --- p.11Chapter 2.2. --- The Problems of Mobile Code --- p.13Chapter 2.2.1. --- Security Issues in Distributed Systems --- p.13Chapter 2.2.2. --- Security Concerns of Mobile Code Paradigms --- p.15Chapter 2.2.2.1. --- Security Attacks --- p.15Chapter 2.2.2.2. --- Security Mechanisms --- p.17Chapter 2.2.2.3. --- A Security Comparison between Paradigms --- p.20Chapter 2.2.3. --- Security Features of Implementation Technologies --- p.20Chapter 2.2.3.1. --- Security Services of Message-based Technology --- p.21Chapter 2.2.3.2. --- Security Services of Object-based Technology --- p.21Chapter 2.2.3.3. --- Security Services of Mobile Technology --- p.22Chapter 2.2.3.4. --- A Comparison of Technologies on Security Services --- p.22Chapter 2.3. --- Chapter Summary --- p.23Chapter Chapter 3. --- "Mobile Agents, Its Security and Reliability Issues" --- p.24Chapter 3.1. --- Advantages and Applications of Mobile Agents --- p.24Chapter 3.2. --- Security Concerns of Mobile Agents --- p.26Chapter 3.2.1. --- Host Security --- p.27Chapter 3.2.2. --- Agent Security --- p.27Chapter 3.3. --- Techniques to Protect Mobile Agents --- p.29Chapter 3.3.1. --- Protected Agent States --- p.29Chapter 3.3.2. --- Mobile Cryptography --- p.30Chapter 3.4. --- Reliability Concerns of Mobile Agents --- p.31Chapter Chapter 4. --- Security and Reliability Modeling for Mobile Agents --- p.32Chapter 4.1. --- Attack Model and Scenarios --- p.33Chapter 4.2. --- General Security Models --- p.34Chapter 4.2.1. --- Security and Reliability --- p.34Chapter 4.2.2. --- Deriving Security Models --- p.36Chapter 4.2.3. --- The Time-to-Effort Function --- p.38Chapter 4.3. --- A Security Model for Mobile Agents --- p.40Chapter 4.4. --- Discussion of the Proposed Model --- p.43Chapter 4.5. --- A Reliability Model for Mobile Agents --- p.43Chapter Chapter 5. --- The Concordia Mobile Agent Platform --- p.46Chapter 5.1. --- Overview --- p.46Chapter 5.2. --- Special Features --- p.47Chapter Chapter 6. --- SIAS: A Shopping Information Agent System --- p.49Chapter 6.1. --- What the System Does --- p.49Chapter 6.2. --- System Design --- p.50Chapter 6.2.1. --- Object Description --- p.50Chapter 6.2.2. --- Flow Description --- p.52Chapter 6.3. --- Implementation --- p.53Chapter 6.3.1. --- Choice of Programming Language --- p.53Chapter 6.3.2. --- Choice of Mobile Agent Platform --- p.53Chapter 6.3.3. --- Other Implementation Details --- p.54Chapter 6.4. --- Snapshots --- p.54Chapter 6.5. --- Security Design of SIAS --- p.57Chapter 6.5.1. --- Security Problems of SIAS --- p.58Chapter 6.5.2. --- Our Solutions to the Problems --- p.60Chapter 6.5.3. --- Evaluation of the Secure SIAS --- p.64Chapter 6.5.3.1. --- Security Analysis --- p.64Chapter 6.5.3.2. --- Performance Vs Query Size --- p.65Chapter 6.5.3.3. --- Performance Vs Number of Hosts --- p.67Chapter 6.6. --- Reliability Design of SIAS --- p.69Chapter 6.6.1. --- Reliability Problems of SIAS --- p.69Chapter 6.6.2. --- Our Solutions to the Problems --- p.70Chapter 6.6.3. --- Evaluation of the Reliable SIAS --- p.71Chapter Chapter 7. --- Conclusions and Future Work --- p.73Bibliography --- p.7

Reliable OSPM schema for secure transaction using mobile agent in micropayment system

The paper introduces a novel offline payment system in mobile commerce using the case study of micro-payments. The present paper is an extension version of our prior study addressing on implication of secure micropayment system deploying process oriented structural design in mobile network. The previous system has broad utilization of SPKI and hash chaining to furnish reliable and secure offline transaction in mobile commerce. However, the current work has attempted to provide much more light weight secure offline payment system in micro-payments by designing a new schema termed as Offline Secure Payment in Mobile Commerce (OSPM). The empirical operation are carried out on three types of transaction process considering maximum scenario of real time offline cases. Therefore, the current idea introduces two new parameters i.e. mobile agent and mobile token that can ensure better security and comparatively less network overhead

A Security Kernel Based on the Lambda-Calculus

Cooperation between independent agents depends upon establishing adegree of security. Each of the cooperating agents needs assurance that the cooperation will not endanger resources of value to that agent. In a computer system, a computational mechanism can assure safe cooperation among the system's users by mediating resource access according to desired security policy. Such a mechanism, which is called a security kernel, lies at the heart of many operating systems and programming environments.The report describes Scheme 48, a programming environment whose design is guided by established principles of operating system security. Scheme 48's security kernel is small, consisting of the call-by-value $lambda$-calculus with a few simple extensions to support abstract data types, object mutation, and access to hardware resources. Each agent (user or subsystem) has a separate evaluation environment that holds objects representing privileges granted to that agent. Because environments ultimately determine availability of object references, protection and sharing can be controlled largely by the way in which environments are constructed. I will describe experience with Scheme 48 that shows how it serves as a robust and flexible experimental platform. Two successful applications of Scheme 48 are the programming environment for the Cornell mobile robots, where Scheme 48 runs with no (other) operating system support; and a secure multi-user environment that runs on workstations

Secure Mobile Agent from Leakage-Resilient Proxy Signatures

A mobile agent can sign a message in a remote server on behalf of a customer without exposing its secret key; it can be used not only to search for special products or services, but also to make a contract with a remote server. Hence a mobile agent system can be used for electronic commerce as an important key technology. In order to realize such a system, Lee et al. showed that a secure mobile agent can be constructed using proxy signatures. Intuitively, a proxy signature permits an entity (delegator) to delegate its signing right to another entity (proxy) to sign some specified messages on behalf of the delegator. However, the proxy signatures are often used in scenarios where the signing is done in an insecure environment, for example, the remote server of a mobile agent system. In such setting, an adversary could launch side-channel attacks to exploit some leakage information about the proxy key or even other secret states. The proxy signatures which are secure in the traditional security models obviously cannot provide such security. Based on this consideration, in this paper, we design a leakage-resilient proxy signature scheme for the secure mobile agent systems

A secure mobile agent system

Hareketli etmen mimarisi istemci-sunucu çalışma modeline karşın dağıtık işlemeye farklı bir yaklaşım sunmaktadır. Kodun hareketliliğine dayanan hareketli etmen sistemlerinde, güvenlik düşünülmesi gereken önemli bir unsurdur; çünkü artık durağan bir yazılım parçası değil, kodunu ve verisini uzak düğümlere taşıyabilen yazılımlar, yani etmenler söz konusudur. Bu türden hareketli yazılımların hem kodunun hem de verisinin izlenme veya değiştirilmesi gibi yeni güvenlik risklerinin ortaya çıkması kaçınılmazdır. Birbirleri ile haberleşebilen etmenlerin mesajlaşmaları sırasında da aynı tehlikeler söz konusudur. Daha da önemlisi, güvenlik riskleri ile karşı karşıya olan sadece etmenler değildir, etmenleri üzerlerinde çalıştıran düğümler de aynı ölçüde risk altındadırlar. Bu yazıda, hareketli etmen sistemlerindeki mevcut güvenlik tehlikelerini ortadan kaldıracak yeni bir mimarinin tasarım ve gerçeklenme ayrıntıları incelenmiştir. Geliştirilen güvenli etmen sistemi, hem etmenlerin güvenlik gereksinimlerine yanıt vermek, hem de kolay kullanımlı ve esnek bir çalışma ortamı sunmak üzere tasarlanmış ve gerçeklenmiştir. Gelişmiş güvenlik özellikleri yanında sistem, değişen güvenlik ihtiyaçlarına kolay ve anında uyum sağlayabilmek için güvenlik politikalarını kullanmaktadır. Güvenlik politikaları, değişen güvenlik ihtiyaçlarına, hızlı ve etmenin yeniden programlanmasını gerektirmeden cevap verebilmeyi sağlar. Sistem ayrıca sadece etmenlerin değil, etmenlere çalışma ortamı sunan düğümlerin güvenliği için de gerekli mekanizmaları sunmaktadır. Geliştirilmiş olan hareketli etmen sistemi, güçlü bir mesajlaşma altyapısı sunmasının yanında, izlenilebilirlik, yönetilebilirlik ve süreklilik için de esnek arayüzler barındırmaktadır. Sistem katmanlı bir mimariye sahiptir ve geliştirilmeye açıktır. Anahtar Kelimeler: Etmen, hareketli etmen sistemleri, hareketli etmen sistemlerinde güvenlik.According to the accepted definition, an agent is a small application with some special features. Being autonomous, capable of adapting itself to its environment, communicating with other agents for coordination or cooperation, intelligence, ability to clone itself and ability to make decisions are the features that can distinguish an agent from ordinary software. Even though mobility, ability to migrate from one host to another host, is not a required feature, agents with this ability have advantages especially in terms of distributed data processing. A mobile agent is not restricted to the node where it is running and can migrate to anywhere on the network of its own accord. While moving from one host to another, not only the agent's executable code is transferred, but also data that the agent has collected or constructed are transferred as well. Thus, the agent can preserve its state even when it is mobile. The execution framework necessary for a mobile agent is provided by a mobile agent system. This framework simply provides the basic agent related tasks and functions such as agent creation, activation, migration, communication, cloning and destruction. The competence and power of a mobile agent system depends on the flexibility of these functions. Even though using mobile agent technologies provides potential benefits to applications, an agent's ability to move introduces significant security risks. Mobile agents are under security threats during their life times. Since the code is mobile, it can be stolen or altered by a third party. The same danger is present for the messages agents send to each other and for the data that determines the agent's state. Furthermore, not only the agents but also hosts are also under many security risks in mobile agent systems. Several mobile agent systems have been proposed and developed up to now. They all have their software agent specific features. Although most of them have enough features for mobile agents to communicate with each other and migrate to remote hosts, agent security related tasks are not available in most of them. Some provide limited security for agents, but do not provide any features to protect hosts. Most of these mobile agent systems leave the security to agent programmer or to the traditional net work security solutions which may be very difficult and inefficient to implement or integrate. The mobile agent system is expected to include all necessary security mechanisms for both agents and computers hosting mobile agents. The scope of this paper is the design and implementation of a new, secure, flexible, highly available and fast mobile agent system (SECMAP). The architecture of the system is especially designed for security purposes, and requirements not only for agent security but also for host security are also provided. Besides ensuring security of both agents and hosts, SECMAP also presents a very flexible agent programming interface. Naturally, these features play an important role on the usability and popularity of the system. SECMAP also presents a policy based management framework to protect system-level resources and agents against unauthorized access, as well. The policy architecture allows for dynamic manipulation of policy content, which results in an adaptive and flexible framework that eliminates the reprogramming of the agents on changing conditions. Logging and monitoring of the basic agent activities are also possible. Availability is very important for the collaborating agents. For this reason, a mobile agent system should be up and running even only one host in the system is active. When necessary the system should be able to transfer the duties of a dead host to another one in the system. SECMAP includes very powerful algorithms to ensure the availability of the overall system. It accomplishes this by assigning special working modes to different agent servers in the system. Another important feature is that the system and agents can be managed and monitored from a browser in the network. All agents present in the system can be monitored from a single window. Any module of the system can also be managed by a browser from remote hosts. SECMAP is worth being used not only for the security features it presents for agents and hosts, but also for its flexibility and powerful agent programming interface. The system has a layered architecture and is open to be improved with more powerful features. Keywords: Agents, Mobile agent systems, Security in mobile agent systems

Development of a security framework for HTML5-based mobile agents

Mobile agent technology is a paradigm where a program can move autonomously in the different executable environment of a network. The program is the mobile agent, that can move its code, suspend and resume the execution in the new environment.The use of a mobile agent provides numerous benefits over the traditional paradigm like client-server. It reduces the network traffic, connection time and bandwidth consumption by the moving agent between the client and server. However, the security issue of the mobile agent makes difficult to acquire the benefits. The HTML5-based mobile agent framework was developed in Tampere University of Technology (TUT). The core of this thesis is to secure the mobile agent framework. The security threats to the mobile agent and agent platform are classified to design and implement a secure framework. These threats are the agent attacking platform, platform attacking agent, agent attacking agent and agent system attacked by external entities. This thesis focuses first two threats and provides a solution to protect mobile agent framework against them. The solution uses a signing method that involves salting and hashing of source address to generate signature. Furthermore, the RSA encryption using the static private key of an agent origin server to create a signature. The signature moves along with the agent and it is used to verify the agent source address using a static public key. This verification ensures that particular agent comes from the legitimate source and it is trusted as a non-malicious in the current platform. This solution overcomes the security issues like unauthorized access to the data, changing the agent and platform code, the misuse of others identity, eavesdropping and altering the important information, the excessive use of the resources etc. Also, the implementation helps to minimize the problems in agent mobility, agent and platform communication and identification of agents

A Java Simulation-Based Performance Evaluation of Mobile Agent Platforms.

Mobile agents are emerging as a promising paradigm for the design and implementations of distributed applications .Manyof these Mobile Agent platforms have been developed, new one, and new versions of old agents, kept on appearing everyyear, so choosing the right or most suitable platform for a particular application area; based on their performance is achallenge for both the developers and the users. This paper carried out a qualitative comparison across three selected, Javabased Mobile Agent System, Aglet Tracy, and JADE. Two of them (Aglets and JADE) were selected for quantitativeevaluation on their time of transfer/retrieval of compressed data files. In our implementation, Aglet version 2.02 and JADE3.4.1 were used. A java simulation program was developed and used in measuring the performance of the two mobileagents, using transmission time and compressed time as performance metrics. In this paper work, a unique portnumber(2080) was chosen for the loading of classes and mobility of agents. Ten dummy data files (also refer to as Load orMessage) were created with sizes ranges from 100Kb to 1 Mb. A gzip compression tool was used to compress each of thesefiles and sent through the Aglet and JADE enabled network. The transmission time (in milliseconds) for each correspondingfiles size (in Bytes) in the two Mobile agents were recorded. We deduced from our qualitative results that, Tracy plug-infeatures give users room for reusability and extension. Aglets provide weak security and poorly scalable. JADE has astrong security, scalable and its multi agent feature will enrich its usage on the internet. Our quantitative results show thattransferring/retrieving of compressed data file is faster in JADE than in Aglets. The integrity of the files are also kept safe, inboth mobile agents, that is after decompressions they can still be reused.Keywords: Aglet, Gzip, JADE, Compression ratio, Mobile Agent Networ

Combining MAS and P2P Systems: The Agent Trees Multi-Agent System (ATMAS)

The seamless retrieval of information distributed across networks has been one of the key goals of many systems. Early solutions involved the use of single static agents which would retrieve the unfiltered data and then process it. However, this was deemed costly and inefficient in terms of the bandwidth since complete files need to be downloaded when only a single value is often all that is required. As a result, mobile agents were developed to filter the data in situ before returning it to the user. However, mobile agents have their own associated problems, namely security and control. The Agent Trees Multi-Agent System (AT-MAS) has been developed to provide the remote processing and filtering capabilities but without the need for mobile code. It is implemented as a Peer to Peer (P2P) network of static intelligent cooperating agents, each of which control one or more data sources. This dissertation describes the two key technologies have directly influenced the design of ATMAS, Peer-to-Peer (P2P) systems and Multi-Agent Systems (MAS). P2P systems are conceptually simple, but limited in power, whereas MAS are significantly more complex but correspondingly more powerful. The resulting system exhibits the power of traditional MAS systems while retaining the simplicity of P2P systems. The dissertation describes the system in detail and analyses its performance