Integrity protection for code-on-demand mobile agents in e-commerce

The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection

A Security Architecute for Mobile Agent Based Creeper

Mobile agents are active objects that can autonomously migrate in a network to perform tasks on behalf of their owners. Though they offer an important new method of performing transactions and information retrieval in networks, mobile agents also raise several security issues related to the protection of host resources as well as the data carried by an agent itself. Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host. Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and mobile agents against possibly malicious reciprocal behavior. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. The protection of mobile agent systems continues to be an active area of research that will enable future applications to utilize this paradigm of computing. Agent systems and mobile applications must balance security requirements with available security mechanisms in order to meet application level security goals.A security solution has been introduced, which protects both the mobile agent itself and the host resources that encrypt the data before passing it to mobile agent and decrypt it on the visited host sides i.e. it transfers the URL to the Mobile Agent System that will pass that encrypted URL to the server where it will be decrypted and used. The methods of Encryption/Decryption used are a Public-key Cipher System and a Symmetric Cipher System that focuses on submitting data to the server securely. The proposed approach solves the problem of malicious host that can harm mobile agent or the information it contain

Evaluating the Security of Mobile Agent Platforms

Mobile agents are software entities that can migrate autonomously throughout a network from host to host. This means they are not bounded to the platform they begin execution. This feature of agents makes them a very attractive technology, and in fact it has been argued many times in the literature that mobile agents help to reduce network traffic and perform tasks more efficient. However, security issues have not yet been fully investigated and in fact, mobile agent platforms sometimes they neglect the security issues involved with agent mobility. This paper presents a security related evaluation of 8 main mobile agent platforms

Managing Computer Lab-Mobile Agent Approach

Mobile agent is a potential method and approach in addressing many issues and problems in managing and maintaining computer labs. In educational institutions, a computer lab consists of many computers used by students and staff, and each institution has many computer labs. Maintaining these public computers is the task given to a few personnel such as computer technician. The technician has to move from one computer to another to do routine task such as running antivirus. The task is tedious and tiresome. Mobile agent has the potential and capabilities to perform the task, where mobile agent can be programmed to do task which is usually done by computer labs' technician. The mobile agent will move from one computer to another in the lab via computer network to execute the maintenance task in each computer autonomously. This work attempts to use mobile agent as a tool to manage computer labs in many aspects including reliability. security, technology and effectiveness. The results from this research show that mobile agents can be an efficient tool for managing computer labs

Mobile agent security and reliability issues in electronic commerce.

Chan, Hing-wing.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 76-79).Abstracts in English and Chinese.Abstract --- p.iAbstract (Chinese) --- p.iiAcknowledgements --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter Chapter 1. --- Introduction --- p.1Chapter 1.1. --- Mobile Agents and the Problems --- p.1Chapter 1.2. --- Approach --- p.3Chapter 1.3. --- Contributions --- p.3Chapter 1.4. --- Organization of This Thesis --- p.4Chapter Chapter 2. --- The Mobile Code Paradigm --- p.6Chapter 2.1. --- Mobile Code: an Alternative to Client/Servers --- p.6Chapter 2.1.1. --- Classification of Mobile Codes --- p.8Chapter 2.1.2. --- Applications of Mobile Code Paradigms --- p.10Chapter 2.1.3. --- Supporting Implementation Technologies --- p.11Chapter 2.2. --- The Problems of Mobile Code --- p.13Chapter 2.2.1. --- Security Issues in Distributed Systems --- p.13Chapter 2.2.2. --- Security Concerns of Mobile Code Paradigms --- p.15Chapter 2.2.2.1. --- Security Attacks --- p.15Chapter 2.2.2.2. --- Security Mechanisms --- p.17Chapter 2.2.2.3. --- A Security Comparison between Paradigms --- p.20Chapter 2.2.3. --- Security Features of Implementation Technologies --- p.20Chapter 2.2.3.1. --- Security Services of Message-based Technology --- p.21Chapter 2.2.3.2. --- Security Services of Object-based Technology --- p.21Chapter 2.2.3.3. --- Security Services of Mobile Technology --- p.22Chapter 2.2.3.4. --- A Comparison of Technologies on Security Services --- p.22Chapter 2.3. --- Chapter Summary --- p.23Chapter Chapter 3. --- "Mobile Agents, Its Security and Reliability Issues" --- p.24Chapter 3.1. --- Advantages and Applications of Mobile Agents --- p.24Chapter 3.2. --- Security Concerns of Mobile Agents --- p.26Chapter 3.2.1. --- Host Security --- p.27Chapter 3.2.2. --- Agent Security --- p.27Chapter 3.3. --- Techniques to Protect Mobile Agents --- p.29Chapter 3.3.1. --- Protected Agent States --- p.29Chapter 3.3.2. --- Mobile Cryptography --- p.30Chapter 3.4. --- Reliability Concerns of Mobile Agents --- p.31Chapter Chapter 4. --- Security and Reliability Modeling for Mobile Agents --- p.32Chapter 4.1. --- Attack Model and Scenarios --- p.33Chapter 4.2. --- General Security Models --- p.34Chapter 4.2.1. --- Security and Reliability --- p.34Chapter 4.2.2. --- Deriving Security Models --- p.36Chapter 4.2.3. --- The Time-to-Effort Function --- p.38Chapter 4.3. --- A Security Model for Mobile Agents --- p.40Chapter 4.4. --- Discussion of the Proposed Model --- p.43Chapter 4.5. --- A Reliability Model for Mobile Agents --- p.43Chapter Chapter 5. --- The Concordia Mobile Agent Platform --- p.46Chapter 5.1. --- Overview --- p.46Chapter 5.2. --- Special Features --- p.47Chapter Chapter 6. --- SIAS: A Shopping Information Agent System --- p.49Chapter 6.1. --- What the System Does --- p.49Chapter 6.2. --- System Design --- p.50Chapter 6.2.1. --- Object Description --- p.50Chapter 6.2.2. --- Flow Description --- p.52Chapter 6.3. --- Implementation --- p.53Chapter 6.3.1. --- Choice of Programming Language --- p.53Chapter 6.3.2. --- Choice of Mobile Agent Platform --- p.53Chapter 6.3.3. --- Other Implementation Details --- p.54Chapter 6.4. --- Snapshots --- p.54Chapter 6.5. --- Security Design of SIAS --- p.57Chapter 6.5.1. --- Security Problems of SIAS --- p.58Chapter 6.5.2. --- Our Solutions to the Problems --- p.60Chapter 6.5.3. --- Evaluation of the Secure SIAS --- p.64Chapter 6.5.3.1. --- Security Analysis --- p.64Chapter 6.5.3.2. --- Performance Vs Query Size --- p.65Chapter 6.5.3.3. --- Performance Vs Number of Hosts --- p.67Chapter 6.6. --- Reliability Design of SIAS --- p.69Chapter 6.6.1. --- Reliability Problems of SIAS --- p.69Chapter 6.6.2. --- Our Solutions to the Problems --- p.70Chapter 6.6.3. --- Evaluation of the Reliable SIAS --- p.71Chapter Chapter 7. --- Conclusions and Future Work --- p.73Bibliography --- p.7

Development of a security framework for HTML5-based mobile agents

Mobile agent technology is a paradigm where a program can move autonomously in the different executable environment of a network. The program is the mobile agent, that can move its code, suspend and resume the execution in the new environment.The use of a mobile agent provides numerous benefits over the traditional paradigm like client-server. It reduces the network traffic, connection time and bandwidth consumption by the moving agent between the client and server. However, the security issue of the mobile agent makes difficult to acquire the benefits. The HTML5-based mobile agent framework was developed in Tampere University of Technology (TUT). The core of this thesis is to secure the mobile agent framework. The security threats to the mobile agent and agent platform are classified to design and implement a secure framework. These threats are the agent attacking platform, platform attacking agent, agent attacking agent and agent system attacked by external entities. This thesis focuses first two threats and provides a solution to protect mobile agent framework against them. The solution uses a signing method that involves salting and hashing of source address to generate signature. Furthermore, the RSA encryption using the static private key of an agent origin server to create a signature. The signature moves along with the agent and it is used to verify the agent source address using a static public key. This verification ensures that particular agent comes from the legitimate source and it is trusted as a non-malicious in the current platform. This solution overcomes the security issues like unauthorized access to the data, changing the agent and platform code, the misuse of others identity, eavesdropping and altering the important information, the excessive use of the resources etc. Also, the implementation helps to minimize the problems in agent mobility, agent and platform communication and identification of agents

Design and Analysis of Smartphone Application Development Methodology

Abstract— The use of modern Smartphone encourages by recent powerful devices such as Apple’s iPhone, Samsung‘s Note, Google’s Android devices etc. In general Smartphone application usage is rapidly growing & expanding throughout the globe. There are need set of emerging guidelines for how to build the new best possible Smartphone applications. Intelligence of mobile has created a wide range of opportunities for researchers, academicians, scientists, engineers, and developers to create the new applications for end users and businesses. Information technology industry enormously concentrates on how to best build smart phone based applications widely. There are various issues in Cutting-edge research and applications development on computational intelligence in mobile environment The mobile-based application development industry is increasingly growing up due to the huge and intensive use of applications in mobile devices; most of them are running on Android based Operating System. As such to develop, analysis and design research model for remotely accessing and control smart phone devices, object oriented strategy is one of the powerful among various traditional software development models. The Various object oriented intelligent development approaches contributes in addressing these issues, as well as discover other potential elements in the mobile paradigm. There are several issues & emerging guidelines that developers follows when building new business or social Smartphone based model.. The combination of mobile computing and computational intelligence focuses on learning model and knowledge generated by mobile users and mobile technology. Mobile technology covers various applications of computational intelligence to mobile paradigm, including intelligence, mobile data, security, mobile agent, location-based mobile information services, intelligent networks, mobile multimedia data access and control

Evaluation of Key Security Issues Associated with Mobile Money Systems in Uganda

This research article published by MDPI, 2020Smartphone technology has improved access to mobile money services (MMS) and successful mobile money deployment has brought massive benefits to the unbanked population in both rural and urban areas of Uganda. Despite its enormous benefits, embracing the usage and acceptance of mobile money has mostly been low due to security issues and challenges associated with the system. As a result, there is a need to carry out a survey to evaluate the key security issues associated with mobile money systems in Uganda. The study employed a descriptive research design, and stratified random sampling technique to group the population. Krejcie and Morgan’s formula was used to determine the sample size for the study. The collection of data was through the administration of structured questionnaires, where 741 were filled by registered mobile money (MM) users, 447 registered MM agents, and 52 mobile network operators’ (MNOs) IT officers of the mobile money service providers (MMSPs) in Uganda. The collected data were analyzed using RStudio software. Statistical techniques like descriptive analysis and Pearson Chi-Square test was used in data analysis and mean (M) > 3.0 and p-value < 0.05 were considered statistically significant. The findings revealed that the key security issues are identity theft, authentication attack, phishing attack, vishing attack, SMiShing attack, personal identification number (PIN) sharing, and agent-driven fraud. Based on these findings, the use of better access controls, customer awareness campaigns, agent training on acceptable practices, strict measures against fraudsters, high-value transaction monitoring by the service providers, developing a comprehensive legal document to run mobile money service, were some of the proposed mitigation measures. This study, therefore, provides a baseline survey to help MNO and the government that would wish to implement secure mobile money systems