Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

A Security Architecute for Mobile Agent Based Creeper

Mobile agents are active objects that can autonomously migrate in a network to perform tasks on behalf of their owners. Though they offer an important new method of performing transactions and information retrieval in networks, mobile agents also raise several security issues related to the protection of host resources as well as the data carried by an agent itself. Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host. Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and mobile agents against possibly malicious reciprocal behavior. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. The protection of mobile agent systems continues to be an active area of research that will enable future applications to utilize this paradigm of computing. Agent systems and mobile applications must balance security requirements with available security mechanisms in order to meet application level security goals.A security solution has been introduced, which protects both the mobile agent itself and the host resources that encrypt the data before passing it to mobile agent and decrypt it on the visited host sides i.e. it transfers the URL to the Mobile Agent System that will pass that encrypted URL to the server where it will be decrypted and used. The methods of Encryption/Decryption used are a Public-key Cipher System and a Symmetric Cipher System that focuses on submitting data to the server securely. The proposed approach solves the problem of malicious host that can harm mobile agent or the information it contain

Cryptography Based Hybrid Security Architecture for Mobile Multi Agents

Distributed Computing is the current area of research. Many researchers are working in area of Distributed Computing and trying to find a solution for the security and other issues. In Distributed Computing the mobile agents are the very important thing. When different mobile agents work in the same environment simultaneously it becomes a very important issue. Mobile agents have automatic, pro-active, and dynamic problem solving behaviors. However, scope of this paper is limited to analyze the existing security approaches for Mobile Multi Agent System. Security issues of mobile agent address the problem of securing and protecting agents from the attack of malicious hosts and other agents as well as securing the host from attack of malicious agents. This paper introduces a new approach of security for agent from other agents. Paper discusses Cryptography Based Hybrid Security Architecture with trust and reputation named CBHSA. It breaks the security of MA in two parts. The first level of security is work on the MA and second level of security is maintained on network. The model CBHSA, its different components and security of MA during movements around the network are discussed in this paper. This paper emphasis on the security of MA’s during migration within the network or outside the network

Managing Computer Lab-Mobile Agent Approach

Mobile agent is a potential method and approach in addressing many issues and problems in managing and maintaining computer labs. In educational institutions, a computer lab consists of many computers used by students and staff, and each institution has many computer labs. Maintaining these public computers is the task given to a few personnel such as computer technician. The technician has to move from one computer to another to do routine task such as running antivirus. The task is tedious and tiresome. Mobile agent has the potential and capabilities to perform the task, where mobile agent can be programmed to do task which is usually done by computer labs' technician. The mobile agent will move from one computer to another in the lab via computer network to execute the maintenance task in each computer autonomously. This work attempts to use mobile agent as a tool to manage computer labs in many aspects including reliability. security, technology and effectiveness. The results from this research show that mobile agents can be an efficient tool for managing computer labs

Preface Volume 63

AbstractThis volume contains the Proceedings of the First Workshop on Security of Mobile Multiagent Systems (SEMAS'2001). The Workshop was held in Montreal, Canada on May 29, 2001, as satellite event to the 5th International Conference on Autonomous Agents 2001The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. The aim of this workshop was to bring together people from the two relevant research fields, software security and agent-oriented programming. This volume covers actual research papers on security protocols and security policies to enforce security of mobile or multiagent systems but also introduces ideas how to use mobile agents to ensure security of a distributed system.The papers in this volume were reviewed by the program committee consisting, besides editor, of Sahin Albayrak(Technical University Berlin)David Basin(Department of Computer Science, University of Freiburg)Ciaran Bryce(University of Geneve)Hans-Juergen Buerckert(German Research Center for Artificial Intelligence, DFKI)Guenther Karjoth(IBM Research Zuerich)Luc Moreau(Department of Computer Science, University of Southhampton)Volker Roth(Fraunhofer Gesellschaft IGD, Darmstadt)Helmut Schwigon(Bundesamt fuer Sicherheit in der Informationstechnik, BonnVipin Swarup(The MITRE Corp., Boston)Christian Tschudin(Uppsala University)Jan Vitek(Purdue University)This volume will be published as volume 63 in the series Electronic Notes in Theoretical Computer Science (ENTCS). This series is published electronically through the facilities of Elsevier Science B.V. and its auspices. The volumes in the ENTCS series can be accessed at the URL http://www.elsevier.nl/locate/entcsWe are very grateful to the following persons, whose help has been crucial for the success of CMCS'2000: Adele E. Howe, for her help with the organization of the Workshop as satellite event of AA'2001 and Mike Mislove, one of the Managing Editors of the ENTCS series, for his assistance with the use of the ENTCS style files.December 15, 2001 Dieter Hutte

DATA DRIVEN INTELLIGENT AGENT NETWORKS FOR ADAPTIVE MONITORING AND CONTROL

To analyze the characteristics and predict the dynamic behaviors of complex systems over time, comprehensive research to enable the development of systems that can intelligently adapt to the evolving conditions and infer new knowledge with algorithms that are not predesigned is crucially needed. This dissertation research studies the integration of the techniques and methodologies resulted from the fields of pattern recognition, intelligent agents, artificial immune systems, and distributed computing platforms, to create technologies that can more accurately describe and control the dynamics of real-world complex systems. The need for such technologies is emerging in manufacturing, transportation, hazard mitigation, weather and climate prediction, homeland security, and emergency response. Motivated by the ability of mobile agents to dynamically incorporate additional computational and control algorithms into executing applications, mobile agent technology is employed in this research for the adaptive sensing and monitoring in a wireless sensor network. Mobile agents are software components that can travel from one computing platform to another in a network and carry programs and data states that are needed for performing the assigned tasks. To support the generation, migration, communication, and management of mobile monitoring agents, an embeddable mobile agent system (Mobile-C) is integrated with sensor nodes. Mobile monitoring agents visit distributed sensor nodes, read real-time sensor data, and perform anomaly detection using the equipped pattern recognition algorithms. The optimal control of agents is achieved by mimicking the adaptive immune response and the application of multi-objective optimization algorithms. The mobile agent approach provides potential to reduce the communication load and energy consumption in monitoring networks. The major research work of this dissertation project includes: (1) studying effective feature extraction methods for time series measurement data; (2) investigating the impact of the feature extraction methods and dissimilarity measures on the performance of pattern recognition; (3) researching the effects of environmental factors on the performance of pattern recognition; (4) integrating an embeddable mobile agent system with wireless sensor nodes; (5) optimizing agent generation and distribution using artificial immune system concept and multi-objective algorithms; (6) applying mobile agent technology and pattern recognition algorithms for adaptive structural health monitoring and driving cycle pattern recognition; (7) developing a web-based monitoring network to enable the visualization and analysis of real-time sensor data remotely. Techniques and algorithms developed in this dissertation project will contribute to research advances in networked distributed systems operating under changing environments

A security protocol for authentication of binding updates in Mobile IPv6.

Wireless communication technologies have come along way, improving with every generational leap. As communications evolve so do the system architectures, models and paradigms. Improvements have been seen in the jump from 2G to 3G networks in terms of security. Yet these issues persist and will continue to plague mobile communications into the leap towards 4G networks if not addressed. 4G will be based on the transmission of Internet packets only, using an architecture known as mobile IP. This will feature many advantages, however security is still a fundamental issue to be resolved. One particular security issue involves the route optimisation technique, which deals with binding updates. This allows the corresponding node to by-pass the home agent router to communicate directly with the mobile node. There are a variety of security vulnerabilities with binding updates, which include the interception of data packets, which would allow an attacker to eavesdrop on its contents, breaching the users confidentiality, or to modify transmitted packets for the attackers own malicious purposes. Other possible vulnerabilities with mobile IP include address spoofing, redirection and denial of service attacks. For many of these attacks, all the attacker needs to know is the IPv6 addresses of the mobile’s home agent and the corresponding node. There are a variety of security solutions to prevent these attacks from occurring. Two of the main solutions are cryptography and authentication. Cryptography allows the transmitted data to be scrambled in an undecipherable way resulting in any intercepted packets being illegible to the attacker. Only the party possessing the relevant key will be able to decrypt the message. Authentication is the process of verifying the identity of the user or device one is in communication with. Different authentication architectures exist however many of them rely on a central server to verify the users, resulting in a possible single point of attack. Decentralised authentication mechanisms would be more appropriate for the nature of mobile IP and several protocols are discussed. However they all posses’ flaws, whether they be overly resource intensive or give away vital address data, which can be used to mount an attack. As a result location privacy is investigated in a possible attempt at hiding this sensitive data. Finally, a security solution is proposed to address the security vulnerabilities found in binding updates and attempts to overcome the weaknesses of the examined security solutions. The security protocol proposed in this research involves three new security techniques. The first is a combined solution using Cryptographically Generated Addresses and Return Routability, which are already established solutions, and then introduces a new authentication procedure, to create the Distributed Authentication Protocol to aid with privacy, integrity and authentication. The second is an enhancement to Return Routability called Dual Identity Return Routability, which provides location verification authentication for multiple identities on the same device. The third security technique is called Mobile Home Agents, which provides device and user authentication while introducing location privacy and optimised communication routing. All three security techniques can be used together or individually and each needs to be passed before the binding update is accepted. Cryptographically Generated Addresses asserts the users ownership of the IPv6 address by generating the interface identifier by computing a cryptographic one-way hash function from the users’ public key and auxiliary parameters. The binding between the public key and the address can be verified by recomputing the hash value and by comparing the hash with the interface identifier. This method proves ownership of the address, however it does not prove the address is reachable. After establishing address ownership, Return Routability would then send two security tokens to the mobile node, one directly and one via the home agent. The mobile node would then combine them together to create an encryption key called the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides a validation to the mobile nodes’ location and proves its ownership of the home agent. Return Routability provides a test to verify that the node is reachable. It does not verify that the IPv6 address is owned by the user. This method is combined with Cryptographically Generated Addresses to provide best of both worlds. The third aspect of the first security solution introduces a decentralised authentication mechanism. The correspondent requests the authentication data from both the mobile node and home agent. The mobile sends the data in plain text, which could be encrypted with the binding key and the home agent sends a hash of the data. The correspondent then converts the data so both are hashes and compares them. If they are the same, authentication is successful. This provides device and user authentication which when combined with Cryptographically Generated Addresses and Return Routability create a robust security solution called the Distributed Authentication Protocol. The second new technique was designed to provide an enhancement to a current security solution. Dual Identity Return Routability builds on the concept of Return Routability by providing two Mobile IPv6 addresses on a mobile device, giving the user two separate identities. After establishing address ownership with Cryptographically Generated Addresses, Dual Identity Return Routability would then send security data to both identities, each on a separate network and each having heir own home agents, and the mobile node would then combine them together to create the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides protection against address spoofing as an attacker needs two separate ip addresses, which are linked together. Spoofing only a single address will not pass this security solution. One drawback of the security techniques described, however, is that none of them provide location privacy to hide the users IP address from attackers. An attacker cannot mount a direct attack if the user is invisible. The third new security solution designed is Mobile Home Agents. These are software agents, which provide location privacy to the mobile node by acting as a proxy between it and the network. The Mobile Home Agent resides on the point of attachment and migrates to a new point of attachment at the same time as the mobile node. This provides reduced latency communication and a secure environment for the mobile node. These solutions can be used separately or combined together to form a super security solution, which is demonstrated in this thesis and attempts to provide proof of address ownership, reachability, user and device authentication, location privacy and reduction in communication latency. All these security features are design to protect against one the most devastating attacks in Mobile IPv6, the false binding update, which can allow an attacker to impersonate and deny service to the mobile node by redirecting all data packets to itself. The solutions are all simulated with different scenarios and network configurations and with a variety of attacks, which attempt to send a false binding update to the correspondent node. The results were then collected and analysed to provide conclusive proof that the proposed solutions are effective and robust in protecting against the false binding updates creating a safe and secure network for all

SPMA-NETS: SECURITY PROTOCOL BASED MOBILE AGENT IN MANETS

The security in the communication process is an important issue since the days of homing pigeons, where the people accustomed to send encrypted messages. In nowadays, with the technologies development, this issue is considered as a research field, which take a great part of attention. The mobile ad hoc network is aspect of the evolution of communication technology; it is defined a collection of mobile nodes, with no fixed infrastructure, resource constraints, communicate with each other using the radio medium, and dynamic creation and organization. The security issue is becoming a main concern in the applications of mobile ad hoc network.In this paper, we propose a security protocol for a mobile ad hoc networks based mobile agent, where the network is consisting of a set of nodes, each node has node agent for resources estimation of the node and communicate with others agents. The network is divided into a set of clusters; each cluster has to elect a node to be the head cluster, where the monitor agent will be reside. This monitor agent controls the communication inside cluster by collecting and analysing the data from the others nodes, it creates an inspector agent, which can move from one node to another to act like a local IDS in the visited node

A mobile application based on software agents and mobile web services

Purpose - The aim of the research is to discuss the design and development of a mobile application using two technologies known as software agent (SA) and mobile web services. Design/methodology/approach - The objectives were achieved by testing the integration of SAs and mobile web services into mobile applications. The approach suggested in the paper has relied on some modeling techniques such as service chart diagram and addressed some security issues. Findings - It was found in the course of the work the necessity of being aware of the limitations of mobile devices, despite all the major developments that are happening. In addition, it was found that it is deemed appropriate to provide some modeling techniques which suit the development of mobile applications. Originality/value - The paper discusses the concept of mobile web services. The paper is particularly useful to those who are in the field of mobile computing. © Emerald Group Publishing Limited

Security Management System for 4G Heterogeneous Networks

There is constant demand for the development of mobile networks to meet the service requirements of users, and their development is a significant topic of research. The current fourth generation (4G) of mobile networks are expected to provide high speed connections anywhere at any time. Various existing 4G architectures such as LTE and WiMax support only wireless technologies, while an alternative architecture, Y-Comm, has been proposed to combine both existing wired and wireless networks. Y-Comm seeks to meet the main service requirements of 4G by converging the existing networks, so that the user can get better service anywhere and at any time. One of the major characteristics of Y-Comm is heterogeneity, which means that networks with different topologies work together to provide seamless communication to the end user. However, this heterogeneity leads to technical issues which may compromise quality of service, vertical handover and security. Due to the convergence characteristic of Y-Comm, security is considered more significant than in the existing LTE and WiMax networks. These security concerns have motivated this research study to propose a novel security management system. The research aims to meet the security requirements of 4G mobile networks, e.g. preventing end user devices from being used as attack tools. This requirement has not been met clearly in previous studies of Y-Comm, but this study proposes a security management system which does this. This research follows the ITU-T recommendation M.3400 dealing with security violations within Y-Comm networks. It proposes a policy-based security management system to deal with events that trigger actions in the system and uses Ponder2 to implement it. The proposed system, located in the top layer of the Y-Comm architecture, interacts with components of Y-Comm to enforce the appropriate policies. Its four main components are the Intelligent Agent, the Security Engine, the Security Policies Database and the Security Administrator. These are represented in this research as managed objects to meet design considerations such as extensibility and modifiability. This research demonstrates that the proposed system meets the security requirements of the Y-Comm environment. Its deployment is possible with managed objects built with Ponder2 for all of the components of Y-Comm, which means that the security management system is able to prevent end user devices from being used as attack tools. It can also achieve other security goals of Y-Comm networks