Privacy in Mobile Agent Systems: Untraceability

Agent based Internet environments are an interesting alternative to existing approaches of building software systems. The enabling feature of agents is that they allow software development based on the abstraction (a "metaphor") of elements of the real world. In other words, they allow building software systems, which work as human societies, in which members share products and services, cooperate or compete with each other. Organisational, behavioural and functional models etc applied into the systems can be copied from the real world. The growing interest in agent technologies in the European Union was expressed through the foundation of the Coordination Action for Agent-Based Computing, funded under the European Commission's Sixth Framework Programme (FP6). The action, called AgentLink III is run by the Information Society Technologies (IST) programme. The long-term goal of AgentLink is to put Europe at the leading edge of international competitiveness in this increasingly important area. According to AgentLink "Roadmap for Agent Based Computing"; agent-based systems are perceived as "one of the most vibrant and important areas of research and development to have emerged in information technology in recent years, underpinning many aspects of broader information society technologies"; However, with the emergence of the new paradigm, came also new challenges. One of them is that agent environments, especially those which allow for mobility of agents, are much more difficult to protect from intruders than conventional systems. Agent environments still lack sufficient and effective solutions to assure their security. The problem which till now has not been addressed sufficiently in agent-based systems is privacy, and particularly the anonymity of agent users. Although anonymity was studied extensively for traditional message-based communication for which during the past twenty five years various techniques have been proposed, for agent systems this problem has never been directly addressed. The research presented in this report aimed at filling this gap. This report summarises results of studies aiming at the identification of threats to privacy in agent-based systems and the methods of their protection.JRC.G.6-Sensors, radar technologies and cybersecurit

Malware Templates for MAlSim

This report describes the methodology of malware templates for MAlSim - Mobile Agent Malware Simulator, a mobile agent framework which aims at simulation of diverse malicious software in computer network of an arbitrary information system. Malware template is a pattern (a 'guide') for implementation of MAlSim agent aiming at simulation of a concrete malware. It indicates the selection and configuration of Java classes (MAlSim agent, one or more behavioural patterns and one or more migration/replication patterns) selected from MAlSim Toolkit.JRC.G.6-Sensors, radar technologies and cybersecurit

MAlSim Deployment

This report describes the deployment issues related to MAlSim - Mobile Agent Malware Simulator - a mobile agent framework which aims at simulation of malware - malicious software that run on a computer and make the system behaving in a way wanted by an attacker. MAlSim was introduced in our previous report where we described its composition and functions, and provided the details of the simulation environment in which MAlSim is deployed and the auxiliary parts which support the experiments performed with MAlSim. In this report we are providing more technical details related to the installation and use of the framework.JRC.G.6-Sensors, radar technologies and cybersecurit

The Solution for Anonymous Access of IT Services and its Application to e-health Counselling

E-Health is a domain which refers to the use of modern information and communication technologies to provide citizens with health services and information. In the e-Heath particular attention is paid to users' privacy. Patient data must be protected from a disclosure to unauthorized third parties, especially in the face of the progress in genetic research, where obtaining health data related to one user may lead to deduction about the health of the user's relatives. The paper presents a solution for anonymous access of IT services and its application to an e-Health counseling scenario.JRC.G.6-Sensors, radar technologies and cybersecurit

Anonymity Architecture for Mobile Agent Systems

The paper presents a new security architecture for MAS, which supports anonymity of agent owners. The architecture is composed of two main elements: Module I: Untraceability Protocol Infrastructure and Module II: Additional Untraceability Support. Module I is based on the recently proposed untraceability protocol for MAS and it forms the core of the anonymity architecture, which can be supported by the elements of the second module. This part of architecture was implemented and provided to MAS users. Module II instead, is defined in abstract way, through high-level description of its components.JRC.G.6-Sensors, radar technologies and cybersecurit

Evaluation of Agent Platforms (ver. 2.0)

This report is an extended and updated version of the technical report Evaluation of Agent Platforms, which summarised the results of our evaluation of agent platforms aiming at choosing the agent platform for the FP6/IST Personalised Information Platform for Health and Life Services project. Agent platform is a technological architecture providing the environment in which agents can actively exist and operate to achieve their goals. The evaluation indicates JADE as the most appropriate platform for our applications as it is standards compliant, open source, popular, available and maintained, supported by a community and more. The platform was chosen between nine FIPA compliant agent platforms after studying alternative platform evaluations extended with our own assessments against proposed criteria.JRC.G.6-Sensors, radar technologies and cybersecurit

An Untraceability Protocol for Mobile Agents and Its Enhanced Security Study

Among various computational models to accommodate the mobile wireless computing paradigm, the mobile agent model has major technological advantages. Moreover, our research shows that the model has some unique features which, if used appropriately, may support user privacy. We therefore propose a security protocol for mobile agents aiming at user untraceability. We have performed a basic security analysis of the protocol and evaluated its performance. We have also implemented it, made it available to users, and applied it to an e-health service. In this paper, we present an enhanced security study of the protocol. As far as we know, such systematised study has not yet been performed. Additionally, known analyses limit their interest to particular attackers (internal attackers). We believe that the attack checklist which we developed to evaluate our protocol, may serve as a helpful reference for authors of other protocols. The paper is also addressed to designers and administrators of mobile agent systems who consider provision of user untraceability within their systems.JRC.G.6-Sensors, radar technologies and cybersecurit

Untraceability of Mobile Agents

In the article we present two untraceability protocols for mobile agents. Comparing to other solutions, the advantage of the protocols is that they support agent's autonomy in choosing the migration path.JRC.G.6-Sensors, radar technologies and cybersecurit

Security Assessment of a Turbo-Gas Power Plant

Critical Infrastructures are nowadays exposed to new kind of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of ICT and Network technologies into such complex critical systems. In this paper we present the first outcomes of an exhaustive ICT security assessment analysis, having as target a real, well defined, Turbo-Gas based Power Plant.JRC.G.6-Security technology assessmen

MAlSim - Mobile Agent Malware Simulator

One of the problems related to the simulation of attacks against critical infrastructures is the lack of adequate tools for the simulation of malicious software (malware). Malware attacks are the most frequent in the Internet and they pose a serious threat against critical networked infrastructures. To address this issue we developed Mobile Agent Malware Simulator (MAlSim). The framework uses the technology of mobile agents and it aims at simulation of various types of malicious software (viruses, worms, malicious mobile code). Moreover it can be flexibly deployed over computer network of an arbitrary information system.JRC.G.6-Sensors, radar technologies and cybersecurit