Professional Documents
Culture Documents
Dr Riktesh Srivastava
Associate Professor, Information Systems
Skyline University College, University City of Sharjah
SHARJAH, UAE.
Email: rsrivastava@skylineuniversity.ac.ae
Abstract
The expansion of the Internet has made an authoritative impact on the approach the conventional business was
conducted. Electronic Commerce, a new-fangled way to demeanor business, is gaining an added recognition.
Despite its swift intensification, there are limitations that encumber the expansion of Electronic Commerce. The
crucial basis for such an impediment was the sluggish performance of Client Server (CS) computing, on which
Electronic Commerce was equipped. The elucidation to the quandary was found in Mobile Agents (MA). MA is a
computer software code that acts autonomously on behalf of a user and travels through a network of heterogeneous
machines, thereby providing greater flexibility, agile capability and customizability for user. Although MA has
generated a substantial anticipation in the way Electronic Business was conducted, security related problem is the
foremost distress for the organizations. In this paper, a complete mathematical formulation of system for controlling
transaction flow in online payment system using MA is being conducted and presented.
Keywords: Mobile Agents, Trusted Server, Coordinating Server, RSA, Asymmetric Algorithm, Symmetric Algorithm,
Hash Function, Digital Signature.
1. Introduction
Over the years, the electronic commerce has evolved from client-server environments to mobile agent platforms that
allocate multifaceted forms of distributed computing. MA allows complete mobility of cooperating applications
among supporting platforms to outline a large-scale, loosely-coupled distributed system [1]. Mobile Agents are the
software programs that are goal-directed and competent of suspending their implementation on one platform and
stirring to another platform where they resurrect execution [1]. More precisely, A mobile agent is a program that can
autonomously migrate between various nodes of a network and perform computations on behalf of a user [2].
In other words, Mobile Agents gets the authority to work autonomously towards a goal, and interact with other
Mobile Agents as well. Agents may be static (stationary), always resident at a single platform; or dynamic (mobile),
capable of moving among different platforms at different times.
Despite its numerous practical benefits, Mobile Agent technology results in momentous new security threats from
malicious agents and hosts. The primary added complication is that, a Mobile Agent traverses multiple machines
that are trusted; they can be attacked by intruders while traversing these machines, which can change its state that
adversely impact the functionalities. This paper illustrates the second category of Mobile Agents (dynamic) in an
electronic market place and focuses on the security issues that arise when these Mobile Agents traverses from one
machine to other.
The complete paper is alienated into 6 sections. Section 2 of the paper depicts the Electronic Marketplace for the
MA. HS, TS and CS are the three servers used for the security of MA and
The first section of the manuscript portrays diverse encryption and decryption mechanism currently being adopted
for security of MA. Section 2 illustrates of the workflow of MA in the proposed architecture for Electronic
Marketplace. Section 3 of the manuscript elaborates the security mechanism for agent-mediated Electronic
Marketplace. Section 4 of the paper presents the activity diagram of the entire security prototype in the proposed
model. Conclusion is drawn in the last section.
The complete functionality of the Mobile Agents (MA) in an Electronic Marketplace can be described in
the following steps:
1) The client principally registers itself to the Home Server (HS). In the architecture, the HS has a
build-in Agent System (We took Aglet Developing Tool (ADT) at this stage). For every new
request, the HS registers the client. Once the registration is accomplished, MA for user request is
created.
2) Beside with the request to create the MA, HS also accepts the client query, which comprises
product the customer requests to purchase, time limit, predictable price which the customer
wishes to pay, magnitude and delivery dates amongst others.
3) Once all the information is being acknowledged from the client, HS sends the service necessities
to the Agent System (AS). AS checks whether the required service exists, and upon confirmation
sends the addresses and the name of the service providers to the HS. Upon receiving the response,
HS generates the route list for MA.
4) The request is then transferred to Trusted Server (TS) to device the security mechanism MA.
5) After the security mechanism is put to place, MA is send to number of Coordinating Server (CS),
which has number of Mobile Seller Agents (MSA). It must be also noted that each CS has
number of MA attached to it.
CS1 , CS 2 ,...........................CSn
(1)
M EH (CDC )
(2)
The code and data component is the part of MA, which is mostly attacked by intruders, and hence, needs
a security mechanism.
As mentioned in Equation (2), CDC is first encrypted by the private key of HS. Then, the encrypted CDC
is again encrypted with the session key (randomly generated) using symmetric key algorithm (TDES).
M ES ( EH (CDC ))
(3)
So the actual structure of MA is given in Figure 3, given below
n 1
AP
ES ( EH (CDC ))
CS
i 1
Mi
Figure 3: Actual structure of MA
n 1
M i AP ES ( EH (CDC )) CSi
(4)
i 1
ES EH (CDC )
CDC
EH (CDC )
ES
DH
(5)
Stage 2
As already mentioned in Stage 1, the TS receives the M i which includes AP, CDC and list of all
participating CS in the said electronic marketplace. Using AP, the Trusted Server validates the request
from the Home Server and proceeds further. It must be noted that Trusted Server (TS) enables the mobile
agents to retrieve the information from the list of CS in an electronic marketplace. Every CS (
CS1 , CS 2 ,...........................CSn ) has a list of host ( H1 , H 2 ,.................., H n ). These list of host
provides the items being offered along with the price of each of them, making the electronic marketplace
a typical case of B2C type of electronic commerce.
n 1
M i AP CDC CSi
i 1
ET H M i DST
Stage 5
Stage 5 elaborates the use of security mechanism of the Electronic Cheque (e-Cheque) issued by the
clients bank. The concept of e-Cheque was first introduced by [x].