Professional Documents
Culture Documents
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 102
Abstract— Mobile agent technology is a new paradigm of distributed computing that can replace the conventional client-server
model. However, it has not become popular due to some problems such as security. The fact that hosts have complete control
over all the programs makes it very hard to protect mobile agents from untrusted hosts. The cryptographic key generation and
distribution mechanism strongly holds the success of the mobile agent security systems. The agents and hosts are mutually
distrusting each other, but they trust the third parties. In this paper, this property is exploited for the secure way of generating
and distributing the keys using service oriented architecture.
—————————— ——————————
1 INTRODUCTION
This paper refers to forward integrity as strong forward trusted infrastructure elements which may or may not
integrity (when applicable). To make notion of forward exist.
integrity more useful, publicly verifiable forward integri-
ty is also defined, that enables any host to detect com- Extended Deployment Periods: Agents must function for
promised agents. extended periods of time, thus allowing users to launch
long-term “watcher” agents that take action only if speci-
Definition 4 (Publicly verifiable forward integrity): Any fied criteria have been met and other long-term service
host Si can verify that the chain of partial results agents.
m(i0),….m(in-1) has not been compromised.
Safe Execution: Agents must be free from integrity attacks
Definition 5 (Insertion Resilience): Offers can only be add- conducted by malicious hosts or other agents, and must
ed to the agent data by authorized hosts. be protected from faulty execution or non-execution by
malicious hosts. Agents will also be much more useful if
Definition 6 (Truncation Resilience): The chain can only be they can carry secrets (such as cryptographic keys or user
truncated at i if the host Si colludes with the malicious decision information, such as how much a user would be
host(s). willing to pay for merchandise).
Detached Operation: Agents must operate autonomously, As the key changes for a host on each visit, it would not
without the need for constant communication with users, be possible for the malicious host to change the offer
and, preferably, without constant communication with submitted by the host. However, this also comes with the
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 9, SEPTEMBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 104
limitation that a host cannot update the offers it has sub- (ii) Since the offer itself is used in computing the
mitted as the offer itself is used in computing the key. key for the next host, offers may not be
changed, and a new key must be generated
4.2 Encryption and Decryption of Data each time when the agent re-visits a host.
(iii) A limited degree of insertion resilience is en-
Each host generates the offer oi, and the first offer is en- sured by this protocol. A malicious server
crypted using the random key generated by the Origina- cannot insert spurious offers into the chain of
tor. All the subsequent offers are encrypted by the key hosts visited prior to it. However, it is possi-
generated by the previous host. As the Agent reaches the ble for a malicious server to insert data in the
originator, the originator decrypts the first offer using the chain from this point onward, since the tech-
random key it generated. This would also give the key the nique explicitly allows a host to do so. In a
next offer is encapsulated with. All the subsequent keys chain of encapsulated offers O1, … Om, it is
are generated by each of the offers submitted by the host. possible to detect any truncation at k < m,
Setup on Source System: (Originator) assuming that m is not malicious. However,
S0 -> S1: a malicious host can truncate all the offers
ω0 = Ø; Ω0 = Ø following its own and can insert fake offers.
K1 = random initial key
Visit on a hostSi :
5 PROPOSED KEY EXCHANGE AND AGENT
Encapsulated Offer INTEGRITY TECHNIQUE
Oi = (oi, MACKi(ri, oi, Si+1))
The proposed key exchange and agent integrity technique
Protocol
will overcome the limitations discussed in the previous
Si -> Si+1:
technique. The three important areas of focus of the cur-
Ri = ENC0(ri) ; ωi = ωi-1 U {oi, Ri }
rent technique are
Ωi = Ωi-1 U {Oi};
(i) Authentication & Key Exchange
(ii) Integrity of code and mobile agent
(iii) Protection of bid collected from each host
and partial encapsulation of data
5.1 Authentication & Key Exchange
4.3 Limitations
The mobile agent reaches the originator and the origina- The application system is designed to retrieve the cost of
tor decrypts each bid to read the offers. This technique an Air Ticket phone from each host. The originator signs
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 9, SEPTEMBER 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 106
his request and floated across the hosts. The hosts are Verlag, 2002.
giving their offer in an encrypted form and this encrypted [11] B.Yee A Sanctuary for mobile agents. In J.Vitek
offer is digitally signed. Finally the host receives the data and C.Jensen, editors, Secure Internet Programming,
in a secure way. The agent gets the key through the Third volume 1603 if lecture notes in Computer Science, p.
Party Key Exchange server and decrypts each bid sent by 261-273. Springer-Verlag,1999.
the host and presented to the user. Each of the bid is en-
crypted by a 1024 bit key and is completely protected.
7 CONCLUSION
This paper has attempted to improve the security aspects
of mobile agents by proposing an approach based on Cer-
tifying Authority (CA). The major issue of distributing
cryptographic keys is solved using a trusted Third Party
Key Exchange server. This application may be extended
in future to develop new system architecture to ensure
the security at the system level itself.
8 REFERENCES