Security Approaches For Mobile Multi-Agent System

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 2, Issue 12, December 2012)

681

Security Approaches For Mobile Multi-Agent System

Swati Aggarwal

1

, Suyash Bhardwaj

2

, Promod Kumar

3

1_{Assistant Professor, Department of Computer Application, IMS Engineering College, Ghaziabad}

2_{Assistant Professor, Department of Computer Science & Eng. Faculty of Engineering & Technology, Gurukul kangri}

University, Haridwar

3_{Research Scholar, Singhania University Rajasthan}

Abstract— Mobile Computing is the current area of research. Many researchers trying to do research in this filed. In mobile Computing the mobile agents are the very important thing. When different mobile agents work in the same environment simultaneously it becomes a very important issue. Mobile agents have automatic, pro-active, and dynamic problem solving behaviors.

However, scope of this paper is limited to analyze the existing security approaches for Mobile Multi Agent System. Security issues of mobile agent address the problem of securing and protecting agents from the attack of malicious hosts and other agents as well as securing the host from attack of malicious agents.

This paper studies the various security solutions proposed by researchers for Mobile Agents in Multi Agent environment for different applications and analyze them on the basis of various parameters such as performance, requirements and complexity.

Keywords - Mobile Agent, Mobile Mult Agent System, Security

I. INTRODUCTION

A Mobile Agent (MA) is a process that can transport its state from one environment to another, with its data intact, and be capable of performing appropriately in the new environment. MA is robust, autonomous and supports disconnect computing which not only reduces bandwidth consumption but also moderates the effects of high latency.

A Multi Agent System (MAS) is a system composed of multiple interacting intelligent agents. It may contain multiple MAs launch by same user or by different users or combination of MAs and software agents. MAS are used to solve problems, which are difficult or impossible for an individual agent or monolithic system to solve.

In emerging technology of Internet, security issues are becoming more challenging. Use of the World-Wide-Web and Internet has become widespread in recent years and agent technology has proliferated at an equally rapid rate.

II. SECURITY IN MULTI AGENT SYSTEM

Since the codes of MAs are executed on remote platforms, security concerns arise to protect the agents if the remote platforms are malicious. On the other hand, there are threats to host if the MA is malicious. It may attack the hosts (platforms) which enables it to execute.

Security in MA can be broadly classified as [3]:

A. From Agent to Host

MA may attack the public services offered by the hosts, may modify the activity of other agents, may transmit viruses, Trojan horses and worms. Different types of threats are-

 Masquerading: One host in the network impersonates another host thus “hijacks” an unsuspicious agent.

 Denial of Service:A host can deadlock or live lock an agent.

 Eaves Dropping:The host not only can access the agent’s code, state, and data, it can also infer information of the agent from the request the agent makes.

 Alteration: A host can alter the code, the state, or the data of an agent requesting service on that host.

B. From Agent to Agent:

 MAs may modify other MAs. Different types of threats in this types of security is:

 Masquerading: An agent can pose as a platform offering some services to another agent.

 Denial of Service: It is possible for a malicious agent to launch a denial of service attack against other agents.

 Unauthorized access: An agent can directly invoke the public methods of other agents, or modify its code and data.

(2)

International Journal of Emerging Technology and Advanced Engineering

682 C. From Host to Agent

The hosts may modify the MAs. Different types of threats in this types of security is:

 Masquerading: An agent can take the identity of another agent to gain unauthorized access to resources or to shift the blame for any actions for which it does not want to be held accountable.

 Denial of Service: MAs can launch a denial of service attack by consuming excessive amounts of the platform’s computing resources.

 Unauthorized access: Unauthorized users can access the resources

 Damaged to host resources: An agent can damage the resources of the host by requesting services on that host.

III. SECURITY ARCHITECTURE FOR MOBILE AGENT SYSTEMS

Current Operating systems do not have support for mobile agents. Hence, special middleware are needed to provide suitable infrastructure as middleware between mobile agents and operating system. This middleware is referred as Mobile Agent System/Platform. It provides a framework on which MA applications can be developed and managed. A MA must run on mobile agent systems. It is a combination of client and server, which when located on a host computer, runs, sends, and receives MAs. Various mobile agent systems have been developed or are under development in various university research groups or industrial companies. Some of the mobile agent systems developed so far are –SOMA, Ajanta, Concordia, AGENT TCL, Wave Secure System (WSS), MANSION FRAMEWORK, Aglet and many more.

This section discusses various security approaches used in different mobile agent systems.

A. Security approach in SOMA (Secure and Open Mobile Agents): -

SOMA developed at the University of Bologna, is a mobile agent system implemented in Java. SOMA permits to protect both:

 Hosts from malicious agents

 Incoming agents from malicious hosts.

To achieve this goal, the SOMA framework supports the definition and the enforcement of flexible security policies to govern the interactions of agents with both other agents and with the available resources in the execution sites.

Whenever possible, SOMA security model has been implemented by taking into account the standard security solutions employed in distributed systems. In fact, the design and the exploitation of ad hoc security mechanisms could require too great an effort. More important point is that non standard tools are unlikely to be accepted in open environments [11].

SOMA uses X.509 and role certificates to register different entities like places, agents etc. SOMA addresses the issue of Host protection by authentication of the agents at both domain and place level. Each of the resources in the domain are protected by a Role based Access control list. "Agents are authenticated based on the owner credentials” [12]. When the agents are loaded into a remote site their credentials are verified and then the role base authenticity is verified.

Then the agents have access to the different resources based on the role based access control lists. The agents are executed under protection domains so that they have limited access to the resources and also they are isolated from the other agents running concurrently. This is done by using Class loaders of Java.

1) Protection of hosts against potentially malicious agents

SOMA protects hosts against potentially malicious agents by supporting agent authentication and authorization at both domain and place level.

a) Agent Authentication

The credentials of different agents are used for the authentication of them. Basically Credentials are a series of unforgivable information containing the names of the originating domain and place, the name and the role of the principal the agent acts on behalf of. The integration of a full Entrust Public Key Infrastructure within SOMA permits to provide an automatic and transparent key/credential management.

b) Agent Authorization

In agent-based applications each agent performs a specific task, but it also interacts with local and remote resources and with other agents. This requires appropriate support to specify access control policies for agent-to-resource and agent-to-agent interactions. Modeling access control in terms of roles can improve the manageability of applications that have a diverse community of agents.

(3)

International Journal of Emerging Technology and Advanced Engineering

683 There is a need for policy languages that can suitably model and express all of these policies and that can be integrated within an agent infrastructure. The authorization service is designed to perform flexible and fine-grained access controls that depend on both static and dynamic attributes.

Static attributes include, for instance, the identity/role of the user responsible for agent execution and the host from where the agent code was loaded (in the case of mobile agents).

Dynamic attributes relate to the current context in which the agent operates such as, for instance, the current time, the current application state, and the state of the resources that the agent is accessing [13] .

The system does not strongly address the issue of denial of service and agent security.

2) Protection of agents against malicious places

SOMA focuses on how to achieve agent state integrity by presenting several possible solutions, suitable for different application scenarios. All approaches are aimed at detecting any attack targeted at modifying or deleting the agent state.

The first solution requires the presence of a Trusted-Third-Party(TTP) entity offering a trusted and secure environment to agents in need of performing cryptographic functions. In this case, after any visit to any un trusted site, an agent should visit a TTP site to validate its computation. The second solution, called Multiple-Hops(MH), achieves agent integrity without the need of a TTP. The MH protocol does not impose additional hops to agent paths: agents are able to autonomously roam throughout the network without being constrained to interact with TTPs.

The two approaches present the following common assumptions:

 Agents can dynamically decide the sites to visit and are not constrained to follow only paths predefined by their owners;

 There is a public-key infrastructure, managing entity certification;

 Any couple of sites can be connected via an encrypted channel to preserve state confidentiality. Furthermore, the two solutions share the following definitions:

 A Message Integrity Code (MIC) permits to verify agent state integrity; a MIC is a hash over some data with a collision free hash function;

 An agent is composed by three parts: Code and Initialization Data (CID), Application Data (AD), and Protocol Data (PD).

The CID is the immutable part of the agent. The AD part contains the data collected by the agent at each hop. The integrity of collected data is ensured by the PD part that records the information needed for the verification of integrity.

B. Security approach in AJANTA

Ajanta is a java based system for MA programming. Ajanta is a system which addresses most of the security threats discussed and provides solution for these threats.

To provide secure communication between the agent server and the host Ajanta provides a challenge response mechanism for authentication with nonce to prevent replay attacks. In Ajanta naming is combined with the security. Ajanta uses Uniform resource name which it uses to authenticate itself. Ajanta uses Agent transfer protocol for transfer of agents between its current server and the next server in the itinerary list. The protocol has three steps;

1) The current sends an ATP request to the destination containing the agents signed credentials. The destination verifies the signature on the credentials. 2) If the agent is accepted an entry is created in the local

database. Now the current server sends the agent to the destination.

3) The server which receives the agent verifies that it matches the previous credentials. The destination now sends an acknowledgement for the transfer. Upon receiving the acknowledgement the previous server updates its database entry [14].

As a mobile agent traverses the network, its code

and data are vulnerable to various types of security

threats. These include passive attacks such as

eavesdropping and traffic analysis and active attacks

such as message modification, deletion or forging.

Passive attacks are difficult to detect, but can usually

be protected against using cryptographic mechanisms.

In contrast, active attacks are relatively easy to detect

cryptographically, but they are difficult to prevent

altogether.

a) Protection of host resources

A network host running an agent server is exposed to various attacks by mobile agents.

 Pilfering of sensitive information

 Damage to host resources

 Denial of service to other agents

(4)

International Journal of Emerging Technology and Advanced Engineering

684 The system must therefore provide authorization mechanisms to agent servers, for specifying restricted access Rights for agents. The rights assigned usually depend on the agent's identity (implying that a Secure authentication facility is necessary), and are determined by consulting a user-defined Security policy.

b) Protection of Agent

When an agent executes on a host's agent server, it is in effect completely exposed to that host. If the server happens to be malicious, it can affect the agent in many different ways:

 It can simply destroy the agent and thus impede the function in go fits creator application.

 It can steal useful information stored in the agent, such as intermediate results gathered by the agent during its travels.

 It can modify the data carried by the agent, for example changing the price quoted by a Competitor in a shopping mall, to fool the creator application into favoring the malicious server.

 It can attempt to alter the agent's code and have it perform malicious actions when it returns to its home site. This is especially dangerous, since the home site could treat its own agents as trusted entities, and possibly allow them to bypass access controls to its own resources.

Ajanta provides protection domains for the agents. This is mainly to separate the different agents that are running concurrently and to restrict the use of resources by an agent. This is done by using the java Class Loading and thread grouping [13].

C. Security approach in CONCORDIA

Concordia system is a java based system for mobile programming. Concordia system provides three kinds of security mechanisms [16].

a) Secure Network transfer of Agents

b) Protection of a host from attack or misuse by malicious agents

c) Protection of an agent from attack of an another malicious agent.

Concordia provides security while on transit with the help of Secure Socket Layers. Secure Socket Layer in this system is implemented over Java and thus it is very easy to blend it with other protocols. "The current implementation of Concordia makes use of the Java RMI middleware to provide network communication which provides Java specific distributed object layer on top of standard TCP/IP sockets"[16].

Resource protection in Concordia is entirely based on the protection mechanisms provided by the Java language. It makes use of the sandbox [17] by Java soft for the protection mechanism. Sandbox [17] pro-vides protection mechanism by using the java Class Loader as was cited earlier. "The protection system in Concordia is built upon the standard Java security classes."[16].

D. Security approach in AGENT TCL

Agent TCL is a secure execution environment for mobile agents to provide restricted resource access. The restricted access is based upon the mediation provided by the interpreter. The interpreter here acts as a reference monitor restricting the direct access to the resources. The resource managers control access to the system resources. Each resource has an agent that acts as a manager. In addition to these the system also has a currency based model where the agents pay for using the resources. The system also maintains an access control list at a coarse granularity. The access control may be different for the agents coming from different sources. This depends on whether the source for the agent is trusted or not. The Agent TCL makes use of the PGP for the authentication service. It also uses PGP for the encryption of data when it has to be transferred from one host to another. The main transport mechanism that is used is TCP/IP. Agent TCL protects the system from malicious agents but not from malicious hosts [13].

E. Security approach in WAVE SECURE SYSTEM (WSS)

WAVE, offers a complete, high-level language that is, despite its fairly simple syntax, rich in semantics and mechanisms for integration, control and management for rapid, effective realization of seamless, cooperative distributed applications. However, like many other mobile agent systems, the lack of security in WAVE highly restricts its scope of applications.

Researcher propose a security architecture and implement a security system based on this architecture for the Wave Secure System. This security system makes use of a rich security model that gives identification to each principal user and provides access control to a very fine level of granularity. The security system also provides the methods for detecting if the behavior or data of a wave agent has been tampered with. Although the security architecture was developed for WAVE, its applicability can be generally suited to any mobile intelligent system. [11]

F. Security approach in MANSION FRAMEWORK

(5)

International Journal of Emerging Technology and Advanced Engineering

685 The logical model provides a clear framework for developing applications. This model is mapped on a set of hosts, using zone as an abstraction to group hosts that belong to a common (security) domain.

Mansion provides a middleware layer for multi agents systems. This middleware provides the basic primitives for terms. This middleware provides the basic primitives for interaction with the world, such as inter agent communication, binding to objects, and for logical (hyperlink) and physical migration. Mansion provides location and distribution transparency of logical entities in a world.

G. Security approach in AGLET

Aglet was developed by IBM Tokyo Research Lab. Aglets (mobile agents) are serialized Java objects that execute on Aglets Workbench (the agent platform).

Aglet is a Java based MA platform and library (framework) for building MAs based applications. An aglet is a Java agent which can autonomously and spontaneously move from one host to another carrying a piece of code with it.

Aglet is completely written in Java, thus allowing a high portability of both the agents and the platform. Aglets includes both a complete Java MA platform, with a stand-alone server called Tahiti, and a library that allows developers to build MAs and to embed the Aglets technology in their applications

A developer can use the classes and methods defined in Java Aglet API for aglet creation and manipulation. The mobility of the aglet is achieved by the sterilization and dynamic class loading techniques of Java. An aglet serializes itself and dispatches to another Aglet Workbench, where it is loaded (executed) by the class loader. A security model has been defined for the Aglet. Every aglet has an identifier, to which appropriate security policies are applied. However, the system does not enforce the access control based on the aglet’s owner. A server simply trusts the aglets if they were sent from the server in the same domain. The servers within a trusted domain must authenticate each other by using a MAC (Message Authentication Code). Aglets are shielded by proxy objects, which provide language level protection as well as location transparency. The Aglet Workbench will enforce the access control according to the aglet’s manufacturer, owner, and the aglet itself . The manufacturer and aglet’s identification can be built into the aglet. Also, no technique for the protecting aglet is provided. [15]

(6)

International Journal of Emerging Technology and Advanced Engineering

686 IV. ANALYSIS OF DIFFERENT MASYSTEMS

Agent System Name Agent Identificat ion Key Distribution Host Protection Agent Protectio n

SOMA Digital Signature. Only the agents from un trusted domains need to be authenticat ed.

X.509

Certification

Access control is enforced according to layered security policies based on the agent’s role.

MH is used to protect the integrity of the collectabl e data.

Ajanta Agent signature identificati on Used Cryptographic mechanism for declaring the data read-only

Proxy based mechanism for secure access to server resources by agents

Java Class Loading and thread grouping

Concordia Global password

N/A Use

Security Manager, which is a Java built-in feature.

Not

available

AGENT TCL Digital _Signature

using PGP

No global Distribution method available

Agent will execute on Safe Tcl environment . The access control is enforced according to security policies. Only two security categories: 1. anonymous 2. authenticate d. Not available Wave Secure System Digital signature

WCI AA

Resource Manager enforces the access control rules and policies based on the agent’s identity and privilege

Provides mechanis m to protect agent’s code and data integrity.

Mansion Agent Public Key Encryption,

Send Box Trusted Zones are

Framework Passport Encrypted Communicati on channels (E.g. using SSL) between middleware process

and Trust used for agent protection

Aglet No identificati on method is needed. Any aglet sent from the same domain is trusted.

N/A Aglet

Workbench enforces access control by using proxy objects. Only two security categories: trusted and un trusted.

Not

available

V. CONCLUSION

This paper is based on the analysis of security approaches for mobile multi agent system. Here we try to compare the different security architecture for mobile multi agent system in terms of cryptographic technique used, host and agent protection etc. We also have discussed the different existing security approaches for multi agents system. We also argue that still problems of security are not solved. Based on this analysis, there is a need of any security architecture provide complete solution for mobile multi agent system for agents and host both.

REFERENCES

[1] Jian Chen B.Eng “A Hierarchical Fault-Tolerance Framework for Mobile Intelligent Agent Systems”, in Huazhong University of Science and Technology, 1996, M.Eng., Tsinghua University, 1999 [2] “Efficient and Secure Web Services by using Multi Agents”

Abolfazl Esfandi, Department of Computer Engineering, Islamic Azad University Boroujerd Branch, Iran. International Journal of Computer Applications (0975 – 8887) Volume 50 – No.1, July 2012 [3] “Thesis Languages for Mobile Agents” by Steven Versteeg

Supervisor: Leon Sterling in 25 August, 1997.

[4] Wayner, P., Free Agents, Byte, March 1995, pp. 105-114.

[5] Gulyás, L., Kovács, L., Micsik, A., Pataki, B., Zsámboki, I., An Overview of Mobile Software Systems, Department ofDistributed Systems, Computer and Automation Research Institute of the Hungarian Academy of Sciences, MTA SZTAKI Technical Report TR 2000-1, 2001.

[6] Assistant Barna Iantovics ,”Security Issues of the Mobile Multiagent Systems”, Petru Maior University of Tg. Mureş

[7] PENG FU “A Security Architecture for Mobile Agent System”, B.Eng., Tsinghua University China, 1999, THE UNIVERSITY OF BRITISH COLUMBIA October 2001© Peng Fu, 2001

(7)

International Journal of Emerging Technology and Advanced Engineering

687 [9] Babak Khosravifar, “Trust and Reputation in Multi-Agent Systems”,

A Thesis, Department of Electrical and Computer Engineering Concordia University, April 2012

[10] P. Dasgupta. Trust as a commodity. InDiegoGambetta, editor, Trust: Marking and Break-ing Coopertaive Relations, Department of Socialogy, University of Oxford, electronic edition, pp. 49-72, 2000. [11] PENG FU, “A Security Architecture for Mobile Agent System” B.Eng., Tsinghua University China, 1999. THE UNIVERSITY OF BRITISH COLUMBIA October 2001

[12] "security issues in mobile agent technology" Corradi, A.; Montanari, R.; Stefanelli, C. Distributed Computing Systems, 1999. Proceedings. 7th IEEE Workshop on Future Trends of, 1999, Page(s): 3 -8

[13] Vinay Sridhara, “THREATS AND SECURITY MEASURES FOR SYSTEMS USING MOBILE AGENTS”, [email protected] University of Southern California, Los Angeles.

[14] "A security architecture for mobile agents in Ajanta" Karnik, N.M.; Tripathi, A.R. Distributed Computing Systems, 2000. Proceedings. 20th Inter-national Conference on , 2000 , Page(s): 402 -409 [15] B. Venners, “The Archi tecture of Agl ets”, JavaWorl d,

http://www.j avaworl d.com/j avaworl d/j w-04-hood.html , Apri l 1997

[16] Security and reliability in Concordia/sup TM/ Walsh, T.; Paciorek, N.; Wong, D. System Sci-ences, 1998., Proceedings of the Thirty-First Hawaii International Conference on Volume: 7 , 1998 ,Page(s): 44 -53 vol.7

[17] Security in the large: is Javaís sandbox scalable? Qun Zhong; Edwards, N. Reliable Distrib-uted Systems, 1998. Proceedings. Seventeenth IEEE Symposium on , 1998 , Page(s): 387 -392 [18] Nrupatunga Y, “Mobile Agent Security – Aglet”, Department Of