Authors: Khaled E. A. Negm

Abstract:

In the current research, we present an operation framework and protection mechanism to facilitate secure environment to protect mobile agents against tampering. The system depends on the presence of an authentication authority. The advantage of the proposed system is that security measures is an integral part of the design, thus common security retrofitting problems do not arise. This is due to the presence of AlGamal encryption mechanism to protect its confidential content and any collected data by the agent from the visited host . So that eavesdropping on information from the agent is no longer possible to reveal any confidential information. Also the inherent security constraints within the framework allow the system to operate as an intrusion detection system for any mobile agent environment. The mechanism is tested for most of the well known severe attacks against agents and networked systems. The scheme proved a promising performance that makes it very much recommended for the types of transactions that needs highly secure environments, e. g., business to business.

Keywords: Mobile agent security, mobile accesses, agent encryption.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1059541

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1996

References:

[1] D. Vincenzetti and M. Cotrozzi, ATP anti tampering program, in Edward DeHart, ed., Proc. of Security IV Conf.-USENIX Assoc., pp 79-90, 1993.
[2] R. Sielken, Application Intrusion Detection, Univ. of Virginia Computer Science Technical Report CS-99-17, 1999.
[3] V. Roth, "Scalable and Secure Global Name Services for Mobile Agents," 6th ECOOP Workshop on Mobile Object Systems: Operating System Support, Security and Programming Languages, 2000.
[4] R. Gray, "D-Agents: Security in a Multiple Language, Mobile- Agent System," in Mobile Agents and Security, G. Vigna, ed., LNCS 1419 pp. 154-187, Springer, 1998.
[5] Fuggetta, G, Picco, and G. Vigna, "Understanding Code Mobility," IEEE Transactions on Software Engineering, 24, pp. 342-361, 1998.
[6] "Agent Management," FIPA 1997 Specification, part 1, ver. 2.0, Foundation for Intelligent Physical Agents, 1998.
[7] "Mobile Agent System Interoperability Facilities Specification," OMG-TC-orbos/97, 1997.
[8] "Jumping Beans White Paper," Ad Astra Engineering Inc., CA, 1998.
[9] Khaled E. A. Negm, "Implementation of Secure Mobile Agent for Ad-Hoc Networks, WEAS Transactions on Communications, Vol. 2, 2003, pp. 519-526.
[10] Khaled E. A. Negm and Wael Adi, "Secure Mobile Code Computing in Distributed Remote Environment, Proc. the 2004 IEEE International Conference on Networking, Sensing and Control, 2004, pp. 270-275.
[11] W. Farmer, J. Guttman, and V. Swarup, Security for Mobile Agents: Issues and Requirements. In Proc. of the 19th International Information Systems Security Conference, pp. 591-597, 1996.
[12] F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal, "Pattern-Oriented Software Architecture: A System of Patterns," John Wiley, UK, 1996.
[13] J. White, "Mobile Agents," in Software Agents (J. Bradshow, ed.), ch. 18, pp. 437-472, MIT Press, 1997.
[14] A. Tripathi, N. Karnik, N. Vora, T. Ahmed, R. Singh, Mobile Agent Programming in Ajanta, Proc. of 19th IEEE International Conference on Distributed Computing Systems, pp. 190-197, 1999.
[15] M. Bellare, S. Goldwasser, and D. Micciancio, "Pseudo- Random Number Generation with Cryptographic Algorithms: the DSS Case, Crypto 97, LNCS 1294, pp. 1-12, Springer, 1997.
[16] T. ElGamal, "A public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, Proc. of Crypto -84, LNCS 196, pp. 10-18, 1984.
[17] Common Vulnerability Exposure (CVE) http://cve.mitre.org/.
[18] TG: Traffic Generator, http://www.postel.org/services.html.