Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Selected Problems on Mobile Agent Communication

Selected Problems on Mobile Agent Communication

Ratings: (0)|Views: 10 |Likes:
Published by ijcsis
Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can transfer its execution from agent to agent masquerading itself as the original source of message. The use of mobile code has a long history dating back to the use of remote job entry systems in the 1960's. Today's agent incarnations can be characterized in a number of ways ranging from simple distributed objects to highly secured software with algorithm that can only be interpreted by only the sender and the receiver. As the sophistication of mobile software has increased over time, so too have the associated threats to security. This paper studies masquerading as one of these threats and provide appropriate solution in form of algorithm.
Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can transfer its execution from agent to agent masquerading itself as the original source of message. The use of mobile code has a long history dating back to the use of remote job entry systems in the 1960's. Today's agent incarnations can be characterized in a number of ways ranging from simple distributed objects to highly secured software with algorithm that can only be interpreted by only the sender and the receiver. As the sophistication of mobile software has increased over time, so too have the associated threats to security. This paper studies masquerading as one of these threats and provide appropriate solution in form of algorithm.

More info:

Published by: ijcsis on Jul 07, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/07/2011

pdf

text

original

 
Selected Problems On Mobile AgentCommunication
Adekunle, Yinka A.
1
and Sola S. Maitanmi
2
 
1,
2
 Department of Computer Science & Mathematics, Babcock University, Ilisan Remo, Ogun State, Nigeria
 .
adekunleya@gmail.com
1
maitanmi@yahoo.com
2
 
 Abstract - Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can transfer its execution from agent to agent masquerading itself as the original source of message. The use of mobile code has a long history dating back to the use of remote job entry systems in the1960's. Today's agent incarnations can be characterized in a number of ways ranging from simple distributed objects to highly secured software with algorithm that can only be interpreted by only the sender and the receiver. As the sophistication of mobile software has increased over time, so too have the associated threats to security. This paper studies masquerading as one of these threats and provide appropriate solution in form of algorithm.
Keywords
: Mobile agent, masquerading, encryption and decryption.
1 IntroductionA mobile agent is a program which can migrate from onemachine to another, performing useful action, under its owncontrol. It has been the subject of much attention in the lastfew years due to its advantage in accessing distributedresumes in a low-bandwidth network. One of the instanceswhere a mobile agent can be very effective is in a client/server model. In a client/server model, a client may need access to ahuge database on a server. This requires a large amount of data transmission over the network and may significantlywaste bandwidth if the data transferred is not useful at theclient side.In addition, one definition term `agent' means thoserelatively simple, client-based software applications that canassist users in performing regular tasks such as sorting e-mailsor downloading Web pages from the Web, etc [2]. This classof agents is often referred to as `personal assistant' agents. Atthe other end of the scale is the concept of sophisticatedsoftware entities possessing artificial intelligence thatautonomously travel through a network environment andmake complex decisions on the user's behalf. Our definitiontherefore is the following: a mobile agent is a program thatacts on behalf of a user or another program and is able tomigrate from host to host on a network under its own control.The agent chooses when and to where it will migrate and mayinterrupt
 
its own execution and continue elsewhere on thenetwork. The agent returns results and messages in anasynchronous fashion [1]Alternatively, the agent may send itself to another intermediate node and take its partial results with it. Resultsare delivered back to the user whose address the agent knows.Today the most common way of implementing distributedapplications is through the client-server paradigm. In thismodel, an operation is split into two parts across a network,with the client making requests from a user machine to aserver which services the requests on a large, centralizedsystem. A protocol is agreed upon and both the client andserver are programmed to implement it. A network connectionis established between them and the protocol is carried out.However the client-server paradigm breaks down under situations dealing with highly distributed problems, slowand/or poor quality network connections, and especially in themaintenance of constantly changing applications. In a systemwith a single central server and numerous clients, there is a problem of scalability. When multiple servers becomeinvolved, the scaling problems multiply rapidly, as each clientmust manage and maintain connections with multiple servers.The use of two-tier systems or proxies only moves this problem to the network. It does not eliminate the basic problem. With client- server technology there comes a needfor good quality network connections. First, the client needs toconnect reliably to its server because only by setting up andmaintaining the connection may it be authenticated and besecure. Second, the client needs to be assured of a correctresponse, since a server can crash anytime between processingthe request and sending back the reply.Third, it needs good bandwidth since, due to its verynature; client/server must copy data across the network.Finally, the protocol which a client and a server agree upon is by its very nature specialized and static [15]2
Problems of Mobile Agents
Three problems were identified: problems stemming froman agent attacking an agent platform, an agent platformattacking an agent, an agent attacking another agent on theagent platform, and other entities attacking the agent system.The last category covers the cases of an agent attacking anagent on another agent platform, and of an agent platformattacking another platform, since these attacks are primarilyfocused on the communications capability of the platform toexploit potential vulnerabilities.
2.1 Masquerade
When an unauthorized agent claims the identity of another agent it is said to be masquerading. The masquerading
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011235http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
agent may pose as an authorized agent in an effort to gainaccess to services and resources to which it is not entitled. Themasquerading agent may also pose as another unauthorizedagent in an effort to shift the blame for any actions for whichit does not want to be held accountable. A masquerading agentmay damage the trust the legitimate agent has established inan agent community and its associated reputation.Masquerading may take the following forms [9]:
2.1.1 Agent-to-Platform
The agent-to-platform category represents the set of  problems in which agents exploit security weaknesses of anagent platform or launch attacks against an agent platform.This set of problems includes masquerading, denial of serviceand unauthorized access.
2.1.2 Agent-to-Agent 
The agent-to-agent category represents the set of problems inwhich agents exploit security weaknesses of other agents or launch attacks against other agents. This set of problemsincludes masquerading, unauthorized access, denial of serviceand repudiation. Many agent platform components are alsoagents themselves. These platform agents provide system-level services such as directory services and inter-platformcommunication services. Some agent platforms allow directinter-platform agent-to-agent communication, while othersrequire all incoming and outgoing messages to go through a platform communication agent.
2.1.3 Platform-to-Agent 
The platform-to-agent category represents the set of problemsin which platforms compromise the security of agents. Theseset of problems includes masquerading, denial of service,eavesdropping, and alteration.
3 Algorithm used for the Encryption and Decryption3.1 RSA Algorithm
According to [8] Rivest, Shamir and Adleman is the most popular public key algorithm. There are two general types of key-based algorithms. Symmetric and public-key. Symmetricalgorithms, sometimes called conventional algorithms arealgorithms where the encryption key can be calculated fromthe decryption key and vice versa. In most symmetricalgorithms, the encryption key and decryption key are thesame. In public-key algorithm which is also called asymmetricalgorithm are designed so that the key used for encryption isdifferent from the key used for decryption. Furthermore, thedecryption key cannot be calculated from the encryption key.The algorithms are called “public key” because the encryptionkey can be made public.Mathematical notationsM representing messageP representing plaintextC representing ciphertextE encryption functionD decryption functionH HeadK keyT TailE(M)= C the encryption function E operates on M to produceCD(C)= M In the reverse process, the decryption function Doperates on C to produce M (original text message)
 
Fig. 1. Encryption and Decryption
Since the whole point of encrypting and decrypting a messageis to recover the original plain text, the following assumptionmust hold:D(E(M))= M[M, K, C, E, (.,.), D(.,.)]E:MxK --------------> C encryption functionD:Cx K--------------->M decryption functionThe subscript K can be introduced for the security message by both the sender and the receiver to give:E
(M)= CD
(C )= MD
(E
(M))= MFig. 2. Encryption and decryption with an authenticationkeyExamples of RSA AlgorithmIn vegenere Cipher, the key consist of a string of K letters.These are written repeatedly below the message (from whichall spaces have been removed). The message is then encrypteda letter at a time by adding the message and key letterstogether, working mode 26 with the letters taking values A=0,to Z=25.For example if the key is the three letter sequence KEY thenthe messageM= THISISTHEMESSAGE Is encrypted usingK= KEYKEYKEYKEYKEYK To give the ciphertext
 
PlaintextCyphertextOriginal textEncryptioDecryptionKeyEncryptionDecryptionPlaintexOriginal textKeyKeyCyphertext
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011236http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 C= DPGCOQDPCESQCWEMUsing the function f(c) = (m + k) mod 26While to decrypt back to the plaintext we use theinverse of the above functionUsing Zn
{0,1,2,3}F(c) = Y
M+K mod 26Y
x mod nY
min
= {x + kn}Y = {M+K + 26q}Such that q € Z while Y must be the smallest positiveelement that q can produce.Suppose from the above analysis M=T and K= K T = 19, K= 10 => T+ K = 19Y = {29+ 26q} = {-23, 3, 29,…}Y= 3To get the inverse (M)Y= M + K mod 26Y= M+ K + 26qY-M-K= 26qM= (Y-K) + 26q
(Y-K) mod 26M= (3-10) mod 26-7 mod 26M= -7 + 26q i.e (-33, -7, 19,…,)M= 193.2 Software DocumentationFig. 3 Mobile Agent homepageThis software is the output of the above sample visual basiccodes. This is written to encrypt your documents or files to provide the best security that your documents need so as tosolve the problem of masquerading explained above.Mobile Agent is just the name we given to the program as itmoves from one computer to another. Mobile Agent is asecurity software application that enables you to securestore your data on your computer using strong encryptionand safely communicate with other users of agentcommunication via Local Area Network.EncryptionYou can also encrypt several files at the same time andencrypt the listed files with a password. Files can also bestored in an archive and be encrypted at a later time if auser is not ready to encrypt the files on the list.DecryptionUsers can not encrypt without decrypting unless thefile/document is no longer in use. This feature enables you todecrypt files that have already been encrypted with theENCRYPT FILES feature. However, you can only decrypt afile at a time.4.0
 Advantages of Mobile Agents
i.
 
Disconnected operation
 
Short “On-Line” times
 
Low-power requirements
 
Support for mobile unitsii.
 
Low-latency interaction
4.1 Applications of Mobile Agents
Information RetrievalMobile agents reduce network bandwidth which depends on;
 
Quantity of information searched
 
Quantity of information retrieved
 
Size of mobile agent
 
Monitoring
o
 
Computer programs can be very patient
 
Remote Control
 
Dynamic Systems
o
 
Universal servers
 
Active Mail
o
 
Send executable content as email
4.2 Challenges of Mobile Agents
Security IssuesProtecting network communicationProtecting hosts from agentsIllegal accessDenial of serviceProtecting agents from hostsSystem-wide Administration / ManagementTracking / VisualizationAccess to non-mobile resources Network endpoints
5 Future Trends
Thearea of mobile agent security is still in a somewhatimmature state. The traditional host orientation toward
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011237http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->