Secure Mobile Agents: Techniques, Modeling and Application - PowerPoint PPT Presentation

About This Presentation
Title:

Secure Mobile Agents: Techniques, Modeling and Application

Description:

Mobility: programs can move across different machines and platforms, and run on ... execution states, therefore, they can roam around the network to perform complex ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 30
Provided by: CSE
Category:

less

Transcript and Presenter's Notes

Title: Secure Mobile Agents: Techniques, Modeling and Application


1
Secure Mobile Agents Techniques, Modeling and
Application
  • Presented by Chan Hing Wing, Anthony
  • Dec 15, 1999
  • Room 1027, SHB, CUHK

2
Introduction
  • Evolution of mobile agents
  • Security concerns of mobile agents
  • Techniques to protect mobile agents
  • Security modeling of mobile agents
  • SIAS a mobile agent application and its security
    issues
  • Conclusion and future work

3
What are Mobile Agents?
  • A form of mobile code
  • Mobility programs can move across different
    machines and platforms, and run on different host
    machines
  • Agency programs act autonomously for the their
    users / owners
  • Agents can move with different execution states,
    therefore, they can roam around the network to
    perform complex tasks

4
Mobile Code Classification
Know-how the code to execute Resources
input/output for code execution Processor
abstract machine that holds the state of
computation
Ghezzi and Vignas classification of mobile code
paradigms
5
Why Mobile Agents?
  • Seven Good Reasons for Mobile Agents (in CACM,
    March, 1999)
  • They reduce the network load
  • They overcome network latency
  • They encapsulate protocols
  • They execute asynchronously and autonomously
  • They adapt dynamically
  • They are naturally heterogeneous
  • They are robust and fault-tolerant

6
Mobile Agent Security Concerns
  • Two aspects
  • host security
  • protecting a host against malicious agents
  • protecting a host against other hosts can be done
    in traditional manner
  • agent security
  • protecting agents against malicious hosts
  • protecting agents from other agents would be easy
    if agents can be protected from malicious hosts

7
Host Security
  • Agent Integrity
  • sandboxing, run-time verification, proof-carrying
    code
  • Agent Authentication
  • digital signatures (analogy signed applets)
  • Authorization
  • access control lists
  • Allocation (against denial-of-service attack)
  • market-based mechanism

8
Agent Security
Model proposed by Fritz Hohl
  • Attacks scenarios that can be described
  • spying out and modification of the data part of
    an agent
  • spying out and modification of the code part of
    an agent
  • manipulation of the code execution sequence of an
    agent
  • manipulation of the execution environment of an
    agent

Environment
Read/manipulate
Malicious Host
(Other agents)
Read/manipulate properties control execution
System call
Agent
9
Techniques to Protect Agents
  • Three branches of solutions
  • Establishing a closed network
  • sends agent to trusted hosts only
  • effective but sacrifice system openness
  • Agent tampering detection
  • detect and recover from any tampering with agents
  • not suitable for very critical actions, for which
    detection may be too late
  • Agent tampering prevention
  • prevent agent from being tampered with
  • Not very well developed

10
Agent Tampering Prevention - Examples
  • Protected Agent States Neeran Karnik
  • Simple ideas to protect agent data
  • read-only states states of the agent are
    digitally signed by the sender
  • append-only logs information provided to agent
    is digitally signed by the info provider
  • targeted states states of the agent are
    encrypted with the public key of a targeted host,
    therefore other hosts cannot understand them

11
Another Example
  • Mobile Cryptography Tomas Sander
  • protect the code part of an agent
  • proved to be applicable to polynomial functions
    only, for the time being

Alice asks Bob sends agent to Bob to calculate
f(x) for her
Alice s function f
(1)
P(E(f))
(2)
P(E(f))
key
Bobs input x
E(f(x))
P(E-1)
(3)
f(x)
(4)
Alice
Bob
12
Security Model for Mobile Agents
Host 2
Host n
Host 1
Agent

The agent stay at host i for a time period
ti Assume independent, exponential, distribution
of time-to-breach (Jonssons experiment) at each
host i, i.e., P(breach at host i) 1 -
exp(-?iti), for i 1 to n where ?i vki is a
constant v index of vulnerability ki index of
malice
13
Proposed Security Model (contd)
Security of system P(no breach at all
hosts) exp(-?1t1)exp(-?2t2)...exp(-?ntn),
A Possible Application of the model Assume we
can estimate ?i for each i from 1 to n, then we
can determine the upper limits of time to stay on
each host i (a set of values of ti) for the agent
to become free of breach at a certain probability
(ref time-limited black-box)
14
Problems of the model
  • The validity of the assumption of exponential
    distribution of attacker behavior should be
    questioned
  • Even though the assumption is valid, it seems
    difficult to give estimates to the indices of
    malice (ki) and vulnerabilities (v)

15
SIAS Shopping Information Agent System
  • An experiment with mobile agent applications
  • Collaboration with two undergraduate students
  • Users send agents to query prices in an
    electronic marketplace
  • System is built using Java, and the Concordia
    mobile agent toolkit from Mitsubishi

16
SIAS System Control Flow
17
SIAS Agent Properties
  • An agent in SIAS carries three properties
  • list of product Ids (Id-list)
  • products of which prices are to be queried
  • list of product quantities (Q-list)
  • quantities of products at which price are to be
    queried
  • list of product entries (E-list)
  • information returned to agents from hosts in the
    marketplace

18
SIAS Security Problems
  • Modification of the Id-list and Q-list
  • Malicious host may modify the products and
    quantities to be queried in its favor
  • Spying out and modification of the E-list
  • Malicious host may spy out and modify the price
    information collected by an agent from a
    competing host
  • Modification of the itinerary of an agent
  • Malicious host may simply send agent to other
    hosts, or directly back to sender, skipping
    competing hosts

19
SIAS Security Enhancements
- Product ID list changed to Product ID
listsigA(Product ID list) - Product Quantity
list changed to Product Quantity
listsigA(Product Quantity list) - Query
result changed to DA(Query resultsigH(Query
result)) - New attribute (chain of encrypted
itineraries) EHN(EH(N-1)(EH2(EH1(Itinerary at
Host 1) Itinerary at Host 2) Itinerary at
Host N-1) Itinerary at Host N) Key A agent H
host H(k) k-th host visited by the
agent sigX(Y) digital signature of Y using the
private key of X EX(Y) the ciphertext of Y
encrypted by the private key of X DX(Y)
ciphertext of Y encrypted by the public key of X.
20
SIAS Control Flow with Security
21
SIAS Evaluation of Security Enhancements
  • Assume the key server, key generation, and the
    communication channel are secure
  • Since the enhancements are based on cryptographic
    techniques, protection to the agent properties is
    provable

22
SIAS Performance Evaluation
SIAS without security measures
23
SIAS with security measures implemented
24
SIAS with a malicious host trying to modify
product list of agent
25
SIAS with a malicious host trying to modify the
itinerary of agent
26
Conclusion
  • Mobile agents as an emerging paradigm to
    substitute/complement client/server
  • Mobile agent security needs particular attention
  • Some agent protection techniques have been
    introduced
  • A model is proposed for evaluating security of
    mobile agent systems, with application and
    problems discussed
  • An experiment (SIAS) carried out with security
    and performance evaluation

27
Future Work
  • Conduct experiment to test and evaluate different
    protection methods of mobile agents, e.g., mobile
    cryptography
  • Explore both cryptographic and non-cryptographic
    security mechanisms to protect mobile agents
  • Scale up SIAS, with further security enhancements

28
Questions and Answers
29
The End
Write a Comment
User Comments (0)
About PowerShow.com