A security architecture for protecting dynamic components of mobile agents
Yao, Ming (2004) A security architecture for protecting dynamic components of mobile agents. PhD thesis, Queensland University of Technology.
New techniques,languages and paradigms have facilitated the creation of distributed applications in several areas. Perhaps the most promising paradigm is the one that incorporates the mobile agent concept. A mobile agent in a large scale network can be viewed as a software program that travels through a heterogeneous network, crossing various security domains and executing autonomously in its destination.
Mobile agent technology extends the traditional network communication model by including mobile processes, which can autonomously migrate to new remote servers. This basic idea results in numerous benefits including flexible, dynamic
customisation of the behavior of clients and servers and robust interaction over unreliable networks.
In spite of its advantages, widespread adoption of the mobile agent paradigm is being delayed due to various security concerns. Currently available mechanisms for reducing the security risks of this technology do not e±ciently cover all the existing threats.
Due to the characteristics of the mobile agent paradigm and the threats to which it is exposed, security mechanisms must be designed to protect both agent hosting servers and agents. Protection to agent-hosting servers' security is a reasonably well researched issue, and many viable mechanisms have been developed to address it. Protecting agents is technically more challenging and solutions to do so are far less developed. The primary added complication is that, as an agent traverses multiple servers that are trusted to different degrees, the agent's owner has no control over the behaviors of the agent-hosting servers. Consequently the
hosting servers can subvert the computation of the passing agent. Since it is infeasible to enforce the remote servers to enact the security policy that may prevent the server from corrupting agent's data, cryptographic mechanisms defined by the agent's owner may be one of the feasible solutions to protect agent's data.Hence the focus of this thesis is the development and deployment of cryptographic
mechanisms for securing mobile agents in an open environment.
Firstly, requirements for securing mobile agents' data are presented. For a sound mobile agent application, the data in an agent that is collected from each visiting server must be provided integrity. In some applications where servers intend to keep anonymous and will reveal their identities only under certain cir-
cumstances, privacy is also necessitated.
Aimed at these properties, four new schemes are designed to achieve different security levels: two schemes direct at preserving integrity for the agent's data, the other two focus on attaining data privacy.
There are four new security techniques designed to support these new schemes. The first one is joint keys to discourage two servers from colluding to forge a victim server's signature. The second one is recoverable key commitment to enable detection of any illegal operation of hosting servers on an agent's data. The third
one is conditionally anonymous digital signature schemes, utilising anonymous public-key certificates, to allow any server to digitally sign a document without leaking its identity. The fourth one is servers' pseudonyms that are analogues of identities, to enable servers to be recognised as legitimate servers while their identities remain unknown to anyone. Pseudonyms can be deanonymised with the assistance of authorities. Apart from these new techniques, other mechanisms such as hash chaining relationship and mandatory verification process are adopted in the new schemes.
To enable the inter-operability of these mechanisms, a security architecture is therefore developed to integrate compatible techniques to provide a generic solution for securing an agent's data. The architecture can be used independently of the particular mobile agent application under consideration. It can be used for guiding and supporting developers in the analysis of security issues during the design and implementation of services and applications based on mobile agents technology.
Impact and interest:
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||QUT Thesis (PhD)|
|Supervisor:||Foo, Ernest, Dawson, Edward, & Roe, Paul|
|Keywords:||Mobile agents, offer integrity, offer privacy, forward integrity, security architecture, modification attack, insertion attack, colluding servers attack, truncation attack, stemming attack, interleaving attack, hash chaining relationship, recoverable key commitment, joint keys.|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology|
Past > Schools > School of Software Engineering & Data Communications
|Department:||Faculty of Information Technology|
|Institution:||Queensland University of Technology|
|Copyright Owner:||Copyright Ming Yao|
|Deposited On:||03 Dec 2008 13:52|
|Last Modified:||29 Oct 2011 05:40|
Repository Staff Only: item control page