MagicNET: Security Architecture for Discovery and Adoptionof Mobile Agents

Presented By Mr. Muhammad Awais Shibli

Presentation Overview 1. Background

2. Mobile Agents

3. System Components

4. Roles in the Proposed System

5. Components of the System

6. Operations of the System

7. Conclusion

Mobile Agents

Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam a network, moving autonomously from one server to another, perform their designated tasks, and finally, eventually, return to their control station.

Background

Wider Adoption of Mobile Agents Security Solutions

– Platform– Agent

Still Problem !!!!

Secure Adoption – Experimental envirnoment– Close Envirnoment

System Components

MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH.

MagicNET provide complete infrastructural and functional component for secure mobile agent research and development.

It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

Roles in the Proposed System

Mobile Agent Author Mobile Agent Registrar Mobile Agent Manager (User)

Components of the System

Services Registration Station MagicNET Management Servers UDDI Server Agents Factory

UDDI Server

The UDDI (Universal Description, Discovery and Integration) Server provides the standard role of UDDI, as specified by OASIS.

UDDI Server --implemented using open source project JUDDI

Integrated into the WSO2 WSAS secure application server, so that Mobile Agent Registrar (publisher) can use HTTPS SSL/TLS for authentication.

Apache Rampart

Apache Rampart: Apache Rampart is the security module of Apache Axix2. It implements various Web services security specifications.

Rampart eliminates security related threats at the message level. It provides protection against message alteration, confidentiality, man-in-the-middle attack, spoofing, DOS and reply attack.

Operations of the System

Entities Authentication(FIPS-196) Agent Service Registration Agents Adoption

Agent Service Registration

Mobile agent Registrar authentication with agent factory

Fetches List of agents WSD from Agent Authors (current

implementation) Publish with UDDI Server

Agents Adoption

Mobile agent Manager authentication with Agent Factory (optional, using SA)

Published agents & Select Agent WSD obtained , auto generate client,

connect to the web Server and reteive the agent.

Message level security(X509 Rampart default scenario 2)

Conclusion and Future Directions

Agent Automatically publish services (Security issues.)

Discovery by other agents and adoption dynamically.

Questions ???

Strong Authentication Step 1: SR send hello message to Agent Factory along with its

certificate (Digital and Non Repudiation Certificate). Step 2: Agent Factory will calculate challenge ChAF concatenate with

originator and receiver ID and send to SR. Step 3: SR then calculates challenge ChSR concatenate with ChAF ,

then create hash of it and sign it and finally send to Agent Factory. Agent Factory also concatenate two challenges received calculates

hash and then compare with the hash received from SR. If both hashes are same Agent Factory, concatenate both challenges

then calculate hash and sign it, attach its certificate (digital and non-repudiation) and send to SR.

SR then send keyEnchipherment certificate to Agent Factory and then Agent Factory send its keyEnchipherment certificate to SA.