magicnet: security system for protection of mobile agents
DESCRIPTION
MagicNET: Security System for Protection of Mobile Agents. Presentation Overview. Mobile Agents NIST Background Research Problem Solution Conclusion. Mobile Agents. - PowerPoint PPT PresentationTRANSCRIPT
MagicNET: Security System for Protection of Mobile Agents
Presentation Overview
1. Mobile Agents
2. NIST
3. Background
4. Research Problem
5. Solution
6. Conclusion
Mobile Agents
Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam in a network, moving autonomously from one server to another, performing their designated tasks, and finally, returning eventually to their control station.
Security Threats- NIST-1998
There are four kind of threats, as per NIST.
– Agent to Platform
– Agent to Agent
– Platform to Agent
– Other to Agent Platform
This paper covers ‘Platform to Agent’ Threat. Threats, covered are:
Security Threats- NIST-1998 cont…- Unauthorized Access: An unauthorized Mobile Agent
Platform shouldn’t be able to access either data or code of an Agent.
- Eavesdropping: An unauthorized Mobile Agent Platform shouldn’t be able eavesdrop on sensitive data carried by a Mobile Agent.
- Alteration: An unauthorized Mobile Agent Platform shouldn’t be able to alter sensitive data, carried by a Mobile Agent.
Traditional Solution
Previously, for code Security, code obfuscation and code scrambling techniques were used.
For data baggage security, data was encrypted with Agent Owner’s public key.
Research Problem..
There is no comprehensive solution that provides security to Mobile Agent’s Code from an untrusted Agent Platform, and provides secrurity from an Unauthorized Mobile Agent Platfrom to the sensitive data carried by a Mobile Agent, in a flexible way.
Solution ??
Provides Mobile Agent Code Security using PKCS7
Providing a flexible mechanism to secure Mobile Agents’ data baggage in such a way that multiple authorized platform in the route can view the desired data, but none of the unauthorized can.
Standards Used..
XACML(eXtensible Access Control Markup Language): A standard way to handle access control policy definition strategies and security Configurations.
SAML ( Security Assertion Markup Language): Based on security assertions transferred, it provides a standardized way to exchange authentication and authorization data.
MagicNET System Components
MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH.
MagicNET provide complete infrastructural and functional component for secure mobile agent research and development.
It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.
Mobile Agent Code Security
Mobile Agent code security is achieved using PKCS7 standard. Once an Agent Owner wishes to launch a Mobile Agent in a network, it uses PKCS7 signandEnvelope mechanism : it first signs the Agent and then Envelopes it with Recepient Node’s public keys.
Data Baggage Security
For the data baggage security, this paper uses KDS (Key Distribution Server), XACML and SAML standards.
If a Mobile Agent Platform wishes to secure its data contribution, then it sends a Key generation request to KDS. KDS authenticates the Platform from PDP(Policy Decision Point) and returns a new encryption key, which is then used by the Agent Platform to encrypt its data.
Data Baggage Security cont…
For the Agent Platform, which wishes to view data of Mobile Agent contributed by a previous Agent Platform in route, then the flow will be somewhat like this :
The Agent Platform will send a data decryption key request to KDS, KDS will send an Authorization request to PDP and PDP will check in the policy file, if the Agent Platform has the access or not. Upon positive authorization assertion, KDS sends the desired decryption keys to the Agent Platform and it decrypts the Data.
Conclusion and Future work
In this paper we have described a comprehensive solution for mobile agents and protection of their baggage. Our solution is based on a protective approach, in which integrity of the mobile agents’ code is preserved along with confidentiality during execution. Our approach also supports confidentiality of mobile agents’ data from unauthorized reading and/or access by agent platforms. Finally, it also supports exchange of confidential mobile agents processing data (baggage) among agent platforms.
Questions ???