research week 2009/2010 doctoral consortium

RESEARCH WEEK 2009/2010

DOCTORAL CONSORTIUM

Agent-based Security ARCHITECTURE for

Ubiquitous Computing

Submitted by: Jeetendranath Seetohul

MPhil/PhD Student

Supervisor : Prof. R.K. Subramanian

AGENDA1. Investigation of the use of mobile agents as a

technique to transport a lightweight authentication security framework on ubiquitous devices (the mechanism/framework should take into account the resources constraints of communicating entities in the ubiquitous world and consequently provide a lightweight solution).

2. Requirements for Mobile Agent Systems.3. Study of a mobile agent model and proposal

of an architecture for the security framework using mobile agents. 2

STUDY AND ANALYSIS OF MOBILE AGENT CONCEPT AND THE RELEVANCE OF ITS DEPLOYMENT ON UBIQUITOUS

NETWORKS The properties of the global ubiquitous computing

infrastructure introduce new security challenges that are not adequately addressed by existing security models and mechanisms. To start with, let us consider the security challenges that are unique to ubiquitous computing.

The problem with ubiquitous devices is their short range transmission. Therefore, any authentication server should be in within the transmission range of the client device (for e.g, a PDA). A solution to this dilemma would be the utilisation of mobile agents despatched from client platforms to perform the authentication on their behalf.

Then, by exploring the characteristics of mobile agent systems, we would determine whether the use of mobile agents to transport a security framework, would be appropriate for the ubiquitous environment.3

SECURITY CHALLENGES UNIQUE TO UBIQUITOUS COMPUTING

Dynamic and self-organizing characteristics of ubiquitous computing.

A major motivation for ubiquity is to allow ubiquitous network users to obtain a vast variety of services from a wide choice of service providers. Heterogeneous characteristics of the ubiquitous environment.

Communication with hostile, unfamiliar and untrusted entities due to the heterogeneous nature of the ubiquitous environment is inherent in ubiquitous computing.New security threats as a consequence of the deployment of new services and applications in ubiquitous computing

Collaboration amongst billions of autonomous networked entities is expected to offer enormous potential for the development of new services and applications in ubiquitous computing, but will at the same time introduce new threats and aggravate existing threats to security (and privacy). 4

Privacy and Trust Characteristics Different degrees of trust may be required for

different users and their devices to access services in ubiquitous networks. These will be reflected in the ubiquitous network record and resources to determine whether the users and their devices are authorized to access. Applications implemented must be trusted to operate correctly and have full privileges to access the network and devices’ resources.

Resource constraints in ubiquitous computing Ubiquitous computing embeds computation into the

environment as well as everyday objects, including smart artefacts (articles of trade). Such objects have limited resources and little or no processing capability.

5


Unreliability on a specific security infrastructure The size of the global ubiquitous computing

infrastructure means that security policy must encompass billions of potential collaborators. Mobile computational entities are likely to become disconnected from their home network, which requires the ability to make fully autonomous security decisions; they cannot rely on a specific security infrastructure such as certificate authorities and authorisation servers.

Although certificate authorities may be used to establish the identity of other collaborators reliably, in the environment envisaged, identity conveys no priori information about the likely behaviour of the principal. Identity alone therefore cannot be used for access control decisions, especially when all participants are virtually anonymous.

6


OVERVIEW OF MOBILE AGENT SYSTEM

Software agents are programs that act on behalf of their creators. Mobile agents are software agents that have the ability to travel from one place to another to do the work assigned to them autonomously. A mobile agent can interact with the hosts it visits and with the other agents that happen to be on those hosts at the same time.Defining an Agent

Mobile agent technology is a new paradigm of distributed computing that can replace the conventional client-server model. There is No UNIQUE definition for an agent.

An agent can be defined as an autonomous software program extending a user’s authority into cyberspace.

Mobility is an orthogonal property of agents, that is, not all agents are mobile. An agent can stay at a location and communicate with its environment through conventional means, such as remote procedure calling and messaging. Agents that do not or cannot move are called stationary agents.

A stationary agent executes only on the system on which it begins execution. If it needs information not on that system or needs to interact with an agent on another system, it typically uses a communication mechanism, such as remote procedure calling.

7

In contrast, a mobile agent is not bound to the system on which it begins execution. It is free to travel among the hosts in the network. Created in one execution environment, it can transport its state and code with it to another execution environment in the network, where it resumes execution. The term state typically means the attribute values of the agent that help it determine what to do when it resumes execution at its destination. Code in an object-oriented context means the class code necessary for an agent to execute.

Agent + Mobility = Mobile Agents

8


COMPOSITION OF AN AGENT

1. Code2. Data State3. Execution State

Migrating Code = Mobile Code

Migrating Code + Data = Mobile Object

Migrating Code + Data + Execution State = Mobile

Agent9


10

Server A Server B

Execute Code

Execute Code

Execute Code

Migrates

Migrates

Migrates

Execute Code

Execute Code

Execute Code

Returns Results

Client Client Client

Fig. 1

MAIN CHARACTERISTICS OF MOBILE AGENTS

They reduce the network load Distributed systems often rely on communication protocols

involving multiple interactions to accomplish a given task. This results in a lot of network traffic. Mobile agents allow users to package a conversation and dispatch it to a destination host where interactions take place locally. They overcome network latency

Critical real-time systems, such as robots in manufacturing processes, need to respond in real time to changes in their environments. Mobile agents offer a solution, because they can be dispatched from a central controller to act locally and execute the controller’s directions directly.They encapsulate protocols

When data is exchanged in a distributed system, each host owns the code that implements the protocols needed to properly code outgoing data and interpret incoming data. However, as protocols evolve to accommodate new requirements for efficiency or security, it is cumbersome if not impossible to upgrade protocol code properly. As a result, protocols often become a legacy problem. Mobile agents, on the other hand, can move to remote hosts to establish channels based on proprietary protocols.

11

They execute asynchronously and autonomously Mobile devices often rely on expensive or fragile network connections.

Tasks requiring a continuously open connection between a mobile device and a fixed network are probably not economically or technically feasible. To solve this problem, tasks can be embedded into mobile agents, which can then be dispatched into the network. After being dispatched, the agents become independent of the process that created them and can operate asynchronously and autonomously. They adapt dynamically

Mobile agents can sense their execution environment and react autonomously to changes. Multiple mobile agents have the unique ability of distributing themselves among the hosts in the network to maintain the optimal configuration for solving a particular problem.They are naturally heterogeneous

Network computing is fundamentally heterogeneous, often from both hardware and software perspectives. Because mobile agents are generally computer- and transport layer-independent (dependent on only their execution environments), they provide optimal conditions for seamless system integration.

They are robust and fault-tolerant Mobile agents are capable to react dynamically to unfavourable

situations and events, thus making it easier to build robust and fault tolerant distributed systems.

12

MAIN CHARACTERISTICS OF MOBILE AGENTS

APPLICATIONS THAT BENEFIT FROM THE MOBILE AGENT PARADIGM

E-commerce Personal assistance Secure brokering Telecommunication networks services Workflow applications and groupware Monitoring and notification Information dissemination Parallel processing

The advantages of using mobile code and mobile agent computing paradigms are applicable to numerous application areas.

However, more work needs to been done to verify these claims in a pervasive operational environment, such as the ubiquitous milieu. 13

MOTIVATION FOR THE INTEREST IN MOBILE AGENTS

A mobile agent has the unique ability to transport itself from one system in a network to another in the same network. This ability allows it to move to a system containing an object with which it wants to interact and then to take advantage of being in the same host or network as the object.

My interest in mobile agents is not motivated by the technology per se, but rather by the benefits agents provide for creating distributed environments. Given that tasks can be embedded into mobile agents, which can then be dispatched into the network, my proposed approach would attempt to provide a practical idea for implementing mobile authentication using a hybrid method that mixes a function composition technique and an encryption scheme.

14

REQUIREMENTS FOR MOBILE AGENT SYSTEMS

There are many technical challenges in the implementation of mobile agent systems. Most of these problems are in the structure of the computational medium, the environment the agents operate in. Servers must be designed, implemented, and deployed that not only allow mobile agents to run, but also allow them to run safely. Portability

Mobile agent code itself must be portable; when an agent arrives at a server the server needs to be able to execute that agent.Ubiquity

In order for mobile agents to be successful they need access to many different computer resources. Servers for agents must be commonplace; there needs to be a widely accepted framework for executing mobile agents deployed on many machines across the Internet. Network Communication

Mobile agents that live in the network need to be written in a language that makes network access simple. It must be easy to transfer objects across the network and to invoke methods of remote objects.

15

Server Security A major concern specific to mobile agents is the

protection of the servers running the agents. Running arbitrary programs on a machine is dangerous - a hostile program could destroy the hard drive, steal data or do all sorts of other undesirable things. This risk must be thoroughly addressed if mobile agent environments are to succeed.

Agent Security The complement of server security is agent

security: whether the agent can trust the server on which it is executing. A mobile agent might contain secret information such as proprietary data and algorithms. Worse, servers might have an incentive to subvert the computation of a visiting agent.

16


Resource Accounting If economic control and incentive are going to be factors in

the use of network-wide resources, some mechanism to account for the resources that an agent uses and a way for receiving payment for those resources is necessary. In theory these requirements are not difficult to meet. Servers can keep track of the resource usage of agents, explicitly accounting CPU, memory, bandwidth and disk usage. Digital cash systems can be used to pay for services. In practice, these technologies are not widely deployed and the overhead they impose presents an engineering challenge.

Conclusions

Creating an effective infrastructure for distributed computation is not easy. Mobile agents are a viable paradigm for thinking about access to computational resources but in order for mobile agents to succeed many technologies need to be put into place.

17


STUDY OF A MOBILE AGENT MODEL AND PROPOSAL OF AN ARCHITECTURE FOR

THE SECURITY FRAMEWORK USING MOBILE AGENTS

18

HOMEPLATFORM AGENT

NETWORK

AGENT

AGENT

PLATFORM

PLATFORM

most trusted environment for an agent

agent moves, hops among platforms

provides the computationalenvironment inwhich an agentoperates

platform from which an agent originates

One or more hosts may comprise an agent platform and an agent platform may support multiple computational environments or meeting places, where agents can interact.

Mobile Agent Architecture

Fig. 2

Home platform: platform from which an agent originates - most trusted environment for an agent.

Agent: agent moves, hops among platforms. Platform: provides the computational environment

in which an agentoperates.

One or more hosts may comprise an agent platform

and an agent platform may support multiple computational environments or meeting places, where agents can interact. 19

STUDY OF A MOBILE AGENT MODEL AND PROPOSAL OF AN ARCHITECTURE FOR

THE SECURITY FRAMEWORK USING MOBILE AGENTS

PROPOSED ARCHITECTURE FOR THE AUTHENTICATION SECURITY

FRAMEWORK

20

Database (stores the

private keys and

certificates of users)

Database (stores the

private keys and

certificates of users)

foreign visiting ubiquitous device (for e.g., PDA) joining the network

Ubiquitous device(with stationary agent)

Ubiquitous device(with stationary agent)

1.Generates a random message

2. Sign

random message

3. Sign

random message

4. read private key

5. Sign random message using the private key

6. Send

signature

7. Send

signature

8. Read public key

Fig. 3

Traditional computer applications expect a static execution environment.

Such environments imply non/slowly evolving information security and privacy threat models.

This assumption is no longer realistic in the ubiquitous world scenario, where the environment around a piece of information, contained on a device or within a communications channel, is frequently changing.

Traditional security prescribes what has to be prohibited and is thus too inflexible to cope with a constantly changing context. The increasing potential to combine devices with different capabilities and purposes leads to new security issues. 21


FRAMEWORK

Therefore, the dependence upon a specific security infrastructure such as certificate authorities and authorisation servers for the authentication process would not be appropriate for the ubiquitous context.

Consequently, for the authentication process, mobile agents could be despatched from client platforms to perform the authentication process on their behalf.

In the proposed architecture (figure 3), stationary agents (can be remotely located) require that any foreign ubiquitous device that has joined the network, to authenticate itself before communicating with other devices within the network.

A public key authentication protocol (for example one based on the Digital Signature Algorithm (DSA)) could be used during this step).

22


FRAMEWORK

Specifically, the stationary agent (located on another ubiquitous device) generates a random message (step 1 in the figure) and sends it to the foreign ubiquitous device to sign it (step 2).

The foreign ubiquitous device sends this message to its parent who signs it using the private key and sends it back to the foreign ubiquitous device (steps 3-6).

Then, the foreign ubiquitous device sends the signature to the stationary agents, who verify it using the public key of the foreign ubiquitous device’s owner (steps 7-9).

The authentication and updating process between the foreign ubiquitous device and the remote stationary agent are depicted figure 3. 23


FRAMEWORK

The random message can be generated using a cryptographic secure pseudo-random generator. The database stores the private keys and the certificates of the users. The database allows a user to access the certificates (and hence, the public keys) of other users. But it requires a password to access the private keys. So, it is a secure method to distribute the keys within a moderate size computing environment.

The despatch of “random messages” and “signatures” would be accomplished by mobile agents, which can physically travel across networks and perform tasks on devices that provide agent hosting capability. This allows processes to migrate from computer to computer and processes to split into multiple instances that execute on different machines and to return to their point of origin. The mobile agents can also migrate autonomously between different host platforms. 24


FRAMEWORK

research week 2009/2010 doctoral consortium

Documents

ubiquitous devices

ubiquitous environment

ubiquitous computingdynamic

ubiquitous world

ubiquitous computingun

ubiquitous network users

ubiquitous network record

new security challenges