Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy.

Slides:

Advertisements

Similar presentations

Secure Mobile IP Communication

Advertisements

AUTHENTICATION AND KEY DISTRIBUTION

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

P. Bellavista, A. Corradi, C. Stefanelli - ISADS'99 - Tokyo, 22 March A Secure and Open Mobile Agent (SOMA) Programming Environment Paolo Bellavista,

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael Date :

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Network Security Sorina Persa Group 3250 Group 3250.

SSH Secure Login Connections over the Internet

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Securing AODV Routing Protocol in Mobile Ad-hoc Networks Phung Huu Phu, Myeongjae Yi, and Myung-Kyun Kim Network-based Automation Research Center and School.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of Network Resources and Services Paolo Bellavista, Antonio.

CSC8320. Outline Content from the book Recent Work Future Work.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Network security Network security. Look at the surroundings before you leap.

WEP Protocol Weaknesses and Vulnerabilities

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security David Lazăr.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Presented by: Sanketh Beerabbi University of Central Florida.

4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,

Wireless Network Security. How Does Wireless Differ? Wireless networks are inherently insecure because data is transmitted over a very insecure medium,

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Computer Security By Duncan Hall.

Network Security Celia Li Computer Science and Engineering York University.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Security Outline Encryption Algorithms Authentication Protocols

Seraphim : A Security Architecture for Active Networks

Message Digest Cryptographic checksum One-way function Relevance

Advanced Computer Networks

Security in SDR & cognitive radio

Presentation transcript:

Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy Cesare Stefanelli University of Ferrara - Italy

Outline Mobile Agents in E-commerce Applications Security Issues and Research Challenges Approaches to Mobile Agents Integrity: –centralized vs. distributed solutions The Multiple-Hops Integrity Protocol in SOMA a Secure and Open Mobile Agent System Conclusions and Future Work

Why Mobile Agents in E-commerce? MA-based E-commerce Application Scenarios: information gathering and filtering buying electronic marketplace Intrinsic Pros: autonomy easy personalization better network utilization better support for mobile users but SECURITY is a crucial issue for wider acceptance of MA technology

An E-commerce Application Example A shopping mobile agent is dispatched in order to find the most convenient offer for a flight ticket. Two possible scenarios: information gathering the shopping agent returns the best collected offer for the flight back to its owner. buying the shopping agent books and pays when it finds the best flight on behalf of its owner

Security Issues Protection of Hosts against Malicious Agents Protection of Agents –against Malicious Hosts –over insecure networks Possible Attacks: unauthorized access resource corruption denial of service Approaches: sandboxing and its evolution proof carrying code safe programming languages

Challenging Issue: Protection of Agents against Malicious Hosts Possible Attacks: code/state spying code/state manipulation (tanpering and/or deletion) denial of execution ……. Need to achieve: integrity secrecy integrity secrecy of agent code of agent state Approaches: Prevention –necessary in a buying scenario Detection –necessary to assure the trustworthiness of agent’s state (i.e. results)

SOMA support to E-commerce Applications Place Agent execution environment It generally models a physical node Mobile Agent Default Place A default place acts as a gateway for interdomain routing. It generally models a physical LAN Default Place Place2 Place1 Default Place Place2 Place3 SOMA Domain managed by Company X Place1 SOMA Domain managed by Company Y Place2 Default Place Place1 SOMA Domain managed by Company Z

Protection of Hosts against Malicious Agents in SOMA JDK1.2 Security Framework Entrust PKI for key management

Protection of Agents against Malicious Hosts in SOMA Our Goal : provide a distributed solution agent autonomy is guaranteed better performance is achieved Detection Approaches: centralized solution (Trusted Third Party) distributed solution

Assumptions: competitive e-commerce scenarios dynamic list of Electronic Service Provider (ESP) only a certain percentage of ESPs visited by one agent might be malicious The Multiple-Hops (MH) Integrity Protocol (1.)

The MH Protocol (2.) Definitions: agent composed of three parts: –Code and Initialization Data –Application Data (AD). AD contains the data collected by the agent in its visit to different ESPs –Protocol Data (PD). PD holds the additional information needed to support the MH protocol a Message Integrity Codes (MIC) for mobile agents integrity Code ADPD State AD = Application Data PD = Protocol Data

The MH Protocol (3.) Description: each site must provide a short proof of the agent computation: MIC i each proof is cryptographically linked with the ones computed at the previous sites => chaining relation between the proofs MIC i =h(..,.., MIC i-1 ) the integrity of the “chain” of cryptographic proofs is verified by the Sender at agent return back

The MH Protocol (4.) P 0 (Sender) CodeADPD State AD = Application Data PD = Protocol Data C 1 =h(C) secret for P 1 EC 1 = C 1 encrypted P1P1 EC 1 decrypted = C 1 C 2 =h(C 1 ) secret for P 2 EC 2 =C 2 encrypted MIC 1 = h(D 1, C 1 ) CodeAD void PD EC 1 CodeAD D 1 PD EC 2, MIC 1 P2P2 EC 2 decrypted = C 2 C 3 =h(C 2 ) secret for P 3 EC 3 =C 3 encrypted MIC 2 = h(D 2, C 2, MIC 1 ) CodeAD D 1,D 2 PD EC 3, MIC 2 PNPN ……… ……...

EXECUTION COST T TOT-INT = N(T HASH + T MIC + T DECRYPT + T CRYPT )  NT MIC T SENDER = N (T HASH +T MIC )  NT MIC TRANSMISSION COST T TX = T CIDTX + T ADTX + T PDTX =  D CID +  D AD +  D PD The MH Protocol Performance

Conclusions and Future Work overcome current drawbacks MH works properly only with the 'visit-once' assumption. Each intermediate ESP must host the agent only once. development of other integrity protocols (TTP) to obtain an integrated tool a realization of a MA-based electronic marketplace SOMA is available from: