Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers ( H.Spafford and Diego Zamboni, Purdue University - “Intrusion detection using autonomous agents”. ( Sau-Koon Ng “Protecting mobile Agents Against Malicious Hosts”, University of Hong Kong ( Sander and Tchudin, ICSI/Berkeley "Protecting mobile Agents Against Malicious Hosts" ( hudinzSzpszSzma-security.pdf/sander98protecting.pdf) hudinzSzpszSzma-security.pdf/sander98protecting.pdf

Implementing Intrusion Detection System as a part of Adaptive middleware layer using autonomous Agent’s technology Security problems related with the Agent’s mobility 1.Agent’s operation in the hostile environment (securing agents against malicious host) 2.Malicious agents activity (securing host against malicious agents) Major Directions of Study

Intrusion Detection System – Major Requirements Adaptability Configurability Minimal system overhead Fault tolerance Subversion resistance Scalability Dynamic reconfiguration Compatibility Graceful degradation of service Why Autonomous Agents? Do we Need Mobility?

Autonomous Agents - Advantages Possibility to add/remove agents to monitor most interesting effects during certain period of time An agent can be configured specifically for the host needs where it runs - this gives possibility to implement wide range of security policies By dynamically enabling/disabling agents we can use system resources only for the tasks needed and therefore minimize system overhead We can enable cross-verification between agents to keep their integrity

With increasing amount of hosts in the system we can dynamically increase amount of agents therefore making IDS scalable If couple of agents are stopped (lets say for maintenance) other can continue working therefore allowing dynamic reconfiguration Agents can run on different platforms (like Windows NT family PCs or Sun servers) providing compatibility of IDS with different platforms If one agent accidentally stops for any reason only operation of couple of those related with it may be affected Autonomous Agents - Advantages

Example of Existing IDS Architecture AAFID Filter Autonomous Agents Autonomous Agents Autonomous Agents Transceiver Monitors GUI Can it be improved with the mobility? How?

AAFID Description Filters – platform and OS specific entities. Their purpose – extract necessary data providing therefore hardware and OS abstraction layer Autonomous Agents – in AAFID just dynamically enabled and disabled host specific threads with tight purpose (counting amount of opened connections) Transceivers – host specific entities responsible for collecting data from agents operating on current host and transferring that data to higher entities Monitors – entities which get information from different hosts, analyze it and can produce alarm in case of attack GUI – user interface

Issues: Confidentiality Integrity Mobile Agent Operation in the Hostile Environment Three types of information to protect: Static information which is not relevant for Agent’s successful operation (No Read Access, No Write Access) Static information to which Agent should have an Access (Read Only) Dynamic information, including Agent’s code (Read and Write Access)

Protection Methods Static Data – No access on intermediate hosts Asymmetrical Encryption using public & private key technology Agent carries public key of the source host (for encryption) and public keys of all nodes it visits (for integrity) Static Data – Read only Access on intermediate hosts Only Integrity can be provided with the method mentioned above Dynamic Data When attacker has complete access to the memory where the code is executed, the protection becomes more difficult and even impossible “theoretically” How can we made tampering process more difficult?

Dynamic Code Protection Methods Special type of Encryption mechanism which leaves code executable Adding noisy code in order to increase Agent’s “Entropy” and hide Agent’s real intention

Mathematical model Problem: Alice has an algorithm to compute f Bob has an input x and should compute f(x) Bob should learn nothing about f Bob should not interact with Alice during the computation of f(x)

Solution: f(x)E(f) (x) P(E(f)) (x)x Alice Bob 1. Alice encrypts f 2.Alice creates a program P(E(f)) which implements E(f) 3.Alice sends P(E(f)) to Bob 4.Bob executes P(E(f)) at x 5.Bob sends P(E(f))(x) to Alice 6.Alice decrypt P(E(f))(x) and obtains f(x)

Some Definitions Lets consider two rings – R, S and function E: R S Let’s call encryption function E - additively homomorphic if there is an efficient algorithm PLUS to compute E(x+y) from E(x) and E(y) - multiplicatively homomorphic if there is an efficient algorithm MULT to compute E(xy) from E(x) and E(y) - mixed multiplicatively homomorphic if there is an efficient algorithm MIXED-MULT to compute E(xy) from E(x) and y

Homomorphic Encryption Scheme Let E: R R be an additively and mixed multiplicatively homomorphic encryption scheme. Consider polynomial function Alice’s operation while creating P(X) for Bob: 1.Replace each coefficient by 2.In all summands replace “multiplication” operation of coefficients by with MIXED-MULT 3.Replace “addition” operation with PLUS 4.Send P to Bob

Homomorphic Encryption Scheme Operations on Bob’s host: 1.Run P on his private input and store a list 2.Produce list of summands by calling MIXED-MULT Note: according to MIXED-MULT definition and properties of E Bob gets for each summand 3.Elements of M are added by calling PLUS As the result Bob gets exactly E(p(x)) 4.Bob sends result back to Alice Alice decrypts the result simply by applying E -1 and obtains p(x)

Protecting the Host against Mobile Code General Steps: Verification Authentication Authorization Execution