D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko,

Slides:

Advertisements

Similar presentations

By Olga Gelbart Mobile Agents By Olga Gelbart

Advertisements

Mobile Agents Mouse House Creative Technologies Mike OBrien.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Multimedia Services based on Mobile Agent

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Decentralized Information Spaces for Composition and Unification of Services (DISCUS)  Successor to OzWeb  Builds on WebServices  (Relatively) Static.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

Distributed Process Implementation Hima Mandava. OUTLINE Logical Model Of Local And Remote Processes Application scenarios Remote Service Remote Execution.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Masud Hasan Secue VS Hushmail Project 2.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Secure Socket Layer (SSL)

1 Security and Agent Based Computing Environment Presented by: Feng Zhang, Markus Kaiser, Hien Nguyen, and Shu Wang.

World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Mobile Agents Babak Esfandiari. Types of Applications Dynamic load balancing. Dynamic service deployment. Intermittently connected systems.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.

Mobile Agents For Mobile Computing Department Of Computer Science – Dartmouth College Robert Gray David Kotz Saurab Nog Daniela Rus George Cybenko.

CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.

Information Security in Distributed Systems Distributed Systems1.

Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Wireless and Mobile Security

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Dispatching Java agents to user for data extraction from third party web sites Alex Roque F.I.U. HPDRC.

Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.

Chapter 9 Networking & Distributed Security (Part C)

Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.

Fall 2006CS 395: Computer Security1 Key Management.

INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Key management issues in PGP

ELECTRONIC MAIL SECURITY

Processes Chapter 3.

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

ELECTRONIC MAIL SECURITY

D’Agents: A Mobile-Agent System

Processes Chapter 3.

Processes Chapter 3.

Presentation transcript:

D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko, Daniela Rus Dartmouth College, Hanover, New Hampshire, USA published in 1998 Presented by Haiying Tan May, 2002 COMPSCI 725 Presentation

D’Agents 2 Outline  Introduction  D’Agents  Application  Security Architecture  Authentication  Example  Conclusion

D’Agents 3 Mobile agent --- a program which –Represents a user in a heterogeneous network –Moves autonomously from machine to machine –Functions on behalf of the user Security in mobile-agent system -Protect the machine -Protect other agents -Protect the agent -Protect a group of machines Introduction Machine B Machine A Application

D’Agents 4 D‘Agents A mobile-agent system (formerly named Agent Tcl) developed by Dartmouth College, its agents can be written in Tcl, Java & Scheme. It provides simple communication facilities, and effective security. It reduces migration to a single instruction. The core system has four levels. Agents Tcl…Java Server or engine TCP/IP … D’Agents Architecture

D’Agents 5 Dynamically selected proxy site 3. Return merged and filtered results GUI on home machine Application: Information retrieval 2. Send child agents and collect partial results Machine n Machine 1...

D’Agents 6 D‘Agents Security Architecture 1. Verify digital signature 2. Accept or reject agent 3. Record owner’s identity Language interpreter Enforcement module 4. Start up interpreter 5. Resume agent execution 6. Agent tries to access a resource Resource managers 8. Manager responds with grant/deny 7. Ask resource manager for permission Incoming agentAgent server

D’Agents 7 Authentication (I)  Task involved in protecting the machine. –Agents & messages can be encrypted to avoid interception, and digitally signed to reliably identify their owner.  Two kinds of agents distinguished. –Owned agent, owner could be authenticated and is on the server’s list of authorized user. –Anonymous agent, owner could not be authenticated or is not on the server’s list of authorized users.  PGP, Pretty Good Privacy –External encryption tool for digital signatures and encryption. –PGP uses RSA, public key cryptography for authentication, and the IDEA algorithm for encryption. –An agent chooses whether to use encryption and signatures when it migrates or sends a message.

D’Agents 8 Authentication (II) Fig. Encryption for the begin, jump command Home agent_begin S0S0 E0E0 Knows E1E1 Machine A S1S1 Knows agent_jump Machine B Knows If trustsKnows S2S2 E2E2 F Yes agent_jump

D’Agents 9 Authentication (III) Fig. Encryption for the send command Machine B Machine A S1S1 E1E1 OR S2S2 E2E2 F Yes/no Weaknesses of this authentication scheme 1.Most serious problem: Multi-hop authentication problem. 2.PGP is extremely slow. 3.Cannot generate session keys for ongoing communication. 4.No automatic distribution mechanism for the public keys.

D’Agents 10 Example Agent agent = new Agent (); // create the agent agent.setSignatures (true); // turn on digital signatures agent.begin ("localhost",timeout);// register with the agent system agent.jump (engineSite,timeout); //migrate to the search engine site // interact with the search engine Message queryMessage = new Message (0, query); AgentId engineAgent = new AgentId (engineSite, "search-engine"); agent.send (engineAgent, queryMessage, timeout); ReceivedMessage resultsMessage = agent.receive (timeout); …… //Return home String homeMachine = agent.getHomeId().getMachine(); agent.jump (homeMachine); Information retrieval agent implemented in java

D’Agents 11 Conclusion D’Agents is a simple but powerful mobile- agent system –An academic system with full source available. –Good support for migration. –It protects machines from malicious agents with straightforward security model. ? Questions –What are the advantages of D’Agents authentication scheme, if using this, which kinds of threats are under control?