Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy.

Published byChristiana Rassel Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy."— Presentation transcript:

1 Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, rmontanari}@deis.unibo.it University of Bologna - Italy Cesare Stefanelli cstefanelli@ing.unife.it University of Ferrara - Italy

2 Outline Mobile Agents in E-commerce Applications Security Issues and Research Challenges Approaches to Mobile Agents Integrity: –centralized vs. distributed solutions The Multiple-Hops Integrity Protocol in SOMA a Secure and Open Mobile Agent System Conclusions and Future Work

3 Why Mobile Agents in E-commerce? MA-based E-commerce Application Scenarios: information gathering and filtering buying electronic marketplace Intrinsic Pros: autonomy easy personalization better network utilization better support for mobile users but SECURITY is a crucial issue for wider acceptance of MA technology

4 An E-commerce Application Example A shopping mobile agent is dispatched in order to find the most convenient offer for a flight ticket. Two possible scenarios: information gathering the shopping agent returns the best collected offer for the flight back to its owner. buying the shopping agent books and pays when it finds the best flight on behalf of its owner

5 Security Issues Protection of Hosts against Malicious Agents Protection of Agents –against Malicious Hosts –over insecure networks Possible Attacks: unauthorized access resource corruption denial of service Approaches: sandboxing and its evolution proof carrying code safe programming languages

6 Challenging Issue: Protection of Agents against Malicious Hosts Possible Attacks: code/state spying code/state manipulation (tanpering and/or deletion) denial of execution ……. Need to achieve: integrity secrecy integrity secrecy of agent code of agent state Approaches: Prevention –necessary in a buying scenario Detection –necessary to assure the trustworthiness of agent’s state (i.e. results)

7 SOMA support to E-commerce Applications Place Agent execution environment It generally models a physical node Mobile Agent Default Place A default place acts as a gateway for interdomain routing. It generally models a physical LAN Default Place Place2 Place1 Default Place Place2 Place3 SOMA Domain managed by Company X Place1 SOMA Domain managed by Company Y Place2 Default Place Place1 SOMA Domain managed by Company Z

8 Protection of Hosts against Malicious Agents in SOMA JDK1.2 Security Framework Entrust PKI for key management

9 Protection of Agents against Malicious Hosts in SOMA Our Goal : provide a distributed solution agent autonomy is guaranteed better performance is achieved Detection Approaches: centralized solution (Trusted Third Party) distributed solution

10 Assumptions: competitive e-commerce scenarios dynamic list of Electronic Service Provider (ESP) only a certain percentage of ESPs visited by one agent might be malicious The Multiple-Hops (MH) Integrity Protocol (1.)

11 The MH Protocol (2.) Definitions: agent composed of three parts: –Code and Initialization Data –Application Data (AD). AD contains the data collected by the agent in its visit to different ESPs –Protocol Data (PD). PD holds the additional information needed to support the MH protocol a Message Integrity Codes (MIC) for mobile agents integrity Code ADPD State AD = Application Data PD = Protocol Data

12 The MH Protocol (3.) Description: each site must provide a short proof of the agent computation: MIC i each proof is cryptographically linked with the ones computed at the previous sites => chaining relation between the proofs MIC i =h(..,.., MIC i-1 ) the integrity of the “chain” of cryptographic proofs is verified by the Sender at agent return back

13 The MH Protocol (4.) P 0 (Sender) CodeADPD State AD = Application Data PD = Protocol Data C 1 =h(C) secret for P 1 EC 1 = C 1 encrypted P1P1 EC 1 decrypted = C 1 C 2 =h(C 1 ) secret for P 2 EC 2 =C 2 encrypted MIC 1 = h(D 1, C 1 ) CodeAD void PD EC 1 CodeAD D 1 PD EC 2, MIC 1 P2P2 EC 2 decrypted = C 2 C 3 =h(C 2 ) secret for P 3 EC 3 =C 3 encrypted MIC 2 = h(D 2, C 2, MIC 1 ) CodeAD D 1,D 2 PD EC 3, MIC 2 PNPN ……… ……...

14 EXECUTION COST T TOT-INT = N(T HASH + T MIC + T DECRYPT + T CRYPT )  NT MIC T SENDER = N (T HASH +T MIC )  NT MIC TRANSMISSION COST T TX = T CIDTX + T ADTX + T PDTX =  D CID +  D AD +  D PD The MH Protocol Performance

15 Conclusions and Future Work overcome current drawbacks MH works properly only with the 'visit-once' assumption. Each intermediate ESP must host the agent only once. development of other integrity protocols (TTP) to obtain an integrated tool a realization of a MA-based electronic marketplace SOMA is available from: http://www-lia.deis.unibo.it/SOMA/

Download ppt "Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
P. Bellavista, A. Corradi, C. Stefanelli - ISADS'99 - Tokyo, 22 March 1999 1 A Secure and Open Mobile Agent (SOMA) Programming Environment Paolo Bellavista,

P. Bellavista, A. Corradi, C. Stefanelli - ISADS'99 - Tokyo, 22 March A Secure and Open Mobile Agent (SOMA) Programming Environment Paolo Bellavista,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Similar presentations

Ads by Google