Presentation is loading. Please wait.

Presentation is loading. Please wait.

LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael."— Presentation transcript:

1 LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael

2 Outline Introduction Project Overview  Overview of SIAS - Shopping Information Agent System Project Status  Security measure in Mobile Agent System & Cryptography  Security Attacks and Defenses Scenarios in SIAS  Fault Tolerance of our system SIAS Future Planning  More security measure in Mobile Agent System & Cryptography  Some more security Attacks and Defenses Scenarios in SIAS

3 Introduction What is Mobile Agent?  A mobile agent is a software which can autonomously do the job for us.  It assists people and acts on their behalf. Agents function by allowing people to delegate work to them What is mobile code paradigm?  Consider the applet  The code is download from the web server to the client side and run in the client side through the web browser  Such strategy is called code on demand, which means the code are moving across the machine passively when demanded  Mobile code paradigm is little bit different in which the code will actively move from one host to another

4 Introduction (1) What is the advantage of mobile agent?  It can be able to communicate with other agents, so it is suitable for some system, such as Stock Broker System.  It is mobile and able to travel from one host to another, so it is very suitable for mobile computing, in which the machine cannot be always connected to the network.  It reduces the network load and it also overcome network latency.  It is autonomous, has control over its own actions, which means it can adapt to changes dynamically.  Thus, it is robust and fault-tolerant

5 Introduction (2) Business Opportunities of mobile agents  Extend the lifecycle of existing applications and products by providing new capabilities (i.e. Internet/Intranet Access, Mobile Computing Features, Disconnected Computing Capabilities, etc.)  Decrease the cost of development, time to market, and support for new applications that would be developed using client/server architecture in the past.  New revenue source by providing mobile agent enabled solutions without investments in expensive and scarce resources (i.e. developers with mobile agent experience, non-standard development tools).

6 Mobile Agent Products Aglets from IBM Concordia from Mitsubishi Voyager from ObjectSpace

7 Project Overview (1) In the last semester, we have developed the SIAS system SIAS is a web-based e-commerce mobile agent system It provides users with information of products for sale in an electronic marketplace It is written in Java programming language and on top of the Concordia API, which is developed by Mitsubishi Electric Research Lab

8 Project Overview (2)

9 Project Overview (3) What is Concordia?  Concordia is a full-featured framework for the development and management of network-efficient mobile agent applications which extend to any device supporting Java.  Concordia is written in Java and is portable to any platform running Java.  A Concordia System, at its simplest, is made up of a Java Virtual Machine (VM), a Concordia Server, and at least one mobile agent on 1 network node.  Usually, the Concordia System will consist of multiple machines in a local or wide area network, each of which is running Java VMs, Concordia Servers, and mobile agents.

10 Project Overview (4) Our current SIAS design :  Agent - retrieves product information from hosts for users  One Launch Server - it is a trusted host which is a gateway between the agent system and client programs. It initializes and launches an agent whenever it receives requests from clients and receive agents when an agents finishes its trips  26 Data Base Servers - some of them may be malicious. They receive incoming agents and retrieving information from its own database.  Client is using Netscape Communicator 4.7. It is a Java Applet which lets users to choose products and quantities.

11 Project Status (1) We have implemented SIAS as a sample application of mobile agents, which reduces communication cost and allows delegation of tasks. We studied discussed the problem of malicious hosts in a mobile agent system and addressed these problems in SIAS so as to develop a primitive approach to protect the agents. We measured the performance overhead of the security measures, see a trade-off between performance and security for SIAS, and learned that it takes time for a malicious host to attack an agent.

12 Project Status (2) We have scaled up our system from 3 hosts to 26 hosts We have implemented a fault tolerance mechanism to the system, so that the agents can still travel the trip when some host is down. We have continued to think of other security attack scenarios and corresponding solutions (such as encrypting the whole agent)

13 Security in Mobile Agent (1) Security problems of malicious agents against hosts  Trojan horse attacks by malicious agents  This can be effectively solved by  strong authentication of the code sources  verification of code integrity  limiting the access rights of incoming agents to local resources of hosts

14 Security in Mobile Agent (2) Security problems of malicious hosts against agents When an agent executes on a remote host, the host is likely to have access to all the data and code carried by the agent If a host is malicious and abuses the code or data, the privacy and secrecy of the agent and its owner would be at risk

15 Security in Mobile Agent (3) In SIAS, we have chosen a technique called Agent Tempering Detection  Agent Tempering Detection: hiding from hosts the data possessed by agents and the function to be computed by agents by messing up code and data of agents, or using cryptographic technique

16 Attacks and Defenses on SIAS (1) Scenario 1 - Modification of query products  The list of products specified by user is stored as plain text  Malicious host can easily spy out the data and change it  Later hosts will response to such changes, and report wrong information  This violates the integrity of queries

17 Attacks and Defenses on SIAS (2) Scenario 2 - Modification of query quantities  Similar to scenario 1  This lead the later host to report wrong information

18 Attacks and Defenses on SIAS (3) Scenario 3 - Spying out and modification of query results  Agents carry query results in plain text  Malicious hosts can spy out and modify the results that the agent has collected from previous hosts  Such changes can favor the malicious hosts  For example, a malicious host raises all the prices reported from previous hosts

19 Attacks and Defenses on SIAS (4) Scenario 4 - Modification of itinerary of agent  Itinerary of an agent is accessible to hosts  Malicious hosts can change the itinerary of an agent  Agents may go to hosts that are not specified in itinerary  Agents may skip hosts that are specified in itinerary

20 Attacks and Defenses on SIAS (5) Hybrid Attacks  Can mix the above 4 attacks

21 Attacks and Defenses on SIAS (6) Solution to Attack Scenario 1 & 2  We introduce digital signature on the whole list of product IDs as well as the signature on the list of product quantities {Product ID list} => {Product ID list}sig A ({Product ID list}) {Quantity list} =>{Quantity list}sig A ({Quantity list})

22 Attacks and Defenses on SIAS (7) Solution to Attack Scenario 3  We introduce RSA encryption algorithm on the results obtained from the Data Base server {Query result} => D A ({Query result}sig H ({Query result}))

23 Attacks and Defenses on SIAS (8) Solution to Attack Scenario 4  The Data Base server will sign the path of the agent to ensure the agent goes the right path E HN (E H(N-1) (…E H2 (E H1 (Itinerary at Host 1) Itinerary at Host 2) … Itinerary at Host N-1) Itinerary at Host N)

24 Attacks and Defenses on SIAS (9) Introduce 2 objects to support security measures  RSA object ; and  Key Server object

25 Attacks and Defenses on SIAS (10) RSA object is the core of Secure SIAS design It helps to implement a public key infrastructure (PKI) It can encrypt a character string to ciphertext, and decrypt a ciphertext to a character string

26 Attacks and Defenses on SIAS (11) Key Server object acts as a Certificate Authority (CA) of our PKI It accepts public keys from agents and hosts, and distribute them It uses RMI in transporting public keys Why not agent but RMI??  Endless chain of security measures

27 Attacks and Defenses on SIAS (12) A Secure SIAS

28 Agent Encryption (1) For encrypting the agent, we found that our original RSA algorithm cannot encrypt the agent object. Thus, we have try another method we have used symmetric key approach We make use of the Diffie-Hellman Key Exchange for exchanging the symmetric key between two hosts.

29 Agent Encryption (2) Diffie-Hellman Key Exchange  It is a key exchange technique which enable two users to exchange a key securely.  It can then be used for subsequent encryption of message.  It depends for its effectiveness on the difficulty of computing discrete algorithm

30 Agent Encryption (3)  Under its scheme, there are two publicly known numbers: a prime number n and an integer g that is a primitive root of n  Suppose hosts A and B wish to exchange a key.  Host A selects a random integer x < n and computes X = g x mod n.  Similarly, host B independently selects a random integer y < n and compute Y=g y modn.  Each side keeps x and y be private and makes X and Y available publicly to the other side.  Host A computes the key as K = Y x modn and host B computes the key as K = X y modn.  These two calculations produce the same result and act as the symmetric key

31 Agent Encryption (4)  Thus, the two sides have exchanged a secret key.  Furthermore, because x and y are private, an opponent only has the following ingredients to work with: g, n, X and Y.  Thus, the opponent is forced to take a discrete logarithm to determine the key.  For example, attacking the secret key of host B, the opponent must compute y using Y, g and n which is computationally difficult to do so.

32 Agent Encryption (5) Using Diffie-Hellman Key Exchange technique, we can use the symmetric key to encrypt the agent. We just use the bitwise XOR to encrypt and decrypt the agent When the agent wants to travel to next host, it first get the public key of the next host and generate the symmetric key using the private key of the host that it resides. Then it will encrypt itself using the symmetric key. When the agent reaches the destination host, it will get the public key of the previous host and decrypt itself using the secret key the destination host.

33 Security Analysis on SIAS (1) The security of the additional measures lies mainly on the introduction of a key server that facilitates the use of public key cryptography. Assuming the key server, the communication channel with the key server are secure enough, and the keys are managed properly, the prevention of modification of the signed product and quantity lists of an agent by a malicious host is supported by the security of the RSA encryption algorithm.

34 Security Analysis on SIAS (2) The time complexity for breaking the RSA cryptosystem depends on the length of the key in number of bits. The longer the key is, the more secure the system would be. In our implementation, we have chosen a key length of 128 bits. This would be sufficiently secure for our security purpose

35 Security Analysis on SIAS (3) We have test times for SIAS to launch a single agent with and without security measures. Round trip times (RTTs) required for an agent to travel around an electronic market of different number of hosts, with and without security enforcement, are measured respectively. We will measure the performance overhead of the security measure, such as encrypting the agent, see the trade-off between performance and security for SIAS. Queries of different sizes (number of products) have been tested.

36 Security Analysis on SIAS (4) Results show that, the RTT for an agent to travel in SIAS changes more or less linearly over the number of hosts in the system. This is due to the additional time to travel an additional host, and the overhead for each additional host is more or less the same. Moreover, the RTT is also linearly increasing as the number of products of the query increases. This can be explained by the increases in number of database transactions and time to transport an agent.

37 Security Analysis on SIAS (5) When security is enforced, the RTT increases in general. For the maximum number of hosts of 26, and maximum size of query of 90 products, the RTT increases by 100 seconds, from 230 seconds to 350 seconds. This can be explained by the extensive use of the RSA algorithm to encrypt and decrypt each item, which is time consuming, especially when the key is long. Therefore, we see a trade- off between security and performance in SIAS.

38 Fault Tolerance (1) Our system highly depends on Concordia API Faults that are introduced by Concordia cannot be avoided Fault Tolerance features is needed Two Approaches  Monitor Program  Confirmation of Availability of Connection

39 Fault Tolerance (2) Monitor Program  The monitor program always checks whether all the servers are up or not  If one of the server is down, it sends requests to the destination host and restart the server  Also uses logs to monitor the servers status

40 Fault Tolerance (3) monitor server A forever loop is used to check the servers server restart signal a server dies server server recovers server

41 Fault Tolerance (4) Confirmation of Availability of Connection  In Concordia architecture, an agent dies if connection to next hosts does not exists  This introduces data lost  We introduce methods to avoid such lost  by using methods like “ ping ” in UNIX  Before an agent travels to next host, it “ ping ” s for the availability of the host  If the next host dies, the agent waits until the monitor program restarts the server

42 Fault Tolerance (5) Server AServer B ping server B agent arrives at server Aserver B responsesagent travels to server B An agent dies only if the server that the agents resides on dies If server B dies agent waits until server B restarts restart signal server B restartsagent travels to server Bagent arrives at server B

43 Future Planning We will analyze the security of our new approach We will continue to work on the fault tolerance part of SIAS We will think more about security Attacks and Defenses Scenarios in SIAS

Download ppt "LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
1 Fault-Tolerance Techniques for Mobile Agent Systems Prepared by: Wong Tsz Yeung Date: 11/5/2001.

1 Fault-Tolerance Techniques for Mobile Agent Systems Prepared by: Wong Tsz Yeung Date: 11/5/2001.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
LYU9905 Security in Mobile Agent E- Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor : LYU Rung Tsong Michael.

LYU9905 Security in Mobile Agent E- Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor : LYU Rung Tsong Michael.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Cryptography Basic (cont)

Cryptography Basic (cont)

Similar presentations

Ads by Google