Presentation is loading. Please wait.

Presentation is loading. Please wait.

D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko,

Published byLoraine Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko,"— Presentation transcript:

1 D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko, Daniela Rus Dartmouth College, Hanover, New Hampshire, USA published in 1998 Presented by Haiying Tan May, 2002 COMPSCI 725 Presentation

2 D’Agents 2 Outline  Introduction  D’Agents  Application  Security Architecture  Authentication  Example  Conclusion

3 D’Agents 3 Mobile agent --- a program which –Represents a user in a heterogeneous network –Moves autonomously from machine to machine –Functions on behalf of the user Security in mobile-agent system -Protect the machine -Protect other agents -Protect the agent -Protect a group of machines Introduction Machine B Machine A Application

4 D’Agents 4 D‘Agents A mobile-agent system (formerly named Agent Tcl) developed by Dartmouth College, its agents can be written in Tcl, Java & Scheme. It provides simple communication facilities, and effective security. It reduces migration to a single instruction. The core system has four levels. Agents Tcl…Java Server or engine TCP/IP … Email D’Agents Architecture

5 D’Agents 5 Dynamically selected proxy site http://agent.cs.dartmouth.edu/ 3. Return merged and filtered results GUI on home machine Application: Information retrieval 2. Send child agents and collect partial results Machine n Machine 1...

6 D’Agents 6 D‘Agents Security Architecture 1. Verify digital signature 2. Accept or reject agent 3. Record owner’s identity Language interpreter Enforcement module 4. Start up interpreter 5. Resume agent execution 6. Agent tries to access a resource Resource managers 8. Manager responds with grant/deny 7. Ask resource manager for permission Incoming agentAgent server

7 D’Agents 7 Authentication (I)  Task involved in protecting the machine. –Agents & messages can be encrypted to avoid interception, and digitally signed to reliably identify their owner.  Two kinds of agents distinguished. –Owned agent, owner could be authenticated and is on the server’s list of authorized user. –Anonymous agent, owner could not be authenticated or is not on the server’s list of authorized users.  PGP, Pretty Good Privacy –External encryption tool for digital signatures and encryption. –PGP uses RSA, public key cryptography for authentication, and the IDEA algorithm for encryption. –An agent chooses whether to use encryption and signatures when it migrates or sends a message.

8 D’Agents 8 Authentication (II) Fig. Encryption for the begin, jump command Home agent_begin S0S0 E0E0 Knows E1E1 Machine A S1S1 Knows agent_jump Machine B Knows If trustsKnows S2S2 E2E2 F Yes agent_jump

9 D’Agents 9 Authentication (III) Fig. Encryption for the send command Machine B Machine A S1S1 E1E1 OR S2S2 E2E2 F Yes/no Weaknesses of this authentication scheme 1.Most serious problem: Multi-hop authentication problem. 2.PGP is extremely slow. 3.Cannot generate session keys for ongoing communication. 4.No automatic distribution mechanism for the public keys.

10 D’Agents 10 Example Agent agent = new Agent (); // create the agent agent.setSignatures (true); // turn on digital signatures agent.begin ("localhost",timeout);// register with the agent system agent.jump (engineSite,timeout); //migrate to the search engine site // interact with the search engine Message queryMessage = new Message (0, query); AgentId engineAgent = new AgentId (engineSite, "search-engine"); agent.send (engineAgent, queryMessage, timeout); ReceivedMessage resultsMessage = agent.receive (timeout); …… //Return home String homeMachine = agent.getHomeId().getMachine(); agent.jump (homeMachine); Information retrieval agent implemented in java

11 D’Agents 11 Conclusion D’Agents is a simple but powerful mobile- agent system –An academic system with full source available. –Good support for migration. –It protects machines from malicious agents with straightforward security model. ? Questions –What are the advantages of D’Agents authentication scheme, if using this, which kinds of threats are under control?

Download ppt "D’Agents 1 Presented by Haiying Tan May, 2002 D’Agents: Security in a multiple-language, mobile-agent system Robert S. Gary, David Kotz, George Cybenko,"

Similar presentations

By Olga Gelbart rosa@seas.gwu.edu Mobile Agents By Olga Gelbart rosa@seas.gwu.edu.

By Olga Gelbart Mobile Agents By Olga Gelbart
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,
Multimedia Services based on Mobile Agent

Multimedia Services based on Mobile Agent
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google