1 / 15

Mobile Agent Security

Mobile Agent Security. John Russell Anthony Pringle. What is an Agent?. An autonomous program that migrates across different execution environments A very, very bad man . Examples and Applications. Searching and filtering Information Retrieval Flight schedules best prices

oria
Download Presentation

Mobile Agent Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Agent Security John Russell Anthony Pringle

  2. What is an Agent? • An autonomous program that migrates across different execution environments • A very, very bad man

  3. Examples and Applications • Searching and filtering • Information Retrieval • Flight schedules • best prices • automated shopping

  4. Advantage of Mobile Agents • They move the computations closer to the resources they need to access • Reduces network communication, bandwidth and latency

  5. Security Concerns • Two broad categories • Protecting the host from malicious agents • Protecting the agent from malicious hosts • Detection of agent tampering • Prevention of agent tampering

  6. Classification of Malicious Host Security Threats • Integrity • Information Modification • Integrity Interference • Availability • Denial of service • Delay of service • Transmission Refusal • Confidentiality Attacks • Eavesdropping • Theft • Reverse Engineering

  7. Privacy Concerns • Agent carries the owner’s private key to authenticate transactions • Possible problems? • The Agent may need to use the secret “in public” • Example: to compute a signature on an order form • A malicious host could steal the Agent’s key and sign unauthorized transactions • Goal: a mechanism for the Agent to produce digital signatures without disclosing its secret

  8. Computing with Encrypted Functions • Prohibits the host from learning details of the Agent’s secret. • Basic Procedure • Alice encrypts a function f • Alice creates the program P(E(f)) • Alice sends P(E(f)) to Bob • Bob executes P(E(f)) at x • Bob replies to Alice with P(E(f))(x) • Alice decrypts P(E(f))(x) to obtain f(x)

  9. Undetachable Signatures • Although hidden, the signing routine can still be abused to sign arbitrary documents • We need a way to bind the signature routine to a specific transaction • We call this an undetachable signature

  10. A Secure Implementation of Undetachable Signatures • In 2000, Burmester et. al. described a non-interactive CEF undetachable signature scheme. • Uses exponential functions as encrypting function • Based on RSA • Provably secure

  11. Preparing the Agent • The customer gives to the agent the undetachable signature function pair • f(•) = h(•) mod n where h = hash(C, req_C) • fsigned = k(•) mod n, where k = hd mod n is the customer’s RSA signature of h. • The agent migrates to the server with the pair (f(•), fsigned) as part of its code, and (C, req_C) as part of its data

  12. Undetachable Signatures

  13. Undetachable Signatures • A malicious host can produce a signature that includes a bogus bid from the server, but the signature will be invalid • Efficient: the RSA implementation takes only three exponentiations • Authentication is preserved because the signature cannot be applied to an arbitrary message

  14. Questions? • Please direct all questions to Dr. Burmester

  15. References • Sander and C.F. Tschudin. Protecting mobile agents against malicious hosts. In G. Vigna,editor, Mobile agent security, number 1419 in Lecture Notes in Computer Science, pages 44-60.Springer-Verlag, Berlin, 1998 • P. Kotzanikolaou, M. Burmester, and V. Chrissikopoulos. Secure transactions with mobile agents in hostile environments, Information Security and Privacy: Proceedings of the 5th Australasian Conference -- ACISP 2000,number 1841 in Lecture Notes in Computer Science, pages 289-297. Springer-Verlag, Berlin, 2000. • E. Bierman and E. Cloete. Classification of Malicious Host Threats in Mobile Agent Computing. Proceedings of SAICSIT 2002, Pages 141-148

More Related