1 / 15

MagicNET: Security System for Protection of Mobile Agents

MagicNET: Security System for Protection of Mobile Agents. Presentation Overview. Mobile Agents NIST Background Research Problem Solution Conclusion. Mobile Agents.

casta
Download Presentation

MagicNET: Security System for Protection of Mobile Agents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MagicNET: Security System for Protection of Mobile Agents

  2. Presentation Overview • Mobile Agents • NIST • Background • Research Problem • Solution • Conclusion

  3. Mobile Agents • Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam in a network, moving autonomously from one server to another, performing their designated tasks, and finally, returning eventually to their control station.

  4. Security Threats- NIST-1998 • There are four kind of threats, as per NIST. • Agent to Platform • Agent to Agent • Platform to Agent • Other to Agent Platform This paper covers ‘Platform to Agent’ Threat. Threats, covered are:

  5. Security Threats- NIST-1998 cont… • Unauthorized Access: An unauthorized Mobile Agent Platform shouldn’t be able to access either data or code of an Agent. • Eavesdropping: An unauthorized Mobile Agent Platform shouldn’t be able eavesdrop on sensitive data carried by a Mobile Agent. • Alteration: An unauthorized Mobile Agent Platform shouldn’t be able to alter sensitive data, carried by a Mobile Agent.

  6. Traditional Solution • Previously, for code Security, code obfuscation and code scrambling techniques were used. • For data baggage security, data was encrypted with Agent Owner’s public key.

  7. Research Problem.. • There is no comprehensive solution that provides security to Mobile Agent’s Code from an untrusted Agent Platform, and provides secrurity from an Unauthorized Mobile Agent Platfrom to the sensitive data carried by a Mobile Agent, in a flexible way.

  8. Solution ?? • Provides Mobile Agent Code Security using PKCS7 • Providing a flexible mechanism to secure Mobile Agents’ data baggage in such a way that multiple authorized platform in the route can view the desired data, but none of the unauthorized can.

  9. Standards Used.. • XACML(eXtensible Access Control Markup Language): A standard way to handle access control policy definition strategies and security Configurations. • SAML ( Security Assertion Markup Language): Based on security assertions transferred, it provides a standardized way to exchange authentication and authorization data.

  10. MagicNET System Components • MagicNETstands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH. • MagicNET provide complete infrastructural and functional component for secure mobile agent research and development. • It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

  11. Mobile Agent Code Security • Mobile Agent code security is achieved using PKCS7 standard. Once an Agent Owner wishes to launch a Mobile Agent in a network, it uses PKCS7 signandEnvelope mechanism : it first signs the Agent and then Envelopes it with Recepient Node’s public keys.

  12. Data Baggage Security • For the data baggage security, this paper uses KDS (Key Distribution Server), XACML and SAML standards. • If a Mobile Agent Platform wishes to secure its data contribution, then it sends a Key generation request to KDS. KDS authenticates the Platform from PDP(Policy Decision Point) and returns a new encryption key, which is then used by the Agent Platform to encrypt its data.

  13. Data Baggage Security cont… • For the Agent Platform, which wishes to view data of Mobile Agent contributed by a previous Agent Platform in route, then the flow will be somewhat like this : • The Agent Platform will send a data decryption key request to KDS, KDS will send an Authorization request to PDP and PDP will check in the policy file, if the Agent Platform has the access or not. Upon positive authorization assertion, KDS sends the desired decryption keys to the Agent Platform and it decrypts the Data.

  14. Conclusion and Future work In this paper we have described a comprehensive solution for mobile agents and protection of their baggage. Our solution is based on a protective approach, in which integrity of the mobile agents’ code is preserved along with confidentiality during execution. Our approach also supports confidentiality of mobile agents’ data from unauthorized reading and/or access by agent platforms. Finally, it also supports exchange of confidential mobile agents processing data (baggage) among agent platforms.

  15. Questions ???

More Related