1. No category

SOMA Domain

Mobile Agents Integrity
in
E-commerce Applications
Antonio Corradi, Rebecca Montanari
{acorradi, rmontanari}@deis.unibo.it
University of Bologna - Italy
Cesare Stefanelli
[email protected]
University of Ferrara - Italy
Outline
• Mobile Agents in E-commerce Applications
• Security Issues and Research Challenges
• Approaches to Mobile Agents Integrity:
– centralized vs. distributed solutions
• The Multiple-Hops Integrity Protocol in SOMA
a Secure and Open Mobile Agent System
• Conclusions and Future Work
Why Mobile Agents in E-commerce?
MA-based E-commerce Application Scenarios:
• information gathering and filtering
• buying
• electronic marketplace
Intrinsic Pros:
• autonomy
• easy personalization
• better network utilization
• better support for mobile users
but
SECURITY is a crucial issue
for wider acceptance of MA
technology
An E-commerce Application Example
A shopping mobile agent is dispatched in order to find the most convenient
offer for a flight ticket.
Two possible scenarios:
• information gathering
the shopping agent returns the best collected offer for the flight
back to its owner.
• buying
the shopping agent books and pays when it finds the best flight on
behalf of its owner
Security Issues
• Protection of Hosts against Malicious Agents
Possible Attacks:
Approaches:
• unauthorized access
• sandboxing and its evolution
• resource corruption
• proof carrying code
• denial of service
• safe programming languages
• Protection of Agents
– against Malicious Hosts
– over insecure networks
Challenging Issue:
Protection of Agents against Malicious Hosts
Possible Attacks:
• code/state spying
• code/state manipulation (tanpering and/or deletion)
• denial of execution
• …….
Need to achieve:
• integrity
• secrecy
of agent code
– necessary in a buying scenario
• Detection
•integrity
•secrecy
Approaches:
• Prevention
of agent state
– necessary to assure the trustworthiness
of agent’s state (i.e. results)
SOMA support to E-commerce Applications
SOMA Domain
managed by Company X
Place1
Place3
Default
Place
Default
Place
SOMA Domain
managed by Company Y
Place2
Place1
Place2
Default
Place
Default
Place
Place2
Place1
SOMA Domain
managed by Company Z
Place
Agent execution environment
It generally models a physical node
A default place acts as a gateway for
interdomain routing. It generally
models a physical LAN
Mobile Agent
Protection of Hosts against Malicious Agents
in SOMA
Domain
Local Resources
Place
Authorization (Place Policy)
MA
Place
Authentication
MA
Integrity
Secrecy
MA
MA
Default Place
Authorization (Domain Policy)
Authentication
Integrity
Secrecy
• JDK1.2 Security Framework
• Entrust PKI for key management
Untrusted Environment
Trusted Environment
Protection of Agents against Malicious Hosts
in SOMA
Detection Approaches:
• centralized solution (Trusted Third Party)
• distributed solution
Our Goal :
provide a distributed solution
• agent autonomy is guaranteed
• better performance is achieved
The Multiple-Hops (MH) Integrity Protocol (1.)
Assumptions:
• competitive e-commerce scenarios
• dynamic list of Electronic Service Provider (ESP)
• only a certain percentage of ESPs visited by one agent might be
malicious
The MH Protocol (2.)
Definitions:
• agent composed of three parts:
– Code and Initialization Data
– Application Data (AD). AD contains the data collected by the agent in its
visit to different ESPs
– Protocol Data (PD). PD holds the additional information needed to support
the MH protocol
•a
Message Integrity Codes (MIC) for mobile agents integrity
State
Code
AD PD
AD = Application Data
PD = Protocol Data
The MH Protocol (3.)
Description:
• each site must provide a short proof of the agent computation:
MICi
• each proof is cryptographically linked with the ones computed at the
previous sites => chaining relation between the proofs
MICi=h(.., .., MICi-1)
• the integrity of the “chain” of cryptographic proofs is verified by the
Sender at agent return back
The MH Protocol (4.)
P0
(Sender)
………
……...
PN
Code
AD
PD
D1,D2 EC3 , MIC2
C1=h(C) secret for P1
EC1= C1 encrypted
P2
Code AD
PD
void EC
1
EC1 decrypted = C1
C2=h(C1) secret for P2
EC2=C2 encrypted
MIC1 = h(D1 , C1)
P1
Code AD
D1
EC2 decrypted = C2
C3=h(C2) secret for P3
EC3=C3 encrypted
MIC2 = h(D2 , C2 , MIC1)
PD
EC2 , MIC1
State
Code AD
PD
AD = Application Data
PD = Protocol Data
The MH Protocol Performance
• EXECUTION COST
TTOT-INT = N(THASH + TMIC + TDECRYPT + TCRYPT )  NTMIC
TSENDER = N (THASH +TMIC )  NTMIC
• TRANSMISSION COST
TTX = TCIDTX + TADTX + TPDTX = DCID +  DAD +  DPD
No integrity
(ms)
N. of
ESPs
5
7
10
TTX
Net.
2200
2800
5000
Ser.
1506
2406
3071
MH protocol
(ms)
TTX
Total
TEXEC
3706
5206
8071
320
400
435
Net.
2300
2850
5500
Total
Ser.
1750 4375
3300 6550
4075 10010
Conclusions and Future Work
• overcome current drawbacks
MH works properly only with the 'visit-once' assumption.
Each intermediate ESP must host the agent only once.
• development of other integrity protocols (TTP)
to obtain an integrated tool
• a realization of a MA-based electronic marketplace
SOMA is available from:
http://www-lia.deis.unibo.it/SOMA/

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz