Protecting mobile agents from external replay attacks

doi:10.1016/j.jss.2008.05.018

Journal of Systems and Software

Volume 82, Issue 2, February 2009, Pages 197-206

https://doi.org/10.1016/j.jss.2008.05.018 Get rights and content

Abstract

This paper presents a protocol for the protection of mobile agents against external replay attacks. This kind of attacks are performed by malicious platforms when dispatching an agent multiple times to a remote host, thus making it reexecute part of its itinerary. Current proposals aiming to address this problem are based on storing agent identifiers, or trip markers, inside agent platforms, so that future reexecutions can be detected and prevented. The problem of these solutions is that they do not allow the agent to perform legal migrations to the same platform several times. The aim of this paper is to address these issues by presenting a novel solution based on authorisation entities, which allow the agent to be reexecuted on the same platform a number of times determined at runtime. The proposed protocol is secure under the assumption that authorisation entities are trusted.

Introduction

Mobile agents can provide many benefits to the development of distributed applications, but their use also poses many security threats. Research on mobile agent technology has identified and solved a number of security-related issues, but there are still many remaining unsolved (Zachary, 2003).

Most of the research work undertaken on mobile agent security is concentrated on the problem of malicious platforms, as platforms have complete control over the agent execution, and can thus do almost anything with the agent code or data. Therefore, achieving a complete solution is considered impossible, although several problems can be mitigated. For example, even though platforms cannot be prevented from manipulating the results generated by the current execution of the agent, they can certainly be prevented from tampering with the results generated by the agent on other platforms.

Most proposed methods on mobile agent protection against malicious platforms try to provide a generic solution to cover as many security threats as possible, usually without putting the solution into practise in any real-life applications. On the other hand, most real-life agent-based applications do not take security into account. Subsequently, various proposals on mobile agent security have failed to address specific scenarios where their solutions may not be valid. In the context of this paper, the solutions presented in the literature for agent replay attacks have failed to address scenarios where the agent has to loop over a certain number of platforms an undetermined number of times (Tsipenyuk, 2004). Agent replay attacks can be classified in two different categories (Yee, 2003):

Internal replay attacks:
These occur when the agent is forced to execute repeatedly on a single platform using different inputs, aiming to obtain different responses and draw conclusions about its behaviour.
External replay attacks:
These are performed by malicious platforms by resending the agent to another platform, thus making the agent reexecute part of its itinerary.

Internal replay attacks are impossible to avoid because the platform has complete control over the execution, and can always reset the agent to its arrival state. On the contrary, external replay attacks can be avoided if platforms keep a record of previously executed agents.

The problem of current solutions (Yee, 2003, Westhoff et al., 1999, Wilhelm et al., 1998, Li et al., 2000, Suen, 2003, Mir and Borrell, 2003, Che et al., 2006, Cucurull et al., 2005) against external replay attacks is that they do not allow an agent to be executed n times on the same platform, especially if n is determined at runtime. However, the agent’s itinerary often contains roundtrips that require the same platform to be visited several times. Thus, current solutions force programmers to sacrifice some of the inherent flexibility in mobile agent itineraries.

In order to enhance security and flexibility, this paper presents a solution based on authorisation entities. The advantage is that these entities are entitled to generate new identifiers for the agent, thus allowing the repeatable migration of the agent to the same platform. Therefore, the proposed solution allows programmers to develop secure mobile agent applications and still maintaining the agents’ intrinsic flexibility.

The rest of the paper is structured as follows. Section 2 introduces the related work on preventing replay attacks. Section 3 presents the proposed protocol for replay attack prevention. Section 4 describes the implementation of the proof-of-concept of the proposed solution. Section 5 concludes the paper and points out future directions.

Section snippets

Background

Replay attacks (Syverson, 1994) have traditionally been considered as a form of network attack. They are based on capturing some of the messages exchanged between two entities and sending them again at a later time. These attacks are usually performed during authorisation or key agreement protocols, in order to perform, for example, masquerade attacks.

Traditional mechanisms to prevent replay attacks are based on using nonces, timestamps, session tokens, or any other information that allows

Replay attack protection

Protecting mobile agents against all kinds of replay attacks becomes a serious and complex problem to solve. The simplest case is where the itinerary does not contain any loops in its itinerary, that is, the agent does not need to repeatedly execute the same task on one or more platforms. In a loop-free scenario, if the agent has to migrate to a certain platform several times, it will do so in different stages of its itinerary, which means that it will be executing different tasks. Replay

Implementation

In order to prove the viability of the proposed protocol, a prototype implementation has been created and experimentation has been carried out using the Java-based Jade platform (Bellifemine et al., 2003) as the agent execution environment.

Agents have been implemented following an agent-driven approach, as proposed by Ametller et al. (2004). According to Ametller et al. (2004), mobile agents are created from two main components: a protected itinerary and a control code. The protocol used to

Conclusions

This paper presented a protocol aiming to protect mobile agents against external replay attacks. Previous published work on this area was mainly based on storing a trip marker, or some other kind of agent identification, inside agent platforms. This identifier was fixed for the whole agent execution, and, as a result, it was not possible to define itineraries where the same platform was visited more than once.

The proposed protocol protects agents against replay attacks, and allows agents to

Acknowledgements

This work has been funded by the Spanish Ministry of Science and Technology (MCYT) through the project TIC2003-02041, and the Spanish Ministry of Education and Science (MEC) through the project TSI2006-03481.

Carles Garrigues is a researcher in the Security of Networks and Distributed Applications (SeNDA) group in the Department of Information and Communications Engineering at the Universitat Autònoma de Barcelona. He received his MSc in Computer Science from the Universitat Autònoma de Barcelona. His main research interests relate to mobile agents and security.

References (20)

J. Ametller et al.
Self-protected mobile agents
T. Aura
Strategies against replay attacks
Bellifemine, F., Caire, G., Poggi, A., Rimassa, G., 2003. JADE – A White Paper. Tech. Rep., Telecom Italia Lab,...
H. Che et al.
A novel solution of mobile agent security: task-description-based mobile agent
IJCSNS International Journal of Computer Science and Network Security
(2006)
J. Cucurull et al.
Protecting mobile agent loops
Garrigues, C., Robles, S., Borrell, J., 2008. Securing dynamic itineraries for mobile agent applications. Journal of...
F. Hohl
Time limited blackbox security: protecting mobile agents from malicious hosts
N.M. Karnik et al.
Security in the Ajanta mobile agent system
Software Practice and Experience
(2001)
T. Li et al.
A secure route structure for information gathering agent
J. Mir et al.
Protecting mobile agent itineraries

There are more references available in the full text version of this article.

Cited by (18)

Fragment transfer protocol: An IEEE-FIPA based efficient transfer protocol for mobile agents
2010, Computer Communications
Citation Excerpt :
From the first steps of the mobile agent technology [1], the main concerns have been its security [2–5] and interoperability [6–8].
From the first steps of the mobile agent technology, the main concerns have been its security and interoperability. At the contrary, its performance has been usually relegated to a second place.
The main contribution of this article is the proposal of a new agent transfer protocol, called Fragment Transfer Protocol (FrTP), for the Inter-Platform Mobility Architecture (IPMA) that improves the agent migration performance. The new protocol has been designed because a poor agent migration performance is observed in some Agent Middlewares, such as JADE, when large sized code and data agents are transferred. The reason is that the existing IPMA protocols encapsulate too much data in a single IEEE-FIPA ACL message and these Agent Middlewares do not deal well with this situation. Therefore, FrTP proposes to transfer the agent by sending its code and data split into several messages.
The new protocol approach is fully compliant with the IEEE-FIPA interoperability agent standards and IPMA framework. Furthermore, it has been integrated into the IPMA implementation for JADE and it has been extensively validated through a set of performance tests carried out on different scenarios. Hence, its usage will strongly improve the performance of agents with large sized codes or data.
Promoting the development of secure mobile agent applications
2010, Journal of Systems and Software
Citation Excerpt :
Mobile agents implement different security mechanisms depending on the requirements of the given application. For example, they can implement mechanisms for the protection against replay attacks (Garrigues et al., 2009), mechanisms for the protection of the itinerary (Garrigues et al., 2008b), the computational results (Maggi and Sisto, 2003), etc. These security mechanisms are usually managed by the agent platform, using a so-called platform-driven approach.
In this paper, we present a software architecture and a development environment for the implementation of applications based on secure mobile agents. Recent breakthroughs in mobile agent security have unblocked this technology, but there is still one important issue to overcome: the complexity of programming applications using these security solutions. Our proposal aims to facilitate and speed up the process of implementing cryptographic protocols, and to allow the reuse of these protocols for the development of secure mobile agents. As a result, the proposed architecture and development environment promote the use of mobile agent technology for the implementation of secure distributed applications.
Full mobile agent interoperability in an IEEE-FIPA context
2009, Journal of Systems and Software
The existence of heterogeneous mobile agent systems hinders the interoperability of mobile agents. Several solutions exist, but they are limited in some aspects. This article proposes a full interoperability solution, in the context of the IEEE-FIPA agent standards, composed of three parts. The first part is a simple language-independent agent interface that enables agents to visit locations with different types of middlewares. The second part is a set of design models for the middlewares to support agents developed for different programming languages and architectures. And the third part is a method based on agents with multiple codes and a common agent data encoding mechanism to enable interoperability between middlewares that do not support the same programming languages. Furthermore two agent interoperability implementations, and its corresponding performance comparison, carried out over the JADE and AgentScape agent middlewares are presented.
A Novel Protocol for Security of Location Based Services in Multi-agent Systems
2019, Wireless Personal Communications
A review of security techniques for mobile agents
2017, Proceeding - IEEE International Conference on Computing, Communication and Automation, ICCCA 2017
Secure mobile agent protocol for vehicular communication systems in smart cities
2017, Information Innovation Technology in Smart Cities

View all citing articles on Scopus

Nikos Migas is a researcher in the Centre for Distributed Computing and Security in the School of Computing at Napier University. He has a degree in Computer Science from Lancaster University, an MSc in Interactive Distributed Systems from Liverpool John Moores University, and a PhD in ad-hoc networking and mobile agents from Napier University. Nikos is an active researcher in computing and his interests amongst others include: mobile agents; software architectures; wireless ad-hoc routing protocols; cross-media communications; electronic data capture systems for clinical trials; and security. Since 2004, Nikos has been developing solutions based on Microsoft .net framework, and he is a Microsoft Certified Professional (MCP) for Windows Forms, ASP .NET using C#, XML Web-Services, and MS SQL Server, and a Microsoft Certified Trainer (MCT). His current focus is in healthcare, especially in Electronic Data Capture (EDC) systems, which can significantly cut-down time of clinical trials, reduce paper requirements, and costs.

William J. Buchanan is a Professor in the School of Computing at Napier University, Edinburgh, and leads the Centre for Distributed Computing and Security. He has published over 20 academic books in computing and electronic engineering, and currently teaches computer security and distributed systems. Overall, he has published over 80 journal and conference papers, and has won awards for excellence in knowledge transfer.

Sergi Robles is an Associate Professor in the Department of Information and Communications Engineering at the Universitat Autònoma de Barcelona, where he leads the Security of Networks and Distributed Applications (SeNDA) research group. His research interests include mobile agents and security, medical applications, and mobile ad-hoc networks. He received his PhD in computer science from Universitat Autònoma de Barcelona.

Joan Borrell is an Associate Professor in the Department of Information and Communications Engineering at the Universitat Autonoma de Barcelona, and a member of the Security of Networks and Distributed Applications (SeNDA) research group. His research interests include cryptographic protocols for electronic voting and electronic gambling, and security of mobile agents. Since 1991, he has coauthored 3 patents and over 60 journal and conference papers, and he has supervised 5 PhD thesis.

View full text

Protecting mobile agents from external replay attacks

Abstract

Introduction

Section snippets

Background

Replay attack protection

Implementation

Conclusions

Acknowledgements

Self-protected mobile agents

Strategies against replay attacks

A novel solution of mobile agent security: task-description-based mobile agent

IJCSNS International Journal of Computer Science and Network Security

Protecting mobile agent loops

Time limited blackbox security: protecting mobile agents from malicious hosts

Security in the Ajanta mobile agent system

Software Practice and Experience

A secure route structure for information gathering agent

Protecting mobile agent itineraries