Protecting mobile agents from external replay attacks
Introduction
Mobile agents can provide many benefits to the development of distributed applications, but their use also poses many security threats. Research on mobile agent technology has identified and solved a number of security-related issues, but there are still many remaining unsolved (Zachary, 2003).
Most of the research work undertaken on mobile agent security is concentrated on the problem of malicious platforms, as platforms have complete control over the agent execution, and can thus do almost anything with the agent code or data. Therefore, achieving a complete solution is considered impossible, although several problems can be mitigated. For example, even though platforms cannot be prevented from manipulating the results generated by the current execution of the agent, they can certainly be prevented from tampering with the results generated by the agent on other platforms.
Most proposed methods on mobile agent protection against malicious platforms try to provide a generic solution to cover as many security threats as possible, usually without putting the solution into practise in any real-life applications. On the other hand, most real-life agent-based applications do not take security into account. Subsequently, various proposals on mobile agent security have failed to address specific scenarios where their solutions may not be valid. In the context of this paper, the solutions presented in the literature for agent replay attacks have failed to address scenarios where the agent has to loop over a certain number of platforms an undetermined number of times (Tsipenyuk, 2004). Agent replay attacks can be classified in two different categories (Yee, 2003):
- Internal replay attacks:
These occur when the agent is forced to execute repeatedly on a single platform using different inputs, aiming to obtain different responses and draw conclusions about its behaviour.
- External replay attacks:
These are performed by malicious platforms by resending the agent to another platform, thus making the agent reexecute part of its itinerary.
Internal replay attacks are impossible to avoid because the platform has complete control over the execution, and can always reset the agent to its arrival state. On the contrary, external replay attacks can be avoided if platforms keep a record of previously executed agents.
The problem of current solutions (Yee, 2003, Westhoff et al., 1999, Wilhelm et al., 1998, Li et al., 2000, Suen, 2003, Mir and Borrell, 2003, Che et al., 2006, Cucurull et al., 2005) against external replay attacks is that they do not allow an agent to be executed n times on the same platform, especially if n is determined at runtime. However, the agent’s itinerary often contains roundtrips that require the same platform to be visited several times. Thus, current solutions force programmers to sacrifice some of the inherent flexibility in mobile agent itineraries.
In order to enhance security and flexibility, this paper presents a solution based on authorisation entities. The advantage is that these entities are entitled to generate new identifiers for the agent, thus allowing the repeatable migration of the agent to the same platform. Therefore, the proposed solution allows programmers to develop secure mobile agent applications and still maintaining the agents’ intrinsic flexibility.
The rest of the paper is structured as follows. Section 2 introduces the related work on preventing replay attacks. Section 3 presents the proposed protocol for replay attack prevention. Section 4 describes the implementation of the proof-of-concept of the proposed solution. Section 5 concludes the paper and points out future directions.
Section snippets
Background
Replay attacks (Syverson, 1994) have traditionally been considered as a form of network attack. They are based on capturing some of the messages exchanged between two entities and sending them again at a later time. These attacks are usually performed during authorisation or key agreement protocols, in order to perform, for example, masquerade attacks.
Traditional mechanisms to prevent replay attacks are based on using nonces, timestamps, session tokens, or any other information that allows
Replay attack protection
Protecting mobile agents against all kinds of replay attacks becomes a serious and complex problem to solve. The simplest case is where the itinerary does not contain any loops in its itinerary, that is, the agent does not need to repeatedly execute the same task on one or more platforms. In a loop-free scenario, if the agent has to migrate to a certain platform several times, it will do so in different stages of its itinerary, which means that it will be executing different tasks. Replay
Implementation
In order to prove the viability of the proposed protocol, a prototype implementation has been created and experimentation has been carried out using the Java-based Jade platform (Bellifemine et al., 2003) as the agent execution environment.
Agents have been implemented following an agent-driven approach, as proposed by Ametller et al. (2004). According to Ametller et al. (2004), mobile agents are created from two main components: a protected itinerary and a control code. The protocol used to
Conclusions
This paper presented a protocol aiming to protect mobile agents against external replay attacks. Previous published work on this area was mainly based on storing a trip marker, or some other kind of agent identification, inside agent platforms. This identifier was fixed for the whole agent execution, and, as a result, it was not possible to define itineraries where the same platform was visited more than once.
The proposed protocol protects agents against replay attacks, and allows agents to
Acknowledgements
This work has been funded by the Spanish Ministry of Science and Technology (MCYT) through the project TIC2003-02041, and the Spanish Ministry of Education and Science (MEC) through the project TSI2006-03481.
Carles Garrigues is a researcher in the Security of Networks and Distributed Applications (SeNDA) group in the Department of Information and Communications Engineering at the Universitat Autònoma de Barcelona. He received his MSc in Computer Science from the Universitat Autònoma de Barcelona. His main research interests relate to mobile agents and security.
References (20)
- et al.
Self-protected mobile agents
Strategies against replay attacks
- Bellifemine, F., Caire, G., Poggi, A., Rimassa, G., 2003. JADE – A White Paper. Tech. Rep., Telecom Italia Lab,...
- et al.
A novel solution of mobile agent security: task-description-based mobile agent
IJCSNS International Journal of Computer Science and Network Security
(2006) - et al.
Protecting mobile agent loops
- Garrigues, C., Robles, S., Borrell, J., 2008. Securing dynamic itineraries for mobile agent applications. Journal of...
Time limited blackbox security: protecting mobile agents from malicious hosts
- et al.
Security in the Ajanta mobile agent system
Software Practice and Experience
(2001) - et al.
A secure route structure for information gathering agent
- et al.
Protecting mobile agent itineraries
Cited by (18)
Fragment transfer protocol: An IEEE-FIPA based efficient transfer protocol for mobile agents
2010, Computer CommunicationsCitation Excerpt :From the first steps of the mobile agent technology [1], the main concerns have been its security [2–5] and interoperability [6–8].
Promoting the development of secure mobile agent applications
2010, Journal of Systems and SoftwareCitation Excerpt :Mobile agents implement different security mechanisms depending on the requirements of the given application. For example, they can implement mechanisms for the protection against replay attacks (Garrigues et al., 2009), mechanisms for the protection of the itinerary (Garrigues et al., 2008b), the computational results (Maggi and Sisto, 2003), etc. These security mechanisms are usually managed by the agent platform, using a so-called platform-driven approach.
Full mobile agent interoperability in an IEEE-FIPA context
2009, Journal of Systems and SoftwareA Novel Protocol for Security of Location Based Services in Multi-agent Systems
2019, Wireless Personal CommunicationsA review of security techniques for mobile agents
2017, Proceeding - IEEE International Conference on Computing, Communication and Automation, ICCCA 2017Secure mobile agent protocol for vehicular communication systems in smart cities
2017, Information Innovation Technology in Smart Cities
Carles Garrigues is a researcher in the Security of Networks and Distributed Applications (SeNDA) group in the Department of Information and Communications Engineering at the Universitat Autònoma de Barcelona. He received his MSc in Computer Science from the Universitat Autònoma de Barcelona. His main research interests relate to mobile agents and security.
Nikos Migas is a researcher in the Centre for Distributed Computing and Security in the School of Computing at Napier University. He has a degree in Computer Science from Lancaster University, an MSc in Interactive Distributed Systems from Liverpool John Moores University, and a PhD in ad-hoc networking and mobile agents from Napier University. Nikos is an active researcher in computing and his interests amongst others include: mobile agents; software architectures; wireless ad-hoc routing protocols; cross-media communications; electronic data capture systems for clinical trials; and security. Since 2004, Nikos has been developing solutions based on Microsoft .net framework, and he is a Microsoft Certified Professional (MCP) for Windows Forms, ASP .NET using C#, XML Web-Services, and MS SQL Server, and a Microsoft Certified Trainer (MCT). His current focus is in healthcare, especially in Electronic Data Capture (EDC) systems, which can significantly cut-down time of clinical trials, reduce paper requirements, and costs.
William J. Buchanan is a Professor in the School of Computing at Napier University, Edinburgh, and leads the Centre for Distributed Computing and Security. He has published over 20 academic books in computing and electronic engineering, and currently teaches computer security and distributed systems. Overall, he has published over 80 journal and conference papers, and has won awards for excellence in knowledge transfer.
Sergi Robles is an Associate Professor in the Department of Information and Communications Engineering at the Universitat Autònoma de Barcelona, where he leads the Security of Networks and Distributed Applications (SeNDA) research group. His research interests include mobile agents and security, medical applications, and mobile ad-hoc networks. He received his PhD in computer science from Universitat Autònoma de Barcelona.
Joan Borrell is an Associate Professor in the Department of Information and Communications Engineering at the Universitat Autonoma de Barcelona, and a member of the Security of Networks and Distributed Applications (SeNDA) research group. His research interests include cryptographic protocols for electronic voting and electronic gambling, and security of mobile agents. Since 1991, he has coauthored 3 patents and over 60 journal and conference papers, and he has supervised 5 PhD thesis.