Vous êtes sur la page 1sur 8

Security Mechanism for Mobile Agents in an Electronic Marketplace

Dr Riktesh Srivastava
Associate Professor, Information Systems
Skyline University College, University City of Sharjah
SHARJAH, UAE.
Email: rsrivastava@skylineuniversity.ac.ae
Abstract
The expansion of the Internet has made an authoritative impact on the approach the conventional business was
conducted. Electronic Commerce, a new-fangled way to demeanor business, is gaining an added recognition.
Despite its swift intensification, there are limitations that encumber the expansion of Electronic Commerce. The
crucial basis for such an impediment was the sluggish performance of Client Server (CS) computing, on which
Electronic Commerce was equipped. The elucidation to the quandary was found in Mobile Agents (MA). MA is a
computer software code that acts autonomously on behalf of a user and travels through a network of heterogeneous
machines, thereby providing greater flexibility, agile capability and customizability for user. Although MA has
generated a substantial anticipation in the way Electronic Business was conducted, security related problem is the
foremost distress for the organizations. In this paper, a complete mathematical formulation of system for controlling
transaction flow in online payment system using MA is being conducted and presented.
Keywords: Mobile Agents, Trusted Server, Coordinating Server, RSA, Asymmetric Algorithm, Symmetric Algorithm,
Hash Function, Digital Signature.
1. Introduction
Over the years, the electronic commerce has evolved from client-server environments to mobile agent platforms that
allocate multifaceted forms of distributed computing. MA allows complete mobility of cooperating applications
among supporting platforms to outline a large-scale, loosely-coupled distributed system [1]. Mobile Agents are the
software programs that are goal-directed and competent of suspending their implementation on one platform and
stirring to another platform where they resurrect execution [1]. More precisely, A mobile agent is a program that can
autonomously migrate between various nodes of a network and perform computations on behalf of a user [2].
In other words, Mobile Agents gets the authority to work autonomously towards a goal, and interact with other
Mobile Agents as well. Agents may be static (stationary), always resident at a single platform; or dynamic (mobile),
capable of moving among different platforms at different times.
Despite its numerous practical benefits, Mobile Agent technology results in momentous new security threats from
malicious agents and hosts. The primary added complication is that, a Mobile Agent traverses multiple machines
that are trusted; they can be attacked by intruders while traversing these machines, which can change its state that
adversely impact the functionalities. This paper illustrates the second category of Mobile Agents (dynamic) in an
electronic market place and focuses on the security issues that arise when these Mobile Agents traverses from one
machine to other.
The complete paper is alienated into 6 sections. Section 2 of the paper depicts the Electronic Marketplace for the
MA. HS, TS and CS are the three servers used for the security of MA and
The first section of the manuscript portrays diverse encryption and decryption mechanism currently being adopted
for security of MA. Section 2 illustrates of the workflow of MA in the proposed architecture for Electronic
Marketplace. Section 3 of the manuscript elaborates the security mechanism for agent-mediated Electronic
Marketplace. Section 4 of the paper presents the activity diagram of the entire security prototype in the proposed
model. Conclusion is drawn in the last section.

Mathematical formulation of the Mobile Agents Security Systems (MASS)


As indicated in Figure 5, all the requests are received at the Home Server (HS). At this juncture, the requests are
transferred to Agent System Server (ASS). MA gets generated at ASS and given back to HS. Once MA is generated,
it gets transferred to Trusted Server.

2. Cryptographic Methods used in the Research


In this section, the cryptographic methods used for the security of the mobile agents in the Electronic marketplace
are illustrated. The cryptographic techniques used include:
1) Symmetric algorithm, with reference to TDES Algorithm
2) Asymmetric algorithm, with reference to RSA Algorithm
3) Digital Signature, with reference to SHA-1 Algorithm
In all the mentioned cryptographic techniques, we employ key to convert the plain text to cipher text. It is well
understood that the key is a specifically generated number/value which is generated via numerous algorithms. These
key are used to encrypt and decrypt the plain and cipher text respectively.
2.1 Symmetric Algorithm
Symmetric algorithm is the quickest and most commonly used type of encryption. In this case, a single key is used
for both encryption and decryption. The process is depicted in Figure 1 along with the mathematical representation
of the same.

Figure 1: Triple DES Algorithm


Triple DES algorithm is highly secured algorithm and is denoted in the form of equation as

Mathematical formulation of the Mobile Agents Security Systems (MASS)


As indicated in Figure 5, all the requests are received at the Home Server (HS). At this juncture, the requests are
transferred to Agent System Server (ASS). MA gets generated at ASS and given back to HS. Once MA is generated,
it gets transferred to Trusted Server.

The complete functionality of the Mobile Agents (MA) in an Electronic Marketplace can be described in
the following steps:
1) The client principally registers itself to the Home Server (HS). In the architecture, the HS has a
build-in Agent System (We took Aglet Developing Tool (ADT) at this stage). For every new
request, the HS registers the client. Once the registration is accomplished, MA for user request is
created.
2) Beside with the request to create the MA, HS also accepts the client query, which comprises
product the customer requests to purchase, time limit, predictable price which the customer
wishes to pay, magnitude and delivery dates amongst others.
3) Once all the information is being acknowledged from the client, HS sends the service necessities
to the Agent System (AS). AS checks whether the required service exists, and upon confirmation
sends the addresses and the name of the service providers to the HS. Upon receiving the response,
HS generates the route list for MA.
4) The request is then transferred to Trusted Server (TS) to device the security mechanism MA.

5) After the security mechanism is put to place, MA is send to number of Coordinating Server (CS),
which has number of Mobile Seller Agents (MSA). It must be also noted that each CS has
number of MA attached to it.

3. Security of Mobile Agent-Mediated Online Electronic Transaction


Stage 1
Notations used for stage 1
EH , DH : Asymmetric Encryption/Decryption of the Home Server

ES : Randomly generated Symmetric Key


In stage 1, the Home Server (HS) receives the request from Client Browser. HS generates the list of
Coordinating Server ( CS1 , CS 2 ,...........................CS n ), where the request will be transferred. The
general architecture of the Mobile Agent for Electronic Marketplace is illustrated in Figure 2 given below:
Agent Passport (AP)

Code and Data Component


(CDC)

List of all Coordinating Servers

CS1 , CS 2 ,...........................CSn

Figure 2: Mobile Agent generated at Home Server (HS)


Agent Passport: Agent Passport is the certificate issued by the Certifying Authority (CA) for the HS.
CDC: Code to be executed at each of the participating Coordinating Server (
CS1 , CS 2 ,...........................CSn ), and, Data is the response collected from each of the Coordinating
Server through its list of Hosts.
Considering M to be the mathematical representation of the MA

M (Code and Data )

For security purpose

(1)

M EH (CDC )

(2)
The code and data component is the part of MA, which is mostly attacked by intruders, and hence, needs
a security mechanism.
As mentioned in Equation (2), CDC is first encrypted by the private key of HS. Then, the encrypted CDC
is again encrypted with the session key (randomly generated) using symmetric key algorithm (TDES).
M ES ( EH (CDC ))
(3)
So the actual structure of MA is given in Figure 3, given below
n 1

AP

ES ( EH (CDC ))

CS
i 1

Mi
Figure 3: Actual structure of MA
n 1

M i AP ES ( EH (CDC )) CSi

(4)

i 1

Decryption at the Trusted Server end


M i is transferred from the HS to the TS. The decryption mechanism at the TS only includes the
decryption of CDC part of M i .
Trusted
Server

ES EH (CDC )

CDC

EH (CDC )

ES

DH

Figure 4: Decryption Mechanism of M i at Trusted Server


The entire process is mentioned in Equation (5) given as under

ES ES EH (CDC ) EH (CDC ) DH EH (CDC ) CDC

(5)

Stage 2
As already mentioned in Stage 1, the TS receives the M i which includes AP, CDC and list of all
participating CS in the said electronic marketplace. Using AP, the Trusted Server validates the request
from the Home Server and proceeds further. It must be noted that Trusted Server (TS) enables the mobile
agents to retrieve the information from the list of CS in an electronic marketplace. Every CS (
CS1 , CS 2 ,...........................CSn ) has a list of host ( H1 , H 2 ,.................., H n ). These list of host
provides the items being offered along with the price of each of them, making the electronic marketplace
a typical case of B2C type of electronic commerce.
n 1

M i AP CDC CSi
i 1

ET H M i DST
Stage 5
Stage 5 elaborates the use of security mechanism of the Electronic Cheque (e-Cheque) issued by the
clients bank. The concept of e-Cheque was first introduced by [x].

4. Flow Chart of the proposed security model


5. Conclusion
References
[1] http://csrc.nist.gov/publications/nistpubs/800-19/sp800-19.pdf
[2] http://www.it.iitb.ac.in/~sri/students/rahul-thesis.pdf
[3] A. Fuggetta, G.P. Picco, and G. Vigna, "Understanding Code Mobility," IEEE Transactions on Software
Engineering, 24(5), May 1998. URL: http://www.cs.ucsb.edu/~vigna/listpub.html
[4] "Agent Management," FIPA 1997 Specification, part 1, version 2.0, Foundation for Intelligent Physical Agents,
October 1998. URL: http://www.fipa.ord/spec/fipa97/fipa97.html
[5] "Mobile Agent System Interoperability Facilities Specification," Object Management Group (OMG) Technical
Committee
(TC)
Document
orbos/97-10-05,
November
1997.
URL:
http://www.omg.org/techprocess/meetings/schedule/Technology_Adoptions.html#tbl_MOF_Specification
[x] Milton M. Anderson, The Electronic Check Architecture (FSTC), September 29, 1998, Version 1.0.2.pp01-07.