Transcript poster - Department of Computer Science and Engineering, CUHK

This work was supported supported by a grant from the Research
Grant Council of the Hong Kong Special Administrative Region
(Project No. CUHK4432/99E).
Design, Implementation, and
Experimentation on Mobile Agent
Security for Electronic Commerce
Applications
Anthony H. W. Chan, Caris K. M. Wong,
T. Y. Wong, and Michael R. Lyu
Department of Computer Science and Engineering
The Chinese University of Hong Kong
Introduction
Mobile agent technology is an evolving
technique for parallel and distributed
applications, yet security is the problem.
 In this work, a Shopping Information Agent
System (SIAS) is built, using the Concordia
mobile agent API, and the security issues of
Seven Good Reasons for Mobile Agents:
SIAS are studied.
(Communications of the ACM, p.88-89, Mar 1999)

They reduce the network load;
They overcome network latency;
They encapsulate protocols;
They execute asynchronously and autonomously;
They adapt dynamically;
They are naturally heterogeneous; and
They are robust and fault-tolerant.
Objects in SIAS
The Launch Server :
attributes:
- HashTable inf o
It is used to map agent's ID to a string. The string is
a report generated by the agent.
The Agent :
attributes:
- List of product IDs
To store the product IDs inputted by users
- List of product quantities
To store the quantities of the corresponding products
- List of product entries
To store the product entries retrieved from the Data
Base Server.
methods:
- doNothing
When arrives at a host, the agent do nothing and
then leaves.
- queryServer
When this method is invoked by the Data Base
Server, the agent queries the Data Base.
- reportCheapest
When this method is invoked by the Launch Server,
the agent calculates the cheapest purchasing
combination and reports the result as a string.
Agent
methods:
- createAgent
Creates an agent w ith attributes initialized according
to users' input
- handleAgent
When an agent arrives at the Launch Server, the
server w ill invoke the "reportCheapest" of the
incoming agent and stores the result string to the
hashtable f or the user to query.
Launch Server
The Data Base Server :
methods:
- handleAgent
When an agent arrives at the Data Base Server, the
server w ill invoke a series of methods w hich may be
methods of the incoming agent or not.
Database Server
Control Flow in SIAS
Host One
Step (6)
(Concordia
AgentTransporter)
Host Two
(Concordia
AgentTransporter)
Step (8)
Host N
(Concordia
AgentTransporter)
Step (7)
DataBase Server
executes Step(5)
Step (9)
Launch Server
executes Steps (2) & (3)
Launch Server
(RMI Server)
Step (4)
Step (1)
Step (10)
Step (11)
Client Program
(Java Applet)
Explanation:
1. Client program launches a request to the
Launch Server object upon user input using Java
Remote Method Invocation (RMI);
2. Launch Server creates an Agent object;
3. Launch Server initializes the agent with userspecified products and quantities, and the itinerary
of agent;
4. Launch Server sends the agent to the network;
5. Database Server on Host One retrieves the
required information for the incoming agent;
6. Agent goes to the next destination;
7. Database Server on Host Two repeats Step (5);
8. Agent goes to other hosts in the itinerary;
9. Database Server on each host repeats Step (5);
10. Launch Server receives the returning agent
and calculates the cheapest purchasing
combination;
11. Launch Server reports the cheapest purchasing
combination to client program by Java RMI.
The GUI of SIAS
Description:
1. Item List: this list contains a list of all products
available in the market. User can choose the
products they want from it.
2. Buying List: this list contains a list of products
that user has chosen.
3. Description Text: this text area displays a
description of the product, such as the weight and
ingredients.
4. Photo Displaying Area: this area displays a
photo of the selected product.
5. Add Item Button: this button is used to add a
selected item from Item List to Buying List. Users
can also add a selected item to the Buying List by
double clicking on the Item List.
6. Remove Item Button: this button is used to
remove a selected item from the Buying List.
7. View Price Button: this button is used to invoke
the Launch Server, create an agent, and query the
price s of products listed on the Buying List.
8. Check Box Group: this group of check boxes
allow users to select the stores that users want the
agent to visit and query.
SIAS Agent Returning Results
Description:
1. Supermarket column: this column displays,
for each product, the store that is selling at the
lowest price.
2. Name column: this column displays the
name of each product.
3. Quantity column: this column displays the
quantity of each product that users have
specified.
4. Price column: this column displays the price
of each product at the quantity specified by
user.
5. Close Window Button: this button is used to
close the report window.
Security Problems of SIAS
Primary interests: agent security against
malicious hosts
 Some ways in which a malicious host can
attack an SIAS agent:

–
–
–
–
modifying the product list of an agent
modifying the quantity list of an agent
modifying the query result of an agent
modifying the itinerary of an agent
Security Enhancements
{Product ID list} changed to:
{Product ID list}sigA({Product ID list})
{Product Quantity list} changed to:
{Product Quantity list}sigA({Product Quantity list})
{Query result} changed to:
DA({Query result}sigH({Query result}))
New attribute (chain of encrypted itineraries) [implementation in progress]:
EHN(EH(N-1)(…EH2(EH1(Itinerary at Host 1) Itinerary at Host 2) … Itinerary at Host N-1) Itinerary at Host N)
Key
A: agent;
H: host;
H(k): k-th host visited by the agent;
sigX(Y): digital signature of Y using the private key of X;
EX(Y): the ciphertext of Y encrypted by the private key of X;
DX(Y): ciphertext of Y encrypted by the public key of X.
Control Flow Updated
Explanation (changes in italic):
Host One
(Concordia
AgentTransporter)
Step (9)
Host Two
(Concordia
AgentTransporter)
DataBase Server
executes Steps(7) & (8)
Step (11)
Step (10)
Host N
(Concordia
AgentTransporter)
Step (12)
KeyServer
(RMI Server)
Step (15)
Launch Server
executes Steps (2),
(3), (4) & (5)
Step (6)
Launch Server
(RMI Server)
Step (13)
Step
(14)
Step (1)
Client Program
(Java Applet)
1. Client program launches a request to the Launch Server object
upon user input using Java Remote Method Invocation (RMI);
2. Launch Server creates an Agent object;
3. Launch Server initializes the agent with user-specified products
and quantities, and the itinerary of agent;
4. Launch Server generates a key pair for agent;
5. Launch Server signs the product and quantity lists for agents and
registers the public key of agent to Key Server;
6. Launch Server sends the agent to the network;
7. Database Server on Host One retrieves public key of agent from
Key Server, and verify the signatures of product and quantity lists of
agents
8. Database Server retrieves the required information for the
incoming agent, signs the results using its own private key, and
encrypt the results using the public key of agent, and also starts the
chain of encrypted itineraries for agent;
9. Agent goes to the next destination;
10. Database Server on Host Two repeats Steps (7) & (8);
11. Agent goes to other hosts in the itinerary;
12. Database Server on each host repeats Steps (7) & (8);
13. Launch Server receives the returning agent and calculates the
cheapest purchasing combination;
14. Launch Server decrypts the query results, and verifies the
signatures of the query results. It also detects change of agent
itinerary by decrypting the chain of encrypted itineraries, and finally
reports the cheapest purchasing combination to client program.
15. Launch Server deletes the public key entry of the finished agent
from the key server.
Evaluation
250000
Rount Trip Times of an agent,
with different query sizes,
against different numbers of
hosts in SIAS.
Time / ms
200000
90 products
80 products
70 products
60 products
50 products
40 products
30 products
20 products
10 products
150000
100000
50000
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Number of hosts
350000
300000
90 products
80 products
70 products
60 products
50 products
40 products
30 products
20 products
10 products
250000
Time / ms
Rount Trip Times of an agent,
with different query sizes,
against different numbers of
hosts in security-enhanced
SIAS.
200000
150000
100000
50000
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Number of hosts