Mobile Agent Protection in E-Business Application. A Dynamic ..... Sciences - Mini-Track on Software, Agents, Maui, Hawaii (2000). 10. Amara-Hachmi1, N., El ...
Mobile Agent Protection in E-Business Application A Dynamic Adaptability Based Approach Salima Hacini, Zizette Boufaïda, and Haoua Cheribi Lire Laboratory, Computer science departement, Mentouri University, Constantine, Alegria {salimahacini, zboufaida, haoua.cheribi}@gmail.com
Abstract. The applications of mobile agent technology are various and include electronic commerce, personal assistance, parallel processing ... The use of mobile agent paradigm provides several advantages. Unfortunately, it has introduced some problems. Security represents an important issue. Current researches efforts in the area of mobile agent security follow two aspects: (i) protection of the hosts from malicious mobile agents, (ii) protection of the mobile agent from malevolent hosts. This paper focuses on the second point. It deals with the protection of mobile agent from eavesdropping attacks. The proposed approach is based on a dynamic adaptability policy supported by a reflexive architecture. The idea relies on the fact that mobile agent behave differently and in unforeseeable manner during its life cycle. This ability complicates analysis attempts and protects it. In order to show the feasibility of the proposed security strategy, we propose to illustrate it through an e-business application, implemented in Java language using Jade platform. Keywords: mobile agent security, malicious host, environment key, trust.
1 Introduction Mobile agents are becoming the paradigm of development of distributed and open applications. However, they endure many problems, notably the security one. Trying to resolve all security problems is a very difficult challenge but it is possible to reach an acceptable level of security by following a well studied protection strategy. In this paper, we are interested in the protection of mobile agents against malicious hosts’ attacks. Several works tried to resolve the problem of mobile agent protection in a partial manner. For example, the approaches presented in [1], [2], [3] have considered some aspects as code integrity and confidentiality. However, these works don’t take account the execution conditions change. Lately, some works [4], tried to remedy this limit. However, the adaptability proposed is quite limited and doesn't answer to the diversity and the foreseeable variations of execution constraints. The aim of this article is to exploit the artifices offered by the technique of adaptability [10], [11], [12] to resolve this problem. The proposed protective solution is based on the dynamic adaptability mechanism. The idea consists of endowing the mobile agent of a flexibility capacity allowing it to vary its treatments and thus to complicate its analysis. In order to reinforce the presented security level, some classical protective mechanisms, as cryptography, are also used. R. Meersman and Z. Tari et al. (Eds.): OTM 2007, Part II, LNCS 4804, pp. 1821–1834, 2007. © Springer-Verlag Berlin Heidelberg 2007
1822
S. Hacini, Z. Boufaïda, and H. Cheribi
This paper is organized as follows: Section 2 delimits the mentioned problem and presents the protection strategy and the generic mobile agent structure. Section 3 exposes, via an e-business example, the principal components of the mobile agent as well as their functionalities. Section 4 draws the scenario of execution followed by the mobile agent. Section 5 describes the procedure of evaluation of the trust degree on which is based the mobile agent behaviour adaptation. Some aspects of implementtation are given in section 6. Finally, Section 7 concludes the present paper.
2 The Proposed Approach This work aims to protect a mobile agent against eavesdropping attacks. This type of attack takes generally place when the direct access to the mobile agent information becomes too difficult or too expensive. In this case, each time the mobile agent moves inside the network, malicious hosts try to observe it, to study its behaviour, to analyze it, and so to deduce its strategy. 2.1 Strategy of Protection The proposed protective approach is based on the fact that mobile agent behaves, during its life cycle, in an unforeseeable manner. The idea consists of affecting the mobile agent a faculty of flexibility allowing it to modify its treatment and to vary its behaviours (Cf. fig1). That makes all behaviour analysis attempts difficult or even inefficient. The variation of mobile agent’s behaviour must be achieved by taking account the variations of the execution environment conditions. The latter may include the detected security constraints, the requested service, the imposed requirements or the available opportunities. Their analysis permits to generate a set of suitable treatments, and allow mobile agent to fit to the new execution conditions and to adapt itself in order to be able to pursue its task.
Fig. 1. The mobile agent behaviour variations according to the visited environment
Mobile Agent Protection in E-Business Application
1823
In order to increase the level of security and to present a satisfying protective model, some classical protective mechanisms, as the cryptography are used. The latter permits to preserve the confidentiality of the mobile agent’s data. 2.2 Reflexive Structure of the Mobile Agent The proposed approach consists of securing the mobile agent via a dynamic adaptation policy. The latter is conceived statically and executed dynamically. In order to endow the mobile agent with the propriety of flexibility, a reflexive structure is adopted. It supports the described strategy and offers a better efficiency of the adaptive treatment. It concerns a behavioural reflexivity, showing with evidence two conceptual levels (Cf. fig. 2): i) The base-level contains the functional code of the mobile agent, and formulates the application implementation and its semantics. This level includes three components: − An interface, allowing the mobile agent to communicate with its environment. − A memory, where the mobile agent saves its data. − A library that includes the different modules of the mobile agent code, − implementing the requested services. ii) The meta-level includes the non functional code, describing the manner to assure the adaptation (Cf. fig. 2). It contains the adapter which is the section of the code that assures the mobile agent adaptation. A modular structure has also been adopted. It seems to be very suitable. In fact, modularity facilitates the adaptability implantation. A monolithic structure code cannot be adapted without replacing it by another in a full way. On the other hand, a
Fig. 2. Mobile agent structure
1824
S. Hacini, Z. Boufaïda, and H. Cheribi
partitioned code can be easily adapted. We distinguish, therefore, two levels of components: • Components of fine granularity, called micro-components, implementing the mobile agent functionalities. Every micro-component, offers only one effective service unit. A previously specified sequence of these microcomponents provides the executed service. • Components of large granularity, called Components implementing the non functional aspect of the mobile agent and specifying how the functional code will be executed. The mobile agent adaptation is reduced to the choice of modules of the mobile agent code. A substitution of a micro-component by another or a modification of the sequence of micro-components permits to specify a different behaviour. Moreover, this design focuses on the relation between the mobile agent meta-level and its baselevel, allowing thus to achieve the required adaptation.
3 Mobile Agent Functionalities The obtained structure of the mobile agent as well as the functionality of each component will be presented through an e-business example. 3.1 Application Domain The e-business example concerns computer products sale on the web. This example takes in consideration the exploration of client sites, the study of offers and execution conditions of the environment in which mobile agent will evolve and the establishment of the appropriated contract in case of the favourable conditions. The mobile agent must consult some enterprises in order to realise a number of products purchase. It must also visit some customers, to propose some products (for sale). Mobile agent starts with the identification and the authentication of its partners in order to be able to determine which service it can assure. It exposes then its services to the different partners and tries to accomplish its treatment taking into account the execution conditions and the adopted protection strategy. Given the fact that our protective strategy is based on a dynamic adaptability policy and that, therefore, the mobile agent must behave differently on each visited host, the following cases are considered. They give the mobile agent the ability to vary its treatments: (i) The mobile agent assures two different tasks represented by the purchase and the sale. (ii) A set of service degradations are considered: − Case of the sale: the mobile agent can sell a permanent or a limited in the time product, according to the considered situation. − Case of the purchase: the mobile agent can decide to buy all required quantities if the offer is judged very satisfactory, else it can buy a limited quantity.
Mobile Agent Protection in E-Business Application
1825
(iii) A set of treatment alternatives if execution conditions are similar. The mobile agent can, for example, propose every time different offers based on different product collections. 3.2 Roles of the Mobile Agent Components The mobile agent architecture described in fig 2 shows clearly a set of components and sub-components. The synchronization and the coordination between them, permit to assign to the mobile agent its adaptive character. Interface. This component allows the agent to communicate with its environment. This communication is achieved via tow sub-components: • The sensor: it allows the perception of the mobile agent execution environment and enables the acquisition of information necessary to detect its variations. • The actuator: it enables the execution of the sequence of the deliberated actions. The latter can be a simple notification, a modification or a stop of the treatment, or a definitive leave of the current host. Memory: It contains all the information necessary to the achievement of the mobile agent tasks. There are two information categories. The first one regroups “original data” (Cf. Table1 and Table2). They are transmitted by the agent owner. For privacy reasons, these data are encrypted using the agent owner public key. The second category includes information that mobile agent must collect from its execution environment named “environmental data”. The latter allows the mobile agent to authenticate the visited hosts, to discern the execution environment state and to evaluate the visited host trust degree. Consequently, the mobile agent will be able to decide what to do. Table 1. Table of Costumers Clients
identifier
Password
@IP
Client1
C00501
Alima258
193102151230
Client2
C00502
Chiko258
192970123125
Table 2. Table of products Product Prod1 Prod2 Prod3
Identifier P1012 P2011 P4050
Designation PC PC mobile Flash Disk
mark IBM DELL Sonny
Purchase Price 320€€ 1020€€ 25€€
Sale price 410€€ 1100€€ 30€€
In order to reduce the mobile agent size, original data are removed and replaced by the collected one. New values will be used as a proof when the mobile agent returns to the owner host.
1826
S. Hacini, Z. Boufaïda, and H. Cheribi
Library. It contains the micro-components of the mobile agent code. The different combinations of micro-components denoting the different behaviours of the mobile agent are specified by abstract expressions. Let E= {E1, E2...En} be a set of these abstract expressions and let A= {A1, A2...Ap} be a set of adaptive microcomponents. Each expression Ei (i
