Abstract
Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
When a host adds a signature to a message, it uses a digital certificate that is attached to the message and vouches for the authenticity of the message, or supplies a verifiable signature. The digital certificate consists of identifying information: public key of the person being certified, name and address of the person being certified, and issue and expiration dates that are signed by a trusted third party.
References
Abadi M, Gordon A D (1999) A calculus for cryptographic protocols: The Spi-Calculus. Information and Computation 148(1): 1–70.
Aziz B, Gray D, Hamilton G, Oehil F, Power J, Sinclair D (2001) Implementing protocol verification for E-commerce. In: Proceedings of the 2001 International Conference on Advances in Infrastructure for Electronic Business, Science, and Education on the Internet (SSGRR 2001), L’Aquila, Italy.
Boreale, M (2001) Symbolic trace analysis of cryptographic protocols. In: Proceedings of ICALP’01, Lecture Notes in Computer Science, vol. 2076, Springer, Berlin.
Boreale M, Buscemi M (2002) Experimenting with STA, a tool for automatic analysis of security protocols. ACM Symposium on Applied Computing 2002, ACM Press.
Boreale M, Gorla D (2002) Process calculi and the verification of security protocols. In: Journal of Telecommunications and Information Technology – Special Issue on Cryptographic Protocol Verification JTIT, Warsaw, Poland.
Bradshaw J M (1997) An Introduction to software agents. In: Software Agents, J.M. Bradshaw (ed), Chap. 1, pp. 3–46, AAAI Press.
Corradi A, Montanari R, Stefanelli C (1999) Mobile agents protection in the Internet environment. In: The 23rd Annual International Computer Software and Applications Conference (COMPSAC’99), pp. 80–85.
Durante L, Sisto R, Valenzano A (2000) A state-exploration technique for spi-calculus testing equivalence verification. In: Proceedings of the IFIP International Joint Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XIII) and Protocol Specification, Testing and Verification (PSTV XX), Kluwer Academic Publishers, Dordrecht, pp. 155–170.
Fiore M, Abadi M (2001) Computing Symbolic models for verifying cryptographic protocols. In: Proceedings of the 14th IEEE ComputerSecurity Foundations Workshop (CSFW 2001), IEEE Computer Society Press, Washington, DC, pp. 160–173.
Fischer L (2003) Protecting integrity and secrecy of mobile agents on trusted and non-trusted agent places. Diploma Dissertation, University of Bremen, Germany. http://www.hackercontest.de/pages/dipl/docs/finished/fischer{\_}diplom.pdf. Accessed 5 Mar 2007.
Formal Systems (Europe) Ltd (2000) Failures divergence refinement. FDR2 User Manual. http://www.fsel.com/documentation/fdr2/fdr2manual.pdf. Accessed 20 Mar 2007.
Fournet C, Gonthier G, Lévy J J, Maranget L, Rémy D (1996) A calculus for mobile agents. In: Proceedings of the 7th International Conference on concurrency Theory (CONCUR’96), Lecture Notes in Computer Science, vol. 1119, pp. 406–421, Springer.
Hannotin X, Maggi P, Sisto R (2001) Formal specification and verification of mobile agent data integrity properties: A case study, LNCS 2240: pp. 42–53, Springer.
Jaljouli R (2005) Boosting m-Business using a truly secured protocol for information gathering mobile agents. In: Proceedings of the 4th International Conference on Mobile Business, IEEE Computer Society Press.
Jaljouli R (2005) Formal methods in the enhancement of the data security protocols of mobile agents. Technical Report TR 520, University of New South Wales, School of Computer Science and Engineering, http://cgi.cse.unsw.edu.au/ ∼ reports. Asccessed 15 Mar 2007.
Jaljouli R (2006) A Proposed security protocol for data gathering mobile agents. Thesis Dissertation, University of New South Wales, School of Computer Science and Engineering, Australia.
Kanik N, Tripathi A (1999) Security in the Ajanta mobile agent system. Technical Report TR-5-99, University of Minnesota, Minneapolis.
Karjoth G, Asokan N, Gülcü C (1998) Protecting the computation results of free-roaming agents. In: K. Rothermel and F. Hohl (ed), Proceedings of the 2nd International Workshop on Mobile Agents, Lecture Notes in Computer Science, vol. 1477: pp. 195–207, Springer.
Lowe G (1997) Casper: A compiler for the analysis of security protocols. In: Proceedings of the 10th Computer Security Foundation Workshop (PCSFW), IEEE Computer Society Press.
Ma L, Tsai JJP (2000) Formal verification techniques for computer communication security protocols. In: Handbook of Software Engineering and Knowledge Engineering, vol. 1. ftp://cs.pitt.edu/chang/handbook/12.pdf . Accessed 10 Apr 2007.
Maggi P, Sisto R (2001) Experiments on formal verification of mobile agent data integrity properties. http://citeseer.ist.psu.edu/hannotin01formal.html . Accessed 16 Mar 2007.
Maggi P, Sisto R (2003) A configurable mobile agent data protection protocol. In: Proceedings of AAMAS’03, ACM Press, New York, pp. 851–858.
Meadows C (1994) Formal verification of cryptographic protocols: A survey. In: Advances in Cryptography – ASIACRYPT’94, pp. 135–150.
Milner R, Parrow J, Walker D (1992) A calculus for mobile processes (part I and II). In: Information and Computation, 100:1–77.
Mitchell J C, Mitchell M, Stern U (1997) Automated analysis of cryptographic protocols using Murφ. In: Proceedings of Symposiums on Security and Privacy, IEEE Computer Society Press, pp. 141–153.
Sangiori D (1992) Expressing mobility in process algebra: first order and higher order paradigms, Ph.D. Thesis, University of Edinburgh.
STA Documentation. http://www.dsi.unifi.it/~boreale/documentation.html. Accessed 15 Mar 2007.
STA: a tool for trace analysis of cryptographic protocols (2001). ML object code and examples. http://www.dsi.unifi.it/~boreale/tool.html . Accessed 5 Apr 2007.
Syverson P F, Goldschlag M, Reed M G (1997) Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, pp. 44–54, Oakland, California.
Vitek J, Gastagna G (1999) Seal: A framework for secure mobile computations. In: Internet Programming Language ICCL’98 Workshop, Lecture Notes in Computer Science, vol. 1686: pp. 47–77, Springer.
Vigna G (1998) Cryptographic traces for mobile agents. In: Mobile Agent Security, G. Vigna, (ed), Lecture Notes in Computer Science, vol. 1419: pp. 137–153, Springer.
Wang T, Guan S, Chan T (2002) Integrity protection for code-on-demand mobile agents in e-commerce. In: Systems and Software, 60(3): 211–221.
Yao M, Foo E, Peng K, Dawson E (2003) An improved forward integrity protocol for mobile agents. In: Proceedings of the 4th International Workshop on Information Security Applications (WISA 2003) Lecture Notes in Computer Science, vol. 2908: pp. 272–285, Springer.
Yao Y, Dolev D (1983) On the security of public key protocols. In: IEEE Transactions on Information Theory, 29(2): 198–208.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag London Limited
About this chapter
Cite this chapter
Al-Jaljouli, R., Abawajy, J. (2009). Agents Based e-Commerce and Securing Exchanged Information. In: Hassanien, AE., Abawajy, J., Abraham, A., Hagras, H. (eds) Pervasive Computing. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-84882-599-4_17
Download citation
DOI: https://doi.org/10.1007/978-1-84882-599-4_17
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84882-598-7
Online ISBN: 978-1-84882-599-4
eBook Packages: Computer ScienceComputer Science (R0)