Skip to main content
SpringerLink
Log in

Agents Based e-Commerce and Securing Exchanged Information

  • Chapter
  • First Online:
Pervasive Computing

Part of the book series: Computer Communications and Networks ((CCN))

  • 626 Accesses

Abstract

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    When a host adds a signature to a message, it uses a digital certificate that is attached to the message and vouches for the authenticity of the message, or supplies a verifiable signature. The digital certificate consists of identifying information: public key of the person being certified, name and address of the person being certified, and issue and expiration dates that are signed by a trusted third party.

References

  1. Abadi M, Gordon A D (1999) A calculus for cryptographic protocols: The Spi-Calculus. Information and Computation 148(1): 1–70.

    Article  MATH  MathSciNet  Google Scholar 

  2. Aziz B, Gray D, Hamilton G, Oehil F, Power J, Sinclair D (2001) Implementing protocol verification for E-commerce. In: Proceedings of the 2001 International Conference on Advances in Infrastructure for Electronic Business, Science, and Education on the Internet (SSGRR 2001), L’Aquila, Italy.

    Google Scholar 

  3. Boreale, M (2001) Symbolic trace analysis of cryptographic protocols. In: Proceedings of ICALP’01, Lecture Notes in Computer Science, vol. 2076, Springer, Berlin.

    Google Scholar 

  4. Boreale M, Buscemi M (2002) Experimenting with STA, a tool for automatic analysis of security protocols. ACM Symposium on Applied Computing 2002, ACM Press.

    Google Scholar 

  5. Boreale M, Gorla D (2002) Process calculi and the verification of security protocols. In: Journal of Telecommunications and Information Technology – Special Issue on Cryptographic Protocol Verification JTIT, Warsaw, Poland.

    Google Scholar 

  6. Bradshaw J M (1997) An Introduction to software agents. In: Software Agents, J.M. Bradshaw (ed), Chap. 1, pp. 3–46, AAAI Press.

    Google Scholar 

  7. Corradi A, Montanari R, Stefanelli C (1999) Mobile agents protection in the Internet environment. In: The 23rd Annual International Computer Software and Applications Conference (COMPSAC’99), pp. 80–85.

    Google Scholar 

  8. Durante L, Sisto R, Valenzano A (2000) A state-exploration technique for spi-calculus testing equivalence verification. In: Proceedings of the IFIP International Joint Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XIII) and Protocol Specification, Testing and Verification (PSTV XX), Kluwer Academic Publishers, Dordrecht, pp. 155–170.

    Google Scholar 

  9. Fiore M, Abadi M (2001) Computing Symbolic models for verifying cryptographic protocols. In: Proceedings of the 14th IEEE ComputerSecurity Foundations Workshop (CSFW 2001), IEEE Computer Society Press, Washington, DC, pp. 160–173.

    Chapter  Google Scholar 

  10. Fischer L (2003) Protecting integrity and secrecy of mobile agents on trusted and non-trusted agent places. Diploma Dissertation, University of Bremen, Germany. http://www.hackercontest.de/pages/dipl/docs/finished/fischer{\_}diplom.pdf. Accessed 5 Mar 2007.

  11. Formal Systems (Europe) Ltd (2000) Failures divergence refinement. FDR2 User Manual. http://www.fsel.com/documentation/fdr2/fdr2manual.pdf. Accessed 20 Mar 2007.

  12. Fournet C, Gonthier G, Lévy J J, Maranget L, Rémy D (1996) A calculus for mobile agents. In: Proceedings of the 7th International Conference on concurrency Theory (CONCUR’96), Lecture Notes in Computer Science, vol. 1119, pp. 406–421, Springer.

    Google Scholar 

  13. Hannotin X, Maggi P, Sisto R (2001) Formal specification and verification of mobile agent data integrity properties: A case study, LNCS 2240: pp. 42–53, Springer.

    Google Scholar 

  14. Jaljouli R (2005) Boosting m-Business using a truly secured protocol for information gathering mobile agents. In: Proceedings of the 4th International Conference on Mobile Business, IEEE Computer Society Press.

    Google Scholar 

  15. Jaljouli R (2005) Formal methods in the enhancement of the data security protocols of mobile agents. Technical Report TR 520, University of New South Wales, School of Computer Science and Engineering, http://cgi.cse.unsw.edu.au/ ∼ reports. Asccessed 15 Mar 2007.

  16. Jaljouli R (2006) A Proposed security protocol for data gathering mobile agents. Thesis Dissertation, University of New South Wales, School of Computer Science and Engineering, Australia.

    Google Scholar 

  17. Kanik N, Tripathi A (1999) Security in the Ajanta mobile agent system. Technical Report TR-5-99, University of Minnesota, Minneapolis.

    Google Scholar 

  18. Karjoth G, Asokan N, Gülcü C (1998) Protecting the computation results of free-roaming agents. In: K. Rothermel and F. Hohl (ed), Proceedings of the 2nd International Workshop on Mobile Agents, Lecture Notes in Computer Science, vol. 1477: pp. 195–207, Springer.

    Google Scholar 

  19. Lowe G (1997) Casper: A compiler for the analysis of security protocols. In: Proceedings of the 10th Computer Security Foundation Workshop (PCSFW), IEEE Computer Society Press.

    Google Scholar 

  20. Ma L, Tsai JJP (2000) Formal verification techniques for computer communication security protocols. In: Handbook of Software Engineering and Knowledge Engineering, vol. 1. ftp://cs.pitt.edu/chang/handbook/12.pdf . Accessed 10 Apr 2007.

  21. Maggi P, Sisto R (2001) Experiments on formal verification of mobile agent data integrity properties. http://citeseer.ist.psu.edu/hannotin01formal.html . Accessed 16 Mar 2007.

  22. Maggi P, Sisto R (2003) A configurable mobile agent data protection protocol. In: Proceedings of AAMAS’03, ACM Press, New York, pp. 851–858.

    Google Scholar 

  23. Meadows C (1994) Formal verification of cryptographic protocols: A survey. In: Advances in Cryptography – ASIACRYPT’94, pp. 135–150.

    Google Scholar 

  24. Milner R, Parrow J, Walker D (1992) A calculus for mobile processes (part I and II). In: Information and Computation, 100:1–77.

    Article  MATH  MathSciNet  Google Scholar 

  25. Mitchell J C, Mitchell M, Stern U (1997) Automated analysis of cryptographic protocols using Murφ. In: Proceedings of Symposiums on Security and Privacy, IEEE Computer Society Press, pp. 141–153.

    Google Scholar 

  26. Sangiori D (1992) Expressing mobility in process algebra: first order and higher order paradigms, Ph.D. Thesis, University of Edinburgh.

    Google Scholar 

  27. STA Documentation. http://www.dsi.unifi.it/~boreale/documentation.html. Accessed 15 Mar 2007.

  28. STA: a tool for trace analysis of cryptographic protocols (2001). ML object code and examples. http://www.dsi.unifi.it/~boreale/tool.html . Accessed 5 Apr 2007.

  29. Syverson P F, Goldschlag M, Reed M G (1997) Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, pp. 44–54, Oakland, California.

    Google Scholar 

  30. Vitek J, Gastagna G (1999) Seal: A framework for secure mobile computations. In: Internet Programming Language ICCL’98 Workshop, Lecture Notes in Computer Science, vol. 1686: pp. 47–77, Springer.

    Google Scholar 

  31. Vigna G (1998) Cryptographic traces for mobile agents. In: Mobile Agent Security, G. Vigna, (ed), Lecture Notes in Computer Science, vol. 1419: pp. 137–153, Springer.

    Google Scholar 

  32. Wang T, Guan S, Chan T (2002) Integrity protection for code-on-demand mobile agents in e-commerce. In: Systems and Software, 60(3): 211–221.

    Article  MATH  Google Scholar 

  33. Yao M, Foo E, Peng K, Dawson E (2003) An improved forward integrity protocol for mobile agents. In: Proceedings of the 4th International Workshop on Information Security Applications (WISA 2003) Lecture Notes in Computer Science, vol. 2908: pp. 272–285, Springer.

    Google Scholar 

  34. Yao Y, Dolev D (1983) On the security of public key protocols. In: IEEE Transactions on Information Theory, 29(2): 198–208.

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering and Information Technology, Deakin University, Deakin, Australia

    Raja Al-Jaljouli & Jemal Abawajy

Authors
  1. Raja Al-Jaljouli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jemal Abawajy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raja Al-Jaljouli .

Editor information

Editors and Affiliations

  1. Fac. Computers & Information, Cairo University, Ahmed Zewal Street 5, Giza, 12613, Egypt

    Aboul-Ella Hassanien

  2. School of Engineering &, Deakin University, Geelong, 3217, Australia

    Jemal H. Abawajy

  3. Technology, Norwegian University of Science &, O.S. Bragstads plass 2E, Trondheim, 7491, Norway

    Ajith Abraham

  4. Dept. Computer Science, University of Essex, Wivenhoe Park, Colchester, CO4 3SQ, United Kingdom

    Hani Hagras

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag London Limited

About this chapter

Cite this chapter

Al-Jaljouli, R., Abawajy, J. (2009). Agents Based e-Commerce and Securing Exchanged Information. In: Hassanien, AE., Abawajy, J., Abraham, A., Hagras, H. (eds) Pervasive Computing. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-84882-599-4_17

Download citation

  • DOI: https://doi.org/10.1007/978-1-84882-599-4_17

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84882-598-7

  • Online ISBN: 978-1-84882-599-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation