Skip to main content
Log in

Anonymous ECC-Authentication and Intrusion Detection Based on Execution Tracing for Mobile Agent Security

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Mobile agents are software entities able to move from one host to another across networks. They are autonomous and independent from the environment where they are hosted, as they transport all the necessary resources for their proper needs and execution. However, this mobility feature shows many security issues related to the maliciousness of hosts receiving agents and the unsafe communications with other entities encountered in the way. In this paper, we propose a new security scheme based on two techniques: anonymous authentication and intrusion detection. In the first one, we make use of elliptic curve cryptography known for its several advantages in distributed computing, while in the second, we make use of execution tracing method basing chaining mechanism to produce traces of the executed statements in the agent’s code. Practical experiments are conducted to prove the scalability and effectiveness of our approach, focusing on different metrics and compared to well-known and significant related works.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Ferber, J. (1999). Multi-agent systems: An introduction to distributed artificial intelligence (Vol. 1). Reading: Addison-Wesley.

  2. Fasli, M. (2007). On agent technology for e-commerce: Trust, security and legal issues. The Knowledge Engineering Review, 1(22), 3–35.

    Article  Google Scholar 

  3. Glitho, R. H., Edgar, O., & Samuel, P. (2002). Mobile agents and their use for information retrieval: A brief overview and an elaborate case study. IEEE Network, 1(16), 34–41.

    Article  Google Scholar 

  4. Gavalas, D., Tsekouras, G. E., & Anagnostopoulos, C. (2009). A mobile agent platform for distributed network and systems management. Journal of Systems and Software, 2(82), 355–371.

    Article  Google Scholar 

  5. Metzger, M., & Polakow, G. (2011). A survey on applications of agent technology in industrial process control. IEEE Transactions on Industrial Informatics, 4(7), 570–581.

    Article  Google Scholar 

  6. Chen, B., & Cheng, H. (2010). A review of the applications of agent technology in traffic and transportation systems. IEEE Transactions on Intelligent Transport Systems, 2(11), 485–497.

    Article  Google Scholar 

  7. Dong, M., Ota, K., Yang, L. T., Chang, S., Zhu, H., & Zhou, Z. (2014). Mobile agent-based energy-aware and user-centric data collection in wireless sensor networks. Computer Networks, 74, 58–70.

    Article  Google Scholar 

  8. Ahuja, P., & Sharma, V. (2012). A review on mobile agent security. International Journal of Recent Technology and Engineering (IJRTE), 2(1), 2277–3878.

    Google Scholar 

  9. Jung, Y., Kim, M., Masoumzadeh, A., & Joshi, J. B. (2012). A survey of security issue in multi-agent systems. Artificial Intelligence Review, 37(3), 239–260.

    Article  Google Scholar 

  10. Pirzadeh, H., Dub, D., & Hamou-Lhadj, A. (2010). An extended proof-carrying code framework for security enforcement. In Transactions on computational science XI (pp. 249–269). Berlin: Springer

  11. Tuohimaa, S., Laine, M., & Leppnen, V. (2006). Dynamic rights in model-carrying code. In Proceedings of the international conference on computer systems and technologies (pp. 1–7).

  12. Jansen, W. (2000). Countermeasures for mobile agent security. Computer Communications, 23(17), 1667–1676.

    Article  Google Scholar 

  13. Warnier, M., Oey, M., Timmer, R., Brazier, F., & Overeinder, B. (2009). Enforcing integrity of agent migration paths by distribution of trust. International Journal of Intelligent Information and Database Systems, 3(4), 382–396.

    Article  Google Scholar 

  14. Tsiligiridis, T. A. (2004). Security for mobile agents: Privileges and state appraisal mechanism. Neural Parallel and Scientific Computations, 12(2), 153–162.

    MATH  Google Scholar 

  15. Arun, V., & Shunmuganathan, K. L. (2013). Secure sand-box for mobile computing host with shielded mobile agent. Indian Journal of Applied Research, 3(9), 296–297.

    Article  Google Scholar 

  16. Oey, M., Warnier, M., & Brazier, F. (2010). Security in large scale open distributed multi-agent systems. In V. Kordik (Ed.), Book chapter in autonomous agents (pp. 107–130). IN-TECH.

  17. Kapoor, V., Abraham, V. S., & Singh, R. (2008). Elliptic curve cryptography. ACM Ubiquity, 9(20), 20–26.

    Google Scholar 

  18. Enge, A. (2013). Bilinear pairings on elliptic curves. arXiv preprint arXiv:1301.5520.

  19. Mills, D., Martin, J., Burbank, J., & Kasch, W. (2010). Network time protocol version 4: Protocol and algorithms specification. No. RFC5905, June

  20. Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication, 800(2007), 94.

    Google Scholar 

  21. Patel, A., Qassim, Q., & Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management and Computer Security, 18, 277–290.

    Article  Google Scholar 

  22. Vigna, G. (1998). Cryptographic traces for mobile agents. In Mobile agents and security (pp. 137–153). Berlin: Springer.

    Chapter  Google Scholar 

  23. Announcing the Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, NIST, (2001).

  24. Jaffar A, A., & Martinez, J. C. (2013). Detail power analysis of the SHA-3Hashing algorithm candidates on Xilinx Spartan-3E. International Journal of Computer and Electrical Engineering, 5(4), 410–413.

    Article  Google Scholar 

  25. Bellifemine, F., Poggi, A., & Rimassa, G. (2001). JADE: A FIPA2000-compliant agent development environment. In The 5th international conference on autonomous agents (pp. 216–217). Montreal: ACM.

  26. Liu, J., Zhang, Z., Chen, X., & Kwak, K. S. (2014). Certificateless remote anonymous authentication schemes for wireless body area networks. IEEE Transactions on Parallel and Distributed Systems, 25(2), 332–342.

    Article  Google Scholar 

  27. Xiong, H. (2014). Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Transactions on Information Forensics and Security, 9(12), 2327–2339.

    Article  Google Scholar 

  28. Cao, X., Zeng, X., Kou, W., & Hu, L. (2009). Identity-based anonymous remote authentication for value-added services in mobile networks. IEEE Transactions on Vehicular Technology, 58(7), 3508–3517.

    Article  Google Scholar 

  29. Zhao, Z. (2014). An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. Journal of Medical Systems, 38(2), 1–7.

    Article  Google Scholar 

  30. Aumasson, J. (2006). On the pseudo-random generator isaac. IACR Cryptology. ePrint Archive

  31. Blasco, J., Orfila, A., & Ribagorda, A. (2010). Improving network intrusion detection by means of Domain-Aware genetic programming. In International conference on availability, reliability, and security (pp. 327–332).

  32. Available at: http://netresearch.ics.uci.edu/kfujii/jpcap/doc/.

  33. Maynor, D. (2011). Metasploit toolkit for penetration testing, exploit development, and vulnerability research. Elsevier. http://www.metasploit.com/.

  34. Available at: https://www.snort.org/documents.

  35. Brahmi, I., Yahia, S. B., Poncelet, P. (2011). A Snort-based mobile agent for a distributed intrusion detection system. In IEEE Proceedings of the international conference on security and cryptography (SECRYPT) (pp. 198–207). IEEE.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hind Idrissi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Idrissi, H. Anonymous ECC-Authentication and Intrusion Detection Based on Execution Tracing for Mobile Agent Security. Wireless Pers Commun 94, 1799–1824 (2017). https://doi.org/10.1007/s11277-016-3712-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3712-z

Keywords

Navigation