Defend mobile agent against malicious hosts in migration itineraries

https://doi.org/10.1016/j.micpro.2004.08.008Get rights and content

Abstract

Agent integrity verification and fault-tolerance are the two prevalent methods among the solutions to the Problem of Malicious Hosts in Mobile agent system. Agent integrity verification enables the owner of the agent to detect upon its return whether a visited host has maliciously altered the state of the agent based on agent integrity verification [6]. A known drawback of such method is that it cannot detect the tampering of agent immediately, and the tampering can be detected only when the agent returned. Agent fault-tolerance is one method that achieves agent fault-tolerance in migration itineraries by agent replication and majority voting [11]. The drawback of such method is that the agent replication and majority voting can produce many agent replicas in every agent migration step, which may cost significant resource and time. Aiming at those drawbacks, the paper incorporates the two methods, and presents a novel agent migration fault-tolerance model based on integrity verification, which can defend mobile agent against malicious hosts in migration itineraries effectively. The novel agent fault-tolerance model cannot only realize the fault-tolerant execution, but also reduce the complexity and resource cost of agent migration communication.

Introduction

Mobile agents are software programs that may move from host to host as necessary to carry out their functions. Such systems violate some of the assumptions that underlie most existing computer security implementations [1]. Problem of Malicious Host (POMH) (i.e. how to protect agents against the malicious hosts) is a serious security problem in mobile agent system. To solve the POHM, various methods have been developed, such as Time Limited Blackbox [2], Reference States [3], Cryptographic Traces [4], Authentication and State Appraisal [5], etc. Among these, the two most prevalent solutions of POMH are agent integrity verification [6] and agent fault-tolerance [11].

The set of hosts visited by the mobile agent is termed as itinerary. At any host, the execution environment of the agent is controlled by the host. Hence, mobile agents are vulnerable to attacks by malicious host in migration itinerary; one of the attacks to the mobile agent is the tampering of the data carried by the agent. To detect such attack, the method of agent integrity verification was proposed. In Ref. [6], Karjoth et al. proposed the notion of AppendonlyContainer for detecting the tampering of an agent's data by individual malicious hosts. However, the mechanism in Ref. [6] does not address the problem that two or more malicious hosts collude with each other to delete the data of other hosts. To solve such problem, Vijil and Sridhar Iyer [7] incorporated and extended the notion of the AppendOnlyContainer to include not only the detection of tampering but also the identification of the malicious host, so as to detect the colluding malicious hosts in mobile agent itineraries. Otherwise, Jeff et al. [8] proposed several defense against the truncation attack and the related growing-a-fake-stem attack for the protection of the partial computation results of free-roaming agents.

However, all of the above works about agent integrity verification only detect the attacks when the agent returns to its owner. Therefore, the attacks cannot be detected immediately as it takes place, which may influence the execution of agent.

Moreover, though the above approaches are effective for solving the POMH in some degree, they do not cope with how to keep the mobile agent system uninterrupted during operating when the POMH takes place. Aiming at such problem, the concept of agent fault-tolerance was suggested; among the related researches the measure of agent replication and voting was often adopted. Schneider [11] integrated the concept of fault-tolerance and the principle of cryptography to make the mobile agent system have fault-tolerant ability. The solution in Ref. [11] makes agent produce many replicas at every migration step so that the crash of one agent cannot influence the operation of the whole system. Unfortunately, such solution is not feasible in practice, since it assumes that replicated servers fail independently [16] and requests that all agent replicas be kept alive until the end of agent migration, and the large numbers of agent replicas cost a lot of network and host resource. In the meantime, the result voting among the replicas of agent also cost significant resource and time.

On the base of our original work in Ref. [25], we incorporate the above two methods and extend them, and present a novel agent migration fault-tolerance model based on integrity verification (AMFIV) and its improved version (P-AMFIV). This model can detect the tampering of agent immediately as it takes place and carry out the fault-tolerant execution. It also reduces the complexity and resource cost of agent migration communication. Lastly, this paper makes π/spi-calculus analysis and experiment for P-AMFIV, which prove our solution is feasible and efficient.

The rest of the paper is organized as follows. Section 2 introduces the related research work on agent integrity verification and fault-tolerance. Section 3 presents the novel agent migration fault-tolerance model AMFIV and P-AMFIV. Section 4 models P-AMFIV based on π-calculus and spi-calculus. Section 5 describes simulation experiment. Then the paper concludes in Section 6.

Section snippets

Agent integrity verification

The agents need to be protected such that they can acquire new data on each host they visit, but any tampering with pre-existing data must be detected by the agent's owner (and possibly by other hosts on the agent's itinerary) to keep the agent integrity [9]. The issue of agent integrity has heretofore always been ignored in the realm of agent literature. With the existence of malicious hosts and inaccurate information, along with many unsolved problems arising from agent interaction, the

AMFIV model

To solve the POMH effectively, we incorporate the ideas of agent integrity verification and fault-tolerance, and present a novel agent migration fault-tolerance model based on integrity verification called AMFIV.

Now we take a trace example to illustrate the principle of AMFIV shown as Fig. 3.

Fig. 3 can be explained as follows:

  • After the agent at stage i executes on hosti, it selects a node with the highest priority as the next host to migrate, i.e. hosti+1(0);

  • The agent spawns a replica, and the

Introduction to π-calculus and spi-calculus

The π-calculus is a mathematical model of processes whose interconnections change as they interact. The basic computational step is the transfer of a communication link between two processes; the recipient can then use the link for further interaction with other parties. This makes the calculus suitable for modeling systems where the accessible resources vary over time. It also provides a significant expressive power since the notion of access and resource underlie much of the theory of

Simulation experiment

Based on Aglets Software Development Kit v2 (Open Source release) [23] and MAS Simulator [24], we construct the simulation experiment environment and develop a prototype system. We make some simulation experiments, the network topology used in our experiment is shown as Fig. 7. On every host of the migration path, agent collects some data from the host. In our simulation experiment, we mainly compare the P-AMFIV with other agent fault-tolerance model.

In the network topology, the migration

Conclusion

In this paper, by incorporating the ideas of agent integrity and fault-tolerance, we suggest a novel agent migration fault-tolerance model based on integrity verification called AMFIV and its improved version P-AMFIV. Comparing to other related works of agent integrity verification, our model can detect the attack immediately and need not wait for the return of agent; comparing to other works of agent fault-tolerance, our model save network load and host resource, and also improve the agent

Yichuan Jiang was born in 1975. He received his MS degree in computer science from Northern Jiaotong University, China in 2002. He is currently a PhD candidate in computer science of the Department of Computing and Information Technology, Fudan University, China. His research interests include mobile agent system, artificial intelligence and network security.

References (25)

  • J. Parrow

    An introduction to the π-calculus

  • D.M. Chess

    Security issues in mobile code systems

  • F. Hohl

    Time limited blackbox security: protecting mobile agents from malicious hosts

  • F. Hohl

    A protocol to detect malicious hosts attacks by using reference states

    (2000)
  • G. Vigna

    Cryptographic traces for mobile agents, Mobile Agents and Security

  • W.M. Farmer et al.

    Security for mobile agents: authentication and state appraisal

    (1996)
  • G. Karjoth et al.

    Protecting the computation results of free-roaming agents

    (1998)
  • E.C. Vijil et al.

    Identifying collusions: co-operating malicious hosts in mobile agent itineraries

    (2002)
  • J.S.L. Cheng et al.

    Defense against the truncation of computation results of free-roaming agents, LNCS2513

    (2002)
  • V. Roth

    On the robustness of some cryptographic protocols for mobile agent protection, LNCS 2240

    (2001)
  • M.J. Grimley et al.

    Protecting the integrity of agents: an exploration into letting agents loose in an unpredictable world, ACM Crossroads

    (1999)
  • F.B. Schneider

    Towards fault-tolerant and secure agentry, Invited paper

    (1997)
  • Cited by (11)

    • A Survey of Task Allocation and Load Balancing in Distributed Systems

      2016, IEEE Transactions on Parallel and Distributed Systems
    • Understanding social networks from a multiagent perspective

      2014, IEEE Transactions on Parallel and Distributed Systems
    • AFDB security protocol against colluded truncation attack in free roaming mobile agent environment

      2011, International Conference on Recent Trends in Information Technology, ICRTIT 2011
    View all citing articles on Scopus

    Yichuan Jiang was born in 1975. He received his MS degree in computer science from Northern Jiaotong University, China in 2002. He is currently a PhD candidate in computer science of the Department of Computing and Information Technology, Fudan University, China. His research interests include mobile agent system, artificial intelligence and network security.

    Zhengyou Xia was born in 1974. He received his MS degree in fuse technology from Nanjing University of Science and Technology in 1999, and received his PhD degree in computer science from Fudan University in 2004. He is currently a lecturer in the Department of Computer, Nanjing University of Aeronautics and Astronautics, China. His research interests include information security, mobile agent and active network.

    Yiping Zhong was born in 1953. She is now an associate professor, and also the associate director of the Department of Computing and Information Technology of Fudan University, China. Her research interests include network system, information security and data communication.

    Shiyong Zhang was born in 1950. He is now a professor and PhD supervisor, and also the director of the Center of Networking and Information Engineering of Fudan University, China. His research interests include network system, mobile agent system and network security.

    View full text