Abstract
Mobile agents (MAs) have been proposed for decentralized network management. This paper explains how Aglets, a Java open-source MA framework, not a proprietary system, can be used for security-enhanced network management, complementing the security of the Simple Network Management Protocol (SNMP) version 3. The solution prototyped is a hybrid environment where network management applications use MAs that interact locally with SNMP agents via the SNMP protocol. The implemented class libraries extend the security infrastructure of Aglets, by incorporating cryptographic functions through the Java Cryptography Extension. The extension enables data fields to be encrypted, while code is to be digitally signed. Legacy SNMPv1 and v2 enabled devices, with elementary security, can also be upgraded through this approach, which can effectively avoid a range of attacks. Consideration has been given to auxiliary functionality such as responding to SNMP traps, key distribution, logging, and secure clock synchronization.
Similar content being viewed by others
REFERENCES
J. Case, M. Fedor, M. Scoffstall, and J. Davin, RFC 1451: A Simple Network Management Protocol (SNMP), 1993.
William Stallings, SNMP, SNMPv2, SNMPv3 and RMON 1 and 2, Addison-Wesley, Reading, Massachusetts, Third edition, 1999.
M. Subramanian, Network Management, Addison-Wesley, Reading, Massachusetts, 2000.
Hewlett, Packard, Open View User's Guide, 1992.
SunSoft, SunNet Manager Reference Manual, 1994.
M. Baldi, S. Gai, and G.P. Picco, Exploiting code mobility in decentralized and flexible network management, Proceedings of the First Workshop on Mobile Agents (MA '97), pp. 13–26, 1997. LNCS 1219.
G. Gavalas, Mobile software agents for network management and performance monitoring. Ph.D. thesis, University of Essex, 2001.
R. Sprenkels and J. P. Martin-Flatin, Bulk transfer of MIB data. The Simple Times, Vol. 7, No. 1, pp. 1–7, 1999.
D. Levi and J. Schoenwaelder, RFC 2592: Definitions of Managed Objects for the Delegation of Management Scripts, 1999.
S. Mazumdar, Inter-domain management between CORBA and SNMP: Web-based management—CORBA/SNMP gateway approach, Proceedings of the Seventh IFIP/IEEE International Workshop on Distributed Systems, Operations and Research (DSOM'96), 1996.
C. Wellens and K. Auerbach, Towards useful management, The Simple Times, Vol. 4, No. 3, pp. 1–6, 1996.
J. Strassner and F. Baker, Directory Enabled Networking, Macmillan Technical Publishing, 1999.
K. Meyer, M. Erzlinger, J. Betzer, C. Sunshine, G. Goldschmidt, and Y. Yemini, Decentralizing control and intelligence in network management, Proceedings of the Fourth International Symposium on Integrated Network Management (ISINM'95), pp. 4–15, 1995.
J. E. White, Telescript technology: Mobile agents. In J. Bradshaw, (ed.), Software Agents, AAA/MIT Press, General Magic Inc. White Paper, 1996.
A. Liotta, G. Knight, and G. Pavlou, Modeling network and system monitoring over the Internet with mobile agents, Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS'98), pp. 303–312, 1998.
S. Papavassiliou, A. Puliafito, and J. Ye, Mobile agent-based approach for efficient network management and resource allocation: Framework and applications. IEEE Transactions on Selected Areas in Communications, Vol. 20, No. 4, pp. 858–872, 2002.
CERT/CC Advisory, Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP), October 2002. http://www.cert.org/advisories/CA-2002–03.html
Oulu University Secure Programming Group, PROTOS Test Suite: c06-snmpu1, 2002. http://www.ee.oulu.fi/research/ouspg/protos
R. L. Ziegler, Linux Firewalls, New Riders, Indianapolis, Indiana, 2000.
A. Kerckhoffs, La cryptographie militaire. Journal des Sciences Militaires, Vol. 9, pp. 5–38, 1883.
A. Stubblefield, J. Ioannidis, and A. D. Rubin, Using the Fluhrer, Mantin and Shamir attack to break WEP, Technical Report TD-4zCPZZ, AT&T Labs, 2001.
P. Bellavista, A. Corradi, and C. Stefanelli, An open secure mobile agent framework for systems management, Journal of Network and Systems Management, Vol. 7, No. 3, 1999.
S. Oaks, Java Security, O'Reilly, Beijing, 2001.
D. Volpanao and D. Smith, Language issues in mobile program security. In E. Vigna, ed., Mobile Agents and Security, LNCS 1419, pp. 25–43, 1998.
D. B. Lange and M. Oshima, Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley, Reading, Massachusetts 1998. Source code available at www.sourceforge.net/projects/aglets.
L. Silva, P. Simoes, J. Gabriele Silva, J. Boavida, P. Monteiro, J. Rebhan, C. Renato, L. Almeida, and N. Stohr, Using mobile agents for the management of telecommunication networks, Proceedings of ConfTele99—The second Conference on Telecommunications, 1999.
B. Paguek, Y. Wang, and T. White, Integration of mobile agents with SNMP: Why and how, IEEE Network Operations and Management Symposium, 2000.
M. Zapf, K. Hermann, and K. Geihs, Decentralized SNMP management with mobile agents, Proceedings of IM'99, 1999.
B. Schneier, Applied Cryptography. Wiley, New York, Second edition, 1996.
A. Carzaniga, G. P. Picco, and G. Vigna, Designing distributed applications with mobile code paradigms, Proceedings of the 19th International Conference on Software Engineering, 1997.
T. Lavian, R. F. Jaeger, and J. K. Hollingsworth, Open programmable architecture for Java-enabled network devices. Hot Interconnects, pp. 265–277, 1999.
J. Hunt and A. McMenus, Key Java, Springer, Berlin, 1998.
F. Hohl, Time limited Blackbox security: Protecting mobile agents from malicious hosts. In E. Vigna, ed., Mobile Agents and Security, LNCS 1419, pp. 92–113, 1998.
N. H. Karnik and A. R. Tripathi, Security in the Ajanta mobile agent system, Software: Practice and Experience, Vol. 3, No. 3, pp. 301–329, 1999.
T. Walsh, N. Paciorek, and D. Wong, Security and reliability in Concordia, Proceedings of the 31st Hawaii international Conference on Systems Sciences, Vol. VII, pp. 44–55, 1998.
R. S. Gray, D. Kotz, G. Cybenko, and D. Rus, D'Agents: Security in a multiple-language mobile-agent system. In E. Vigna, ed., Mobile Agents and Security, LNCS 1419, pp. 188–205, 1998.
S. Garfinkel, PGP, O' Reilly, Cambridge, United Kingdom, 1995.
G. Karjoth, D. Lange, and M. Oshima, A security model for Aglets. In E. Vigna, ed., Mobile Agents and Security, LNCS 1419, pp. 154–187, 1998.
I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, The design of graphical passwords, Proceedings of the Eighth USENIX Security Symposium, pp. 1–4, 1999.
M. Oshima and G. Karjuth, Aglets Specification, IBM, Japan, 1997.
J. Nechvatel, L. Bassham, W. Burr, M. Dworkin, J. Foti, and E. Roback, Report on the development of the Advanced Encryption Standard. Technical report, NIST, 2000.
IAIK at Graz University of Technology. Javadoc for IAIK JCE 3.0, 2002.
Microsoft Corp., Encrypting File System for Windows 2000 White Paper, 1998.
D. L. Mills, RFC 1129: Internet Time Synchronization, 1989.
D. L. Mills, Public Key Cryptography for the Network Time Protocol, University of Delaware, 2000.
C. Gulcu, Log4j delivers control over logging, JavaWorld, November 2000.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pashalidis, A., Fleury, M. Secure Network Management Within an Open-Source Mobile Agent Framework. Journal of Network and Systems Management 12, 9–31 (2004). https://doi.org/10.1023/B:JONS.0000015696.23905.66
Issue Date:
DOI: https://doi.org/10.1023/B:JONS.0000015696.23905.66