Security Architecture and Its Implementation in a Multi Mobile Agent E-Hospital

This thesis describes the design and the implementation of a security architecture for an ehospital. The e-hospital uses mobile agent technologies in its function implementation. The mobile agent technology has notable advantages over the traditional client/server technology. However, its advantages make it more vulnerable to threats. We use ISO 17799, an international standard for Information security management, as our guide to approach the security problems in this e-hospital. We reach the security objectives for this e-hospital by risk assessments of the current system, compliance with the patients' privacy protection regulations and the consideration of end users' requirements. We divide the whole e-hospital into different domains according to their security levels and propose protections for each domain. We use identity-based two party key agreement protocols to address the network security in this e-hospital. Finally, we extend Bagga and Molva's policy-based cryptographic scheme to address the end user's access control and non-repudiation. Our proposed cryptographic scheme is based on the hardness of the Generalized Bilinear Diffie-Hellman Problem (GBDH problem) in groups. We implement our proposed cryptographic scheme in Java. The test results show that the performance of our proposed cryptographic scheme is acceptable using the elliptic curve defined over large prime fields.

[1]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[2]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[3]  Tim Wilkinson,et al.  Trustworthy access control with untrustworthy Web servers , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[4]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[5]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[6]  David Wong,et al.  Concordia: An Infrastructure for Collaborating Mobile Agents , 1997, Mobile Agents.

[7]  Agostino Poggi,et al.  JADE: A software framework for developing multi-agent applications. Lessons learned , 2008, Inf. Softw. Technol..

[8]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[9]  Liqun Chen,et al.  Certification of Public Keys within an Identity Based System , 2002, ISC.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  Guido Appenzeller,et al.  Minimal-Overhead IP Security using Identity Based Encryption , 2002 .

[12]  Holger Peine,et al.  The Architecture of the Ara Platform for Mobile Agents , 1999, Mobile Agents.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[15]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[16]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[17]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[18]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[19]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.