Security of Intelligent Agents in the Web-Based Applications

The major goal of this chapter is to discuss the following tow topics: first is the security issues related to web-based applications with intelligent agents; the second is the adaptation of intelligent agents to existing information security mechanisms. Mobile agents are considered to be an alternative to client-server systems. Security issues are discussed for generic agent-based systems, i.e. intelligent agents migrate to agent platforms. Public key infrastructure (PKI) is a major cryptographic systems deployed for agent-based systems. Cryptographic techniques such as digital signatures, hash function, proxy certificate and attribute certificate, are utilized for protecting both intelligent agents and agent platforms. Countermeasures to agent protections and agent platform protection are given, which are based on information security mechanisms such as authentication, authorization, access control and confidentiality. Other major security concern such as the identity binding and delegation between intelligent agent and its host are discussed with solutions based on proxy certificates and attribute certificates. For application layer security mechanism, non-repudiation and Secure Electronic Transaction (SET) are developed for agent-based applications.

[1]  Chung-Ming Ou ROLE-BASED ACCESS CONTROL (RBAC) MECHANISM WITH ATTRIBUTE CERTIFICATES FOR MOBILE AGENT SYSTEMS , 2007 .

[2]  Jose L. Muñoz,et al.  Secure brokerage mechanisms for mobile electronic commerce , 2006, Comput. Commun..

[3]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[4]  Robert H. Deng,et al.  Evolution of Fair Non-repudiation with TTP , 1999, ACISP.

[5]  Chin-Chen Chang,et al.  A new solution for assigning cryptographic keys to control access in mobile agent environments , 2006, Wirel. Commun. Mob. Comput..

[6]  Luca Cardelli,et al.  Comparing Object Encodings , 1997, Inf. Comput..

[7]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[8]  Jose L. Muñoz,et al.  Host Revocation Authority: A Way of Protecting Mobile Agents from Malicious Hosts , 2003, ICWE.

[9]  William Stallings,et al.  Cryptography and network security , 1998 .

[10]  Benjamin C. Pierce,et al.  Theoretical Aspects of Computer Software , 2001, Lecture Notes in Computer Science.

[11]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[12]  Wayne A. Jansen,et al.  Countermeasures for mobile agent security , 2000, Comput. Commun..

[13]  Volker Roth,et al.  Access control and key management for mobile agents , 1998, Comput. Graph..

[14]  Friedemann Mattern,et al.  Agent Systems, Mobile Agents, and Applications , 2000, Lecture Notes in Computer Science.

[15]  Chung-Ren Ou,et al.  SETNR/A: an agent-based secure payment protocol for mobile commerce , 2010, Int. J. Intell. Inf. Database Syst..

[16]  Chee Kheong Siew,et al.  A Secure Agent-based Framework for Internet Trading in Mobile Computing Environments , 2004, Distributed and Parallel Databases.

[17]  Luo Junzhou,et al.  On timeliness of a fair non-repudiation protocol , 2004, InfoSecu '04.

[18]  E. Horlait Mobile Agents for Telecommunication Applications , 2003, Lecture Notes in Computer Science.

[19]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[20]  Amitabha Das,et al.  A Secure Payment Protocol Using Mobile Agents in an Untrusted Host Environment , 2001, ISEC.

[21]  Amal El Fallah Seghrouchni,et al.  A Mobile Agents Platform: Architecture, Mobility and Security Elements , 2004, PROMAS.

[22]  Gerhard Weiss,et al.  Multiagent systems: a modern approach to distributed artificial intelligence , 1999 .

[23]  Miguel Mira da Silva,et al.  An Agent-Based Secure Internet Payment System for Mobile Computing , 1998, Trends in Distributed Systems for Electronic Commerce.

[24]  Lakhmi C. Jain,et al.  Knowledge-Based Intelligent Information and Engineering Systems , 2004, Lecture Notes in Computer Science.

[25]  Wayne Jansen,et al.  NIST Special Publication 800-19 – Mobile Agent Security , 2000 .

[26]  Yuh-Jong Hu,et al.  Agent-Oriented Public Key Infrastructure for Multi-agent E-service , 2003, KES.

[27]  Gustavo Rossi,et al.  Web Engineering , 2001, Lecture Notes in Computer Science.

[28]  Andreu Riera,et al.  Securing the itinerary of mobile agents through a non-repudiation protocol , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).

[29]  Wayne A. Jansen,et al.  A Priviledge Management Scheme for Mobile Agent Systems , 2002, SEMAS.

[30]  Jeffrey J. P. Tsai,et al.  Security Modeling and Analysis of Mobile Agent Systems , 2006, Series in Electrical and Computer Engineering.

[31]  Yuh-Jong Hu Trusted Agent-Mediated E-Commerce Transaction Services via Digital Certificate Management , 2003, Electron. Commer. Res..

[32]  Stefan Holst,et al.  Realization of an Agent-Based Certificate Authority and Key Distribution , 1999, IATA.

[33]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[34]  Ahmed Karmouch,et al.  Towards a Secure Agent Platform Based on FIPA , 2001, MATA.

[35]  Felix C. Freiling,et al.  Solving Fair Exchange with Mobile Agents , 2000, ASA/MA.

[36]  Chung-Ming Ou,et al.  Adaptation of proxy certificates to non-repudiation protocol of agent-based mobile payment systems , 2009, Applied Intelligence.

[37]  Armin R. Mikler,et al.  Secure agent computation: X.509 Proxy Certificates in a multi-lingual agent framework , 2005, J. Syst. Softw..

[38]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[39]  Sahin Albayrak,et al.  Intelligent Agents for Telecommunication Applications , 1999, Lecture Notes in Computer Science.

[40]  Adolfo Riera,et al.  Security for a Multi-Agent System based on JADE , 2007, Comput. Secur..

[41]  Sang-Ho Lee,et al.  A Secure Mobile Agent System Using Multi-signature Scheme in Electronic Commerce , 2003, Human.Society@Internet 2003.

[42]  Chung-Ming Ou,et al.  Non-repudiation Mechanism of Agent-Based Mobile Payment Systems: Perspectives on Wireless PKI , 2007, KES-AMSTA.

[43]  Miguel Mira da Silva,et al.  Secure Mobile Agent Digital Signatures with Proxy Certificates , 2001, E-Commerce Agents.

[44]  Ee-Peng Lim,et al.  Non-repudiation in an agent-based electronic commerce system , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[45]  Winfried Lamersdorf,et al.  Trends in Distributed Systems for Electronic Commerce , 1998, Lecture Notes in Computer Science.

[46]  Chin-Chen Chang,et al.  A fair and secure mobile agent environment based on blind signature and proxy host , 2004, Comput. Secur..

[47]  Dieter Hutter,et al.  Security of multi-agent systems: A case study on comparison shopping , 2007, J. Appl. Log..

[48]  Samuel Pierre,et al.  A security protocol for mobile agents based upon the cooperation of sedentary agents , 2007, J. Netw. Comput. Appl..

[49]  Samuel Pierre,et al.  Protection of a mobile agent with a reference clone , 2006, Comput. Commun..

[50]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[51]  M. H. Kuo,et al.  An intelligent agent-based collaborative information security framework , 2007, Expert Syst. Appl..

[52]  Jiming Liu,et al.  E-Commerce Agents , 2001, Lecture Notes in Computer Science.

[53]  Wei-Bin Lee,et al.  A new delegation-based authentication protocol for use in portable communication systems , 2005, IEEE Transactions on Wireless Communications.