Abstract
Mobile agents are being increasingly being used nowadays for providing various services to mobile users. Mobile agent is a piece of code which can migrate from one location to another at its own will and can suspend and resume its operation. But there have been lot of issues and challenges and obstacles both technical and non technical ones that prevent the growth of mobile agents. The goal of this paper is to analyze threats to mobile agent security and then provide possible solutions to make it more secure and also look at future trends we can expect in the field of mobile agents.
1. Introduction
Times are changing fast and we are seeing newer innovations in the field of technology, with the older one getting obsolete and being replaced by newer ones. Earlier computing used to be centralized one with many computers sharing a powerful one, and then came the client-server paradigm followed by various forms of distributed computing. And ever since internet came, it has changed the lives of people, with information being just one click away. Then came mobile phones connecting more and more people, then with the invention of high end smarter mobile phone with more features and power, it became possible for people to pack the power that internet provided them into the small gadget of theirs, and with time the difference between capabilities of the mobile phones and computers is getting narrower day by day.
Mobile agent is a new term in the field of computer research and industry. In field of computer science, we can define a mobile agent as a software that contains certain code and data which is capable of migrating from one machine to another one on its own and carry its execution from where it left on the previous machine. [1] So a Mobile Agent is a sort of program which can migrate from one host to another one in a network to places of its own choice. The running program is capable of saving its current state and suspends the execution at one host and then it can move to another host and start its execution from where it left. [2] Telescript a software vendor was the 1st to introduce the term mobile agents, that time its mobility was considered at the programming level but now mobile agents are also used effectively on a client-server model. [3] But the technology has now evolved a lot, now with the advent of mobile devices like PDAs, High end Mobile Phones and other mobile devices, mobile agents have become increasingly important. This thing has given a whole new dimension to distributed computing.
2. Mobile Agents
2.1 How Mobile Agent Works
Mobile agents are different from other similar “process-migration systems”, in which the system has the authority to choose when and which process should migrate, but in case of mobile agents, they themselves have the power to decide move. Mobile agent usually does this thing by “jump” and “go” statements. Mobile agents are also different from applets which executes on a host once the user downloads them. [2]
2.2 Modes of Operation of an Agent
Mobile agent usually works in two manners; one is the single hop and other multi hop. Single hop happen when the agent migrates from the home platform to another platform and then returns back to home platform. This isn't much of a serious issue but since it contains just a single hop it doesn't utilize the full capabilities and functionalities of the mobile agent. On the other hand Multi Hop involves hopping through a chain of platforms all different to each other and finally returns to the home platform. [4]
When already in execution and the agent want to decide which platform to migrate to next, it can be down in following ways.
2.3 Advantage of using a Mobile Agent
Use of mobile agents has given a new dimension to distributed computing and many such applications are benefitting from its use. Use of mobile agents helps in reducing the network traffic as an agent can an agent can accumulate and collect multiple requests and then process them and return the combined result if it, often known as baggage. So rather than burdening the network by sending request again and again, sending many at a time, would help in reducing traffic. There are some critical real time applications which require continuous feed of instructions, that problem of network latency can be overcome by using mobile agents. Sometimes when some new requirement comes our way it becomes necessary to modify the current applications and various protocols at each and every site where it runs. To solve this problem we can send mobile agents at all the locations which require modification or up gradation. Also since our mobile devices have very limited processing capability by making use of mobile agent we can enhance the power, an agent can process the requests at a server and then send us back the result. [3]
2.4 Application of technology
This is used in several applications especially it has been useful for e-commerce applications. Network latency is very undesirably aspect when one is dealing with e-commerce applications involving financial matters on a mobile device, any delay might lead cause lot of inconvenience to the person. E.g. someone is trading shares, or bidding for something online. It can also be used in e-business to have proper communication in the process of supply chain management among all the intermediate process in the chain. [4]
3. Challenges and Obstacles
Mobile agent code sometimes suffers from performance and scalability factors as they usually take bit more time than what a usual program would take, because they are normally written in slow interpreted language. Platform dependency and no fixed standards is another major challenge. If we want to reap the real benefits of this technology we must work towards standardization of things, so that a vendor's program doesn't depend on a certain manufacturer's hardware. [2]
4. Security Threats
The three main kind of possible attacks possible: disclosure of information, denial of service attack, and corrupting of the information. Also the attack can be from an agent to platform, from an agent to another agent and from a platform on an agent.
4.1 Agent to Agent
When an agent exploits security vulnerability to another fellow client and launches an attack, it falls under this category. The major attacks that we encounter in this category are masquerading in which one agent masquerades as some other agent trusted by the other agent and is able to perform important functions e.g. maybe trick the agent into revealing credit card details and other sensitive information. Another attack is Denial of service attack which can occur by sending messages repeatedly to another agent and spamming; it can burden the agent and ultimately result in DoS attack. Some malicious agents might also circulate some useless information about other agents to stop them from doing their tasks on time and in proper manner. Then in order to prevent the scenario of an agent repudiating its actions, there must be sufficient evidences to provide non repudiation feature and also the platform should have control measures which shouldn't allow unauthorized access and modification by any agent. [4]
4.2 Platform to Agent
A platform can also pose threats to mobile agents in several ways e.g. it can masquerade or pretend to another platform or 3rd party which is trusted by the agent. Such a platform can cause damage of very large scale. A malicious platform may also intentionally choose to ignore requests for various services from the agents or it may delay those services, thus leading to losses especially for those dealing with ecommerce services. We must also make sure the agent to agent communication is an encrypted one to prevent it from eavesdropping by the platform. And there should be proper integrity checks on the code, state and date of the agent to prevent and detect unauthorized alteration of information. [4]
4.3 Other to agent platform
This refers to the possible attacks on the agent platform from various external entities; this can be even various agents and platforms. The various common attacks include masquerading, since an agent is capable of requesting services from any platform which can be remotely located, so there is a possibility of the agent masquerading another agent and be able to access and use services it is not authorized to use. Also an agent in combination with another malicious platform can dupe another platform. We must also make sure that access to resources on the agent platform is guarded and only an authorized agent is able to access it, so for that purpose there must be strict security policies in place. Then there is also a possibility of denial of service attack and replay attack as an agent can clone and replay the data. [4]
5. Protection Mechanisms
As we explained before once an agent has reached a host, we can't do much about malicious platform from taking complete control of the agent. There are two schemes of protection, i.e. protect either the platform, or the agent, or both. We will discuss protection of both the platform and the agent in this section. What we can do is adopt either one of the two strategies either prevention or detection techniques. [5]
5.1 Protecting the Agent Platform
We have to ensure that the agents don't interfere with working of one another and that of the platform as well. To solve this problem we should make use of the reference monitor concept, which means to “establish separate isolated domains for each agent and the platform, and control all inter-domain access”. The reference monitor is always invoked, is tamper proof and short in size so that its ease to analyze and test it. Using this concept, there are various strategies to prevent agent platform. [4]
Mobile Agent Authentication: Every time a thread is assigned to an agent, authentication of the agent must be performed by the platform to which agent is migrating, as a malicious agent might attack a platform. [5]
Secure channel establishment: At first the mutual authentication of both the platforms has to be performed before any transfer of the agents both the platforms. Mutual authentication is done during the establishment of a secure channel between the platforms. It is done by following 4 steps
Software fault based isolation: It works by isolating the suspected un-trusted code and running it in a controlled environment known as sandbox. So the programs written in unsafe language eg C can be isolated and checked for potential threats. [4]
Safe code interpretation: We can run unsafe code in a controlled environment like a sandbox and isolate faults. Languages like java has this inbuilt security feature however it may affect performance as we have to compete for memory, processor and other network resources to enable mobility of threads. [4]
State Appraisal: If the agent is not working at its actual state and rather working at some subverted state, we should have countermeasures to raise it back to the original state so that we can correctly determine what privileges should be granted to the agent. [4]
Path histories: Involves keeping track of all the past platforms visited by an agent and based on that decide whether to allow the agent and what restrictions to apply to it. This is done by attaching a signed entry to the path containing information about the current platform and the one to be visited next and then supply the path history when it visits a new platform. Message digest hashes can be used to prevent integrity of the path history, which would make it tamper proof. Since this involves extra process of verification it makes the process costly. [4]
Proof Carrying Code: Here the author of the agent will have to formally prove that the code agent is carrying is safe and contains all the desired security properties agreed upon by them in their security policies. It's a preventive technique, by code signing we can ensure authentication and identification of code, but if it's used with proof code then we can prevent even the execution of untrustworthy code. [6]
5.2 Protecting the Agent
Protecting the agent is equally important task because if a malicious agent or platform can affect another agent. To secure mobile agents we adopt the following strategies.
Partial Result Encapsulation: An agent's action can be encapsulated and then viewed later on for verification, the information would be related to what services agent accessed and for what purposes, it would be useful to detect possibilities of various attacks. [4]
Mutual Itinerary Recording: If the agents cooperate among each other so that they can keep track of each other's itinerary. The logic behind this is that few platforms that an agent might visit may be malicious, so the sharing of itinerary among each other the agent can identify potentially harmful platforms and stay away from them. So in way platforms helps each other by mutual collaboration. [4]
Execution Tracing: In this technique we make a non repudiable log and record the whole action of an agent, and at the end the whole trace is analyzed to see if something fishy happened or where things went wrong. [6]
Environmental Key Generation: It is based on the face that, if a certain condition is met, the agent can take a predefined action, it is known as environmental condition which is made hidden by storing its hash and protecting it by public key encryption. Then when a key is generated which is used to decrypt the code that encrypted and then it can execute if the environmental condition is met. [7]
Computing with Encrypted Functions: The goal behind this scheme is that we can encrypt the agent's functions in such a manner that even though it executes on the platform, but platform isn't able to gain any information or knowledge about their functioning. Challenge lies in finding appropriate encryption scheme to transform the function to desired form. Though the technique is helpful but it doesn't prevent against replay attacks and DoS on the agent. [4]
Obfuscated Code: We can create a black box that works just like the original mobile agent but contains different structure. It involves scrambling the code in such a way that no one is able to understand the code fully and how it functions or modify the code without being detected. Problem with this approach lies in no particular fixed algorithm providing this kind of black box protection. [7]
6. Conclusions and Scope for Future Research
In this paper we saw how a mobile agent works and its various benefits and later we saw the various issues and challenges facing mobile agent field. Then we saw the possible measures and things we need to do in order to prevent and secure a mobile agent system, both the agent and platform. Further I would like to say is that there should be focus on identifying areas where we really need mobility of the code, rather than trying to make use of the technology in each and every field available. We need to analyze the value of it quantitatively and what benefits we would gain from their implementation in specific applications. We must also focus on making mobile agent technology more secure as the security aspect is the biggest stumbling block that is preventing the technology from growing. We must look to make use of assurance and evaluation for the various processes involved in the working of mobile agent technology, to increase the trust of people. More work is also needed to standardized things for true global interoperability, so that there is no issue of hardware manufacturer and mobile agent vendor. Finally, more research needs to be done into integrating this technology with other compatible technologies to maximize its benefits. We would surely see more of its enhanced application in the gaming and multimedia field in near future.
References
