Mobile Agent
Security
Dan Gaudette
Graduate Seminar Class
November 25, 2003
Overview

Review of what I did last time

What is an agent again?



Security Issues

Different types of attacks




Benefits
Drawbacks
Server to server, server to agent, agent to server, agent to agent
How they do the attack – masquerading, etc.
Aglets
Malicious Hosts




Classification of threats
Security Goals
Malicious Host Detection
Countermeasures
Mobile Agent [5]
 Agents
typically possess several (or
all) of the following characteristics:
Small
in size
Goal oriented
Communicative
Cooperative
Flexible
Mobile Agent [5]




Mobile Agents can travel across the
heterogeneous network in order to perform an
assigned task.
Mobile Agents are one of the popular and
simpler ways of retrieving information from the
Internet.
Aglets are fundamentally Java-based
autonomous software mobile agents. An aglet
carries its state and as well as data along with it
while traveling across the network.
Basic idea: Create once, go anywhere.
Mobile Agent

They are often used in information
searching, filtering and retrieving
applications, low-level network
maintenance, testing, fault-diagnosis and
for dynamically upgrading existing
services [13].
Mobile Agent Benefits [5]







Reduce human work
Handle information overload
Provide automated help
Reduction of network traffic
Adaptive
Negotiation capabilities
Learning capabilities
Mobile Agent Drawbacks [5]

Security is a huge issue
 Main
reason why agents aren’t as popular as
they could be

Lack of mobile agent standards
 Each
implementation has it’s own specific
benefits and drawbacks

No coordination, cooperation, or
communication between agents
 especially
between different kinds of agents
Aglets
Aglet – Implementation of an Agent

Why study Aglets?
 clear
and simple structure
 good GUI (Tahiti server)
 very accessible use
 good documentation
 high user acceptance
 open source / freeware
 works on Java2
A Little More on Aglets [8]

Implemented standards:



Communication:





MASIF - Mobile Agent System Interoperability Facility
works with CORBA
Sockets
message-passing between agents
ATP (support HTTP tunneling)
problems with firewalls
Mobility:


weak mobility
Java serialization (byte code)
A Little More on Aglets [8]

Security policy:
 built-in
security mechanism through Tahiti server
 three roles (aglet, manufacturer, owner)
 context and server security
 network domain
 agents are shielded using proxy object
 standard Java security (JDK keytool)

Practical uses:
– electronic marketplace for air tickets in
Japan (thousand machines)
 TabiCan
Developing Aglets [8]
Aglets Software Development Kit (ASDK)
developed by IBM is a Java-based
framework for implementing mobile agents
called aglets.
 It provides a network agent class loader
that enables mobility of agent code, data
and state information.
 Aglets package can be downloaded from
the Sourceforge.net or the IBM website.

Aglets [8]

Aglets are Java objects that can move
from one host on the Internet to another.
 An
aglet that executes on one host can
suddenly halt execution, dispatch itself to a
remote host, and resume execution there.

When the aglet moves, it takes along its
program code as well as its data.
Aglet Architecture [7]
Aglets architecture consists of two APIs and two implementation layers.
 Java Aglet API
 Aglets Runtime Layer – The implementation of Aglet API
 Agent Transport and Communication Interface (ATCI with ATP as an
application-level protocol)
 Transport Layer
Aglet API [7]
Internet agent developers can develop platform independent aglets written
in Java programming language and expect them to run on any host that
supports Aglet API.




Aglet: Provides methods that control the mobility and lifecycle of an aglet.
Aglet Context: Provides the execution environment at the remote site.
Aglet Proxy: Provides a handle that is used to access the aglet.
Message: An object exchanged between aglets.
Aglet Life Cycle [7]


Different stages in an aglet execution are shown
in the figure.
Aglets can be: created, cloned, dispatched,
retracted, deactivated, activated, disposed
Aglets Security and
Communication [7]

Security in Aglets
 Security
is a prime concern for mobile agent
technology, and aglets provide an extensible security
model in the form of an AgletSecurityManager, as a
subclass of the Java Security Manager.

Aglets Communication
 Messaging
between aglets involves sending,
receiving, and handling messages synchronously as
well as asynchronously. Aglets communicate with
each other by exchanging Message objects.
Malicious Hosts
Malicious Hosts [2]

Goals:
 to
analyze the different security threats that
can possibly be imposed on agents by
malicious hosts
 to provide a classification of these threats
 to describe the current solution approaches
that are implemented to address the identified
problems
Malicious Hosts

A malicious hosting node can launch
several types of security attacks on the
mobile agent and divert its intended
execution towards a malicious goal or alter
it’s data or other information in order to
benefit from the agent’s mission [10].
Malicious Hosts Example



For example: A Mobile Travel Agent is sent out
by a user to visit several airlines, find the best
offer and book and pay the best flight [11].
A malicious host might spy out the price limits
set by the user and the offers by competitors. [9]
It might tamper the agent to change the
competitors prices.
Malicious Hosts Example



It could advance the agents program counter to
the preferred branch of conditional code. [3]
It might steal the mobile agent’s electronic
money, credit card number or cryptographic
keys.
It might hoodwink the competition by modifying
the agent to want to reserve 100 tickets from the
competitor so the flight appears full. [3]
Classification of Malicious Host
Security Threats [2]

Base the classification of threats on the five
fundamental concerns of users gaining access
of computer network services [12]:
 Integrity
 Availability
 Confidentiality
 Authentication
 Non-Repudiation

Using these fundamental security requirements
we identify the following security classes that
mobile agents can possibly encounter from their
executing hosts.
Class 1: Integrity attacks [2]
Tampering with the agent’s code, state or
data implies that the integrity of the mobile
agent has been violated.
 The motive may be malicious or
accidental.
 There are two subclasses of integrity
attacks:

 integrity
interference
 information modification
1.1: Integrity interference [2]


Occurs when the executing host interferes with
the mobile agent’s execution mission, but does
not alter any information related to the agent.
Examples include the cases where the executing
host
 transmits
the mobile agent incorrectly
 does not execute the mobile agent completely
 transmits the agent to a host that is not specified in
the itinerary
 executes the agent arbitrarily
1.2: Information modification [2]


Occurs when the executing host takes actions
against a mobile agent in an unauthorized way.
Examples include
 altering,
corrupting, manipulating, deleting,
misinterpreting agents
 incorrect execution of the agent’s Code, data, control
flow, status
 interfering with the interaction between different
agents, and alters the communication between them
for its own benefit.
Class 2: Availability refusal [2]




When a mobile agent arrives at a host it must be given
privileges and access to resources that are necessary to
carry out the task.
Availability refusal occurs if an authorized mobile agent
is prevented from accessing objects or resources to
which it should have legitimate access.
Mostly deliberate actions performed by the executing
nodes in order to obstruct the agent.
There are three subclasses:



denial-of-service
delay-of-service
transmission-refusal
2.1: Denial of service [2]
Occurs when the requested resources that
the agent needs to accomplish its mission
are denied.
 Examples include

 A malicious
host bombards the agent with so
much irrelevant information that the agent
finds it impossible to complete its goals
 A malicious host refuses an agent a specific
service
2.2: Delay of service [2]
Occurs when the host lets the mobile
agent wait for the service and only provide
the service or provide access to the
required resources after a certain amount
of time.
 Examples include:

 A host
keeps an agent deactivated until after it
is too late to buy air tickets from a competitor
2.3: Transmission refusal [2]

Occurs when a malicious host disregards
the itinerary of the mobile agent and
refuses to transmit the agent to the next
host that is specified by the agent.
Class 3: Confidentiality attacks [2]
When the assets of the mobile agent are
illegally accessed or disposed by its host,
the privacy of the mobile agent is not
respected and comes under attack.
 There are three subclasses of
confidentiality attacks:

 Eavesdropping
 Theft
 Reverse
Engineering
3.1: Eavesdropping [2]
Occurs when the host spies on the agent
and gathers information about the mobile
agent’s information or about the
intercommunication between agents.
 Although the host may not attempt to alter
the agent, it can use this information for
it’s own benefits.

3.2: Theft [2]
Occurs when the malicious host not only
spies on the agent, but also removes
information from the agent.
 Theft and eavesdropping are closely
related.
 The malicious host may also “steal” the
agent itself, use it for its own purposes, or
simply kill it.

3.3: Reverse Engineering [2]
Occurs when the malicious host captures
the mobile agent, analyzes its data and
state in order to manipulate future or
existing agents.
 Different to a theft attack, a reverse
engineering attack enables the host to
construct its own similar agents, or update
the profile of information to which the
agent gets access.

Class 4: Authentication risks [2]



In the case of the malicious host problem, the
agent must be able to correctly identify and
authenticate its executing host.
The host may hide it’s own identity or refuse to
present it’s own credentials which may
jeopardize the intended goal of the agent.
There are two subclasses of authentication
attacks:
 Masquerading
 Cloning
4.1: Masquerading [2]

Occurs when an executing host masks
itself as one of the hosts on the agent’s
itinerary when it is actually not on it.
4.2: Cloning [2]
Occurs when a host creates an exact copy
of the mobile agent.
 Each agent carries its own credentials in
order to gain authorized access to the
services of its executing hosts.
 Examples include:

 When
a host creates a clone of the mobile
agent this causes unique agent authentication
problems.
Malicious Host
Detection
Malicious Host Detection [9]



Threat diagnostic, using AND/OR tree and risk
analysis, is a mechanism to protect mobile
agents against malicious host attacks.
The method is based on analyzing the probable
causes of mobile agent failure to perform its
intended function.
It uses the symptoms of different types of
malicious host attacks and arranges them in a
logical order depending on the expected
outcomes.
Malicious Host Detection [9]



Mobile agents consist of three parts: code, a
data state and an execution state that allows
them to continue their program on the next
platform [6].
Mobile agents transport sensitive information
such as secret keys, electronic money, and other
private data.
We need to have a program that actively
protects itself against an execution environment
that possibly may divert the intended execution
towards a malicious goal [11].
Threat Diagnostic AND/OR Tree [9]

One analytical threat derivation technique is the
threat tree approach [1] who’s goal is to prevent
mobile agent failures due to malicious host
attacks.
 Need
to determine some symptoms for every attack
class.
 Need to develop a threat tree using a relationship
between the attacks and symptoms of these attacks
based on the logical AND/OR relation in which attack
can occur only if one the symptoms could occur.

Then one can identify the attack type based on
the symptoms it produces
Protecting mobile agents from
malicious hosts [9]

Attacks against mobile agents are classified as
active and passive attacks [4].
 In
a passive attack, the attacker does not interfere
with the mobile agent, but only attempts to extract
useful information from it.
 In active attacks, the attacker can arbitrarily intercept
and modify code and data of the mobile agent.

In the next table, we see the malicious host
known attacks and the attack symptoms.
Malicious host attacks
Symptoms
Spying out code
Long execution time
Temporary storage
Open source code
Open source code
Long time before visit next host
Deterioration in performance
Alter agent
Determine next execution step
Watching the control flow
Temporary storage
Break code
Update or change code, state
Change behavior of agent
Temporary storage
Damaged or modification of data
Open source code
Break code
Update or change code, state
Long execution time
Open source code
Determine next execution step
Temporary storage
Open source code
Watching the control flow
Non-executable or delay execution
Change behavior of agent
Wrong results
Open source code
Break code
Watching the control flow
Wrong results
Spying out data
Spying out control flow
Manipulation of code
Manipulation of data
Manipulation of control flow
Incorrect execution of code
Masquerading of the host
Denial of execution
Spying out interaction with other agents
Manipulation of interaction with other agents
Returning wrong results of system calls issued
by the agent
Malicious Host Detection [9]
The objective is to allow an agent to
execute security-sensitive computations
even in an un-trusted execution
environment.
 If this objective is not met due to the
nature of an attack, then the agent will
self-destruct.
 Figure 1: symptoms for every malicious
hosts attack classes

Ranking of Critical Malicious Host
Attacks [9]
Experiments were carried out with Java
code to create a 1000 random malicious
host generator (RMH).
 The RMH provided six malicious host
attack classes with fourteen attack
symptoms.

Probability of Malicious Host
Attack Cases
Probable
Attack
4
5
Malicious Host
Attack Case
Spying
Manipulation
Incorrect Execution of
Code
Denial of Execution
Wrong Results
6
Masquerading
0.121
Rank
1
2
3
0.538
0.451
0.270
0.264
0.263
Countermeasures
Countermeasures To Mobile Agent
Security Threats [2]


Countermeasures reduce the vulnerability of the
mobile agent against malicious hosts.
Mobile agent computing allows for both
prevention and detection mechanisms.
 Prevention
mechanisms aim to protect the mobile
agent to such an extent that it becomes difficult, or at
least very expensive to attack the agent
 detection mechanisms perform checks to discover
possible security breaches

We discuss four types of countermeasures
based on trust, recording and tracking,
cryptography and time techniques.
Type 1: Trust-based computing [2]

Prevention
 Tamper
Resistant Hardware
 Trusted execution environment

Detection
 Detection
objects
Type 2: Countermeasures based
on Recording and Tracking [2]

Prevention
 Anonymous itinerary
 Phone home
 Using a mobile agent

system
Detection
 Path
histories
 Itinerary recording with replication and voting
 Mutual itinerary recording
 Server replication
 Reference states
Type 3: Countermeasures based
on cryptographic techniques [2]

Prevention
 Sliding
encryption
 Computing with encrypted functions
 Environmental key generation
 Digital signatures

Detection
 Cryptographic
Tracing
 Partial result encapsulation
 Partial result authentication codes
Type 4: Countermeasures based
on time techniques [2]

Prevention
 Time

sensitive agents
Detection
 Time
sensitive agents
Threat Classes and
Corresponding Suitable
Countermeasures Table
Threat
Class
Threat Subclass
Suitable Countermeasures
Integrity
Attack
Integrity interference
Trusted execution environment
Encryption
Reference states
Information modification Tamper resistant hardware
Trusted execution environment
Detection objects
Itinerary recording8
Anonymous itinerary
Reference states
Phone home
Encryption
Environmental key generation
Partial result encapsulation &
authentication
Cryptographic tracing
Threat
Class
Threat Subclass
Suitable Countermeasures
Availability
Refusal
Denial of service
Trusted execution environment
Server replication
Path histories
Cryptographic tracing
Delay of service
Trusted execution environment
Path histories
Server replication
Transmission refusal
Trusted execution environment
Server Replication
Threat Class
Threat Subclass
Suitable Countermeasures
Confidentiality
Attack
Eavesdropping
Trusted execution environment
Using a mobile agent system
Encryption
Environmental key generation
Theft
Tamper resistant hardware
Trusted execution environment
Itinerary recording
Using a mobile agent system
Sliding encryption
Reverse Engineering
Trusted execution environment
Encryption
Using a mobile agent system
Time sensitive agent
Threat Class
Threat Subclass
Suitable Countermeasures
Authentication
Risk
Masquerading
Trusted execution environment
Digital signatures with recording
& tracking methods
Cloning
Trusted execution environment
Using a mobile agent system
Encryption
Time sensitive agents
Conclusions

We have described classes of security threats being
imposed on mobile agents by malicious hosts




integrity attacks, availability refusals, confidentiality attacks and
authentication risks
It appears that most of the available countermeasures
focus on integrity attacks, while very few exist to counter
the others.
The creation of a trusted execution environment is the
one measure that covers all the threats.
Whether it is feasible to construct a trusted execution
environment under Internet conditions remains to be
seen. The malicious host problem is intriguing and offers
many opportunities for further research.
Conclusions
One alternative to a trusted execution
environment is to have protective
measures added to the mobile agent code
itself.
 In this case, the agent will self-destruct
when an attack has taken place. The
overhead encountered with this alternative
approach is the main problem of applying
it in all types of mobile agents. [9]

Future Work

Multi-Layer Protection of Mobile Code
 Complete
Obfuscation
 Encrypted Execution
 Code Watermarking

Encrypting Java Archives and its
Application to Mobile Agent Security
References:





[1]: Edward G. Amoroso. Fundamentals of Computer
Security Technology. Prentice-Hall International, Inc.
1994.
[2]: Elmarie Bierman and Elsabe Cloete. Classification of
Malicious Host Threats in Mobile Agent Computing.
Technikon Pretoria and University of South Africa. 2002.
[3]: William M. Farmer, Joshua D. Guttman and Vipin
Swarup. Security for Mobile Agents: Issues and
Requirements. MITRE. 1997.
[4]: Warwick Ford. Computer Communications Security –
Principles, Standard Protocols and Techniques. Prentice
Hall,1994.
[5]: Dan Gaudette. Mobile Agents: An Introduction.
Lakehead University. October 28, 2003.
References:




[6]: Fritz Hohl. A framework to protect mobile agent by
using reference states. University of Stuttgart, Germany.
March 2000.
[7]: Geetha .N. Kapse. Airline Ticket Information
Retrieval Using Mobile Agents. California State
University, Sacramento. April 29, 2003.
[8]: Giang Nguyen, Tung Dang. Agent Platform
Evaluation And Comparison. June 2002.
[9]: Magdy Saeb, Meer Hamza, and Ashraf Soliman.
Protecting Mobile Agents against Malicious Host Attacks
Using Threat Diagnostic AND/OR Tree. Arab Academy
for Science, Technology & Maritime Transport Computer
Engineering Department, Alexandria, Egypt.
References:




[10]: T. Sander and C. Tschudin. Protecting Mobile
Agents against Malicious Hosts. Mobile Agents and
Security, Springer-Verlag, Lecture Notes in Computer
Science. No. 1419, pp.44-60. 1998.
[11]:Toms Sander and Christian F. Tschudin. Protecting
Mobile Agent Against Malicious Hosts. International
Computer Science Institute pp. 92-97, 1998.
[12]: B. Schneier. 2000 Secrets and Lies. Digital Security
in a Networked World. John Wiley & Sons, Inc.
[13]: A.R. Tripathi, N.M. Karnik, T. Ahmed, R.D. Singh, A.
Prakash, V. Kakani, and M.K. Vora. Design of the Ajanta
System for Mobile Agent Programming. The Journal of
Systems and Software. 2001.