Abstract
The major goal of this chapter is to discuss the following tow topics: first is the security issues related to web-based applications with intelligent agents; the second is the adaptation of intelligent agents to existing information security mechanisms. Mobile agents are considered to be an alternative to client-server systems. Security issues are discussed for generic agent-based systems, i.e. intelligent agents migrate to agent platforms. Public key infrastructure (PKI) is a major cryptographic systems deployed for agent-based systems. Cryptographic techniques such as digital signatures, hash function, proxy certificate and attribute certificate, are utilized for protecting both intelligent agents and agent platforms. Countermeasures to agent protections and agent platform protection are given, which are based on information security mechanisms such as authentication, authorization, access control and confidentiality. Other major security concern such as the identity binding and delegation between intelligent agent and its host are discussed with solutions based on proxy certificates and attribute certificates. For application layer security mechanism, non-repudiation and Secure Electronic Transaction (SET) are developed for agent-based applications.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ouardani, A., Pierre, S., Boucheneb, H.: A Security Protocol for Mobile Agents based Upon the Cooperation of Sedentary Agents. J. Network and Computer Applications 30, 1228–1243 (2007)
Weiss, G. (ed.): Multiagent Systems, A modern approach to distributed artificial intelligence. MIT Press, Cambridge (1999)
Pagnia, H., Vogt, H., Gartner, F., Wilhelm, U.: Solving Fair Exchange with Mobile Agents. In: Kotz, D., Mattern, F. (eds.) MA 2000, ASA/MA 2000, and ASA 2000. LNCS, vol. 1882, pp. 57–72. Springer, Heidelberg (2000)
Wilhelm, U., Staamann, S., Buttyan, L.: On the Problem of Trust in Mobile Agent Systems. In: Symposium on Network and Distributed System Security, Internet Society, pp. 114–124 (1998)
Esparza, O., Munoz, J., Soriano, M., Forne, J.: Host Revocation Authority: A Way of Protecting Mobile Agents from Malicious Hosts. In: Cueva Lovelle, J.M., Rodríguez, B.M.G., Gayo, J.E.L., del Ruiz, M.P.P., Aguilar, L.J. (eds.) ICWE 2003. LNCS, vol. 2722, pp. 289–292. Springer, Heidelberg (2003)
Zhou, J., Deng, R., Bao, F.: Evolution of Fair Non-repudiation with TTP. In: Pieprzyk, J.P., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 258–269. Springer, Heidelberg (1999)
ITU-T, Recommendation, X.813: Information Technology-Open Systems Interconnection- Security Frameworks in Open Systems, Non-repudiation Framework (1996)
Li, B., Luo, J.: On Timeliness of a Fair Non-repudiation Protocol. In: InfoSecu 2004, pp. 99–106 (2004)
Jansen, W.: Countermeasures for Mobile Agent Security. Computer Communications 23, 1667–1676 (2000)
Zhang, M., Karmouch, A.: Adding Security Features to FIPA Agent Platform (2001), http://www2.elec.qmul.ac.uk/~stefan/fipa-security/rfi-response/Karmouth-FIPA-Security-Journal.pdf
Deng, X.: A Comparison of the Security Frameworks in Agent-Based Semantic Web. 20th Computer Science Seminar, SC2-T4-1
Jansen, W., Karygiannis, T.: NIST Special Publication 800-19: Mobile Agent Security (1999)
Ou, C.-M., Ou, C.R.: Adaptation of Proxy Certificates to Non-Repudiation Protocol of Agent-based Mobile Payment Systems. Applied Intelligence (Accepted and online first) DOI: 10.1007/s10489-007-0089-4
Ma, L., Tsai, J.: Security Modeling and Analysis of Mobile Agent Systems. Imperial College Press (2006)
Hu, Y.-J.: Trusted Agent-mediated E-commerce Transaction Services via Digital Certificate Management. Electronic Commerce Research 3, 221–243 (2003)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in Distributed Systems; Theory and Practice. ACM Trans. Computer Systems 10(4), 265–310 (1992)
Romao, A., da Silva, M.: Secure Mobile Agent Digital Signatures with Proxy Certificates. In: Liu, J., Ye, Y. (eds.) E-Commerce Agents. LNCS (LNAI), vol. 2033, pp. 206–220. Springer, Heidelberg (2001)
Ugurlu, S., Erdogan, N.: Comparing Object Encodings. In: Ito, T., Abadi, M. (eds.) TACS 1997. LNCS, vol. 1281, pp. 415–438. Springer, Heidelberg (1997)
Hu, Y.-J., Tang, C.-W.: Agent-oriented Public Key Infrastructure for Multi-agent E-service. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2773, pp. 1215–1221. Springer, Heidelberg (2003)
Jansen, W.A.: A Privilege Management Scheme for Mobile Agent Systems. Electronic Notes in Theoretical Computer Science 63, 91–107 (2002)
IETF RFC 3281: An Internet Attribute Certificate Profile for Authorization
Information Technology-Open Systems Interconnection-Security Frameworks for Open Systems: Access Control Framework, ISO/IEC 10181-3:1996
Zhou, J., Gollmann, D.: A Fair Non-repudiation Protocol. In: Proc 1996 IEEE Symposium on Security and Privacy, pp. 55–61 (1996)
Lee, W.-B., Yeh, C.-K.: A New Delegation-based Authentication Protocol for Use in Portable Communication Systems. IEEE Trans. Wireless Communications 4(1), 57–64 (2005)
Ou, C.-M., Ou, C.R.: Non-Repudiation Mechanism of Agent-based Mobile Payment Systems: Perspectives on Wireless PKI. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2007. LNCS (LNAI), vol. 4496, pp. 298–307. Springer, Heidelberg (2007)
Esparza, O., Munoz, J., Soriano, M., Forne, J.: Secure Brokerage Mechanisms for Mobile Electronic Commerce. Computer Communications 29, 2308–2321 (2006)
Stallings, W.: Cryptography and Network Security, 3rd edn. Prentice Hall, Englewood Cliffs (2003)
Romao, A., Silva, M.: An Agent-based Secure Internet Payment System for Mobile Computing. In: Lamersdorf, W., Merz, M. (eds.) TREC 1998. LNCS, vol. 1402, pp. 80–93. Springer, Heidelberg (1998)
Yi, X., Siew, C., Wang, X., Okamoto, E.: A Secure Agent-based Framework for Internet Trading in Mobile Computing Environment. Distributed and Parallel Database 8, 85–117 (2000)
Raghunathan, S., Mikler, A., Cozzolino, C.: Secure Agent Computation: X.509 Proxy Certificates in a Multi-lingual Agent Framework. J. Systems and Software 75, 125–137 (2005)
Benachenhou, L., Pierre, S.: Protection of a Mobile Agent with a Reference Clone. Computer Communications 29, 268–278 (2006)
Hutter, D., Mantel, H., Schaefer, I., Schairer, A.: Security of Multi-agent Systems: A Case Study on Comparison Shopping. J. Applied Logic 5(2), 303–332 (2007)
Kuo, M.H.: An Intelligent Agent-based Collaborative Information Security Framework. Expert Systems with Applications 32, 585–598 (2007)
Vila, X., Schuster, A., Riera, A.: Security for a Multi-agent System based on JADE. Computer & Security 26, 391–400 (2007)
Lin, M.-H., Chang, C.-C., Chen, Y.-R.: A Fair and Secure Mobile Agent Environment based on Blind Signature and Proxy Host. Computer & Security 23, 199–212 (2004)
Zhang, M., Karmouth, A., Impey, R.: Towards a Secure Agent Platform Based on FIPA. In: Pierre, S., Glitho, R.H. (eds.) MATA 2001. LNCS, vol. 2164, pp. 277–290. Springer, Heidelberg (2001)
Suna, A., Fallah-Seghrouchni, A.: A Mobile Agents Platform: Architecture, Mobility and Security Elements. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 126–146. Springer, Heidelberg (2005)
Bsufka, K., Holst, S., Schnidt, T.: Ralization of an Agent-based Certificate Authority and Key Distribution Center. In: Albayrak, Ş. (ed.) IATA 1999. LNCS (LNAI), vol. 1699, pp. 113–123. Springer, Heidelberg (1999)
Das, A., Yao, G.: A Secure Payment Protocol Using Mobile Agents in an Untrusted Host Environment. In: Kou, W., Yesha, Y., Tan, C.J.K. (eds.) ISEC 2001. LNCS, vol. 2040, pp. 33–41. Springer, Heidelberg (2001)
Borrel, J., Robles, S., Serra, J., Riera, A.: Securing the Itinerary of Mobile Agents through a Non-Repudiation Protocol. In: Proceedings IEEE 33rd Annual, International Carnahan Conference, pp. 461–464 (1999)
Roth, V., Jalali-Sohi, M.: Access Control and Key Management for Mobile Agents. Comput. & Graphics 22(4), 457–461 (1998)
Chang, C.-C., Lin, I.-C.: A New Solution for Assigning Cryptographic Keys to Control Access in Mobile Agent Environments. Wireless Communications and Mobile Computing 6, 137–146 (2006)
Ou, C.-M., Ou, C.R.: SETNR/A: An Agent-based Secure Payment Protocol for Mobile Commerce. In: Nguyen, N.T., Jo, G.S., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2008. LNCS (LNAI), vol. 4953, pp. 527–536. Springer, Heidelberg (2008)
Seo, S.-H., Lee, S.-H.: A Secure Mobile Agent System Using Multi-signature Scheme in Electronic Commerce. In: Chung, C.-W., Kim, C.-k., Kim, W., Ling, T.-W., Song, K.-H. (eds.) HSI 2003. LNCS, vol. 2713, pp. 527–536. Springer, Heidelberg (2003)
Ou, C.-M., Ou, C.R.: Role-based Access Control (RBAC) Mechanism with Attribute Certificates for Mobile Agent. In: Proceedings of 10th Joint Conference of Information Sciences (JCIS 2007) (2007)
Liew, C.-C., Ng, W.-K., Lim, E.-P., Tan, B.-S., Ong, K.-L.: Non-Repudiation in an Agent-Based Electronic Commerce System. In: DEXA Workshop, pp. 864–868 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ou, CM., Ou, C.R. (2009). Security of Intelligent Agents in the Web-Based Applications. In: Nguyen, N.T., Jain, L.C. (eds) Intelligent Agents in the Evolution of Web and Applications. Studies in Computational Intelligence, vol 167. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88071-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-88071-4_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88070-7
Online ISBN: 978-3-540-88071-4
eBook Packages: EngineeringEngineering (R0)