کنفرانس بین المللی 2010 بر روی شبکه و جامعه دیجیتال
تجارت الکترونیک امنیت ساخت مدل بر اساس عامل متحرک
خلاصه با توسعه فناوری شبکه و استفاده گسترده ای از تجارت الکترونیکی ، تجارت الکترونیکی فرآیندهای سنتی و پشتیبانی تکنولوژی با چالش مواجه شدند. فن آوری عامل تلفن همراه به عنوان یک مدل جدید محاسبات توزیع شده ، دارای مزایای بسیاری شخصی و ویژگی های از قبیل : کاهش بار شبکه ، بدون اتصالات شبکه مستمر و آسان برای حمایت از خدمات ، که به عنوان نسل بعدی از توجه داشته باشید شبکه کامپیوتری توسط بسیاری از محققان مورد ستایش قرار داد. با این حال ، تحرک عامل موبایل به ارمغان می آورد ، بسیاری از عدم قطعیت ، به منظور به فعال کردن عامل تلفن همراه با موفقیت به تجارت الکترونیک اعمال می شود ، ما باید مسائل امنیتی عامل موبایل را حل کند. سیستم عامل تلفن همراه بر اساس تجزیه و تحلیل از مسائل امنیتی ، پیشنهاد عامل تلفن همراه مبتنی بر سیاست های امنیتی بر اساس حزب اعتماد ، سوم ، بر این اساس ، ایجاد تجارت الکترونیک مدل امنیتی است.
کلمات کلیدی موبایل ، تجارت الکترونیک ، مدل امنیتی ؛
2010 International Conference on Networking and Digital Society
E-Commerce Security Model Construction Based on Mobile Agent
Van Li, Min Fu, Lina Yu
Abstract-With the development of network technology and the extensive use of e-commerce, the traditional e-commerce processes and its supported technology were faced with challenges. As a new distributed computing model, Mobile Agent technology has many personal advantages and features such as reducing network load, without continuous network connections and easy to support services, having been hailed as the next generation of network computing note by many scholars. However, the mobility of Mobile Agent brings a lot of uncertainty, in order to enable Mobile Agent successfully applied to e-commerce, we must solve the Mobile Agent’s security issues. Mobile Agent System based on the analysis of security issues, proposes a mobile agent-based security policy based on trusted third party, on this basis, builds e-commerce security model.
Keywords-Mobile Agent; e-commerce; security model;
With the rapid development of e-commerce, its security issues were particularly notable and the traditional Client / Server (C / S) computing model has been unable to meet the actual needs of network application, distributed computing is increasingly becoming one of the critical study in computing technology field nowadays. As an emerging distributed computing model, Mobile Agent has many merits such as reducing network load, overcoming network latency, supporting for mobile clients and cross-platform implementation, robustness and fault tolerance [I]. It can migrate from one host to another automatically on the network to complete the assignments given by the owner of Mobile Agent, such as searching, filtering and collecting information, etc, or even e-commerce activities on behalf of users . E-commerce based on Mobile Agent has the intelligence, dynamic and mobility, which have brought new ideas and excellent features to distributed computing. However, because its procedures were implemented on the host for freedom movement and complete autonomy, it also brings a lot of problem of traditional security fields of e¬commerce .
- MOBILE AGENT SECURITY ISSUES
Mobile Agent mobility will bring a lot of uncertainty, if Mobile Agent could be widely accepted and successfully applied to e-commerce, we must solve the Mobile Agent’s security issues. Mobile Agent-structure generally consists of three parts: the implementation of the code segment, data segment and the implementation status segment, in which the
implementation status segment includes agent’s migration ,¬log and agent’s current state of implementation.
Mobile Agent security exists the following questions -: First, whether Mobile Agent enable to protect themselves from malicious hosts attacks, namely, secure Mobile Agent code, data and the integrity of the implementation process. Second, whether Mobile Agent can hide its real function on the host, which protects the privacy of Mobile Agent. Third, whether Mobile Agent can sign the private key remotely without revealing their owners.
- Protecting the Integrity of the Mobile Agent on the Host
After Mobile Agent migrates to the host, the host has absolute control on agents. So it is difficult to prevent a malicious host to conduct sabotage activities, such as modifying the state of implementation, adjusting the process of implementation, tampering with the carried data, changing agent migration routes, and even directing the termination of agency activities. In this way, protecting the integrity of Mobile Agent on host is to get the agent owner can verify the correctness of the implementation of Mobile Agent, return the correctness and completeness of the data, or it can be detected host malicious behavior early in the implementation process and make reactions include warnings, reports, and even avoiding counter-attack. The integrity protection method mainly in the following four categories:
1) Proof system: Choosing an algorithm authentication method, after implement by the host, it will use this algorithm to prove to be correct and the results are returned to its owners to identify whether it is under attack. Algorithm to ensure correctness proof is easy than the verification of its structure (which is a NP problem), so that the host is difficult to forge a correctness proof, but the agent owner is easy to verify. The difficulty is to find a suitable algorithm to reach the requirements.
2) Trace of execution: The easiest way to think of is that each implementation host reserves the implementation process of the Mobile Agent, and this process, directly or gallimaufry, sends to the owner or a third party trusted nodes to prove it did not have malicious acts to the Mobile Agent, after owner received, comparing to their process of implementation to ensure the integrity of the entire implementation process, or determined by a third party if there is a problem. This method depends on the tracking technology of the implementation process, if fully performed on hostile hosts, then the host may forge a track record and
falsify the state of agency or collude other malicious code to launch common attacks, therefore, it must use other technologies in combination, such as authentication mechanisms and chain signature technologies. This method is simple and more mature, but the owner of Mobile Agent must re-run again the agent program with the same input when tests whether implements completely, it consumes the more time and all kinds of resources, as well, due to re¬running input data of implement host, it is difficult to have the means to ensure the input data of the implementation host not stolen by the host agency owner. Therefore, some compromise can be used: only check the mobile code in a code implementation, the host does not know the owner to check the operative part of the code. So it can reduce the owner’s computation, but also make part of a malicious host’s fabrication process may muddle through, reducing the Mobile Agent’s complete security.
3) Fault tolerance:At the same time, more than one same initial state Mobile Agents are sent to different host to perform that there are no collusions to provide the same services between each other, and then vote to the final results on a trusted host. The precondition of successful implementation method is difficult to achieve, and redundancy is large. In a sense, it losses the advantages of Mobile Agent. However, we can adopt a compromise approach, that is, in certain key, Mobile Agents with the same initial state. will be distributed out, and then after performed the same tasks, they can vote to get results without completing all tasks. So-called key point is that the task to be performed from the beginning point plays a decisive role in the entire task of Mobile Agent, or this point is the optimal checkpoint of creating theoretically .
. . 4) Test results: Depending on software reliability analysis technology, the procedures in the Mobile Agent inserts a specific function, the use of a trusted third-party checker aiming at the input to check the correctness of its outputs, or the reasonability of the use of authentication technologies to test the agent in operating results of the implementation of the host to speculate whether there is malicious behavior.
- Mobile Agent’s Privacy Protection on the Host
After Mobile Agent migrates to the host, the host has to “read” these execution codes so that it is possible to implement Mobile Agent to help them complete the task, thus, malicious host can steal the code logic of Mobil Agent fully, on this basis, tampering or destructing Mobile Agent to get their benefits undeservedly. For example, the buyer wants to purchase goods form the supplier, thus sending out a bargaining agent. The agency not just considers price, but also takes into account the after-sales service, performance and other indicators and a formula between these indicators. Mobile Agent migrates to the host provider, if the suppliers can understand Mobile Agent’s logic of negotiations during the negotiations, it can make the most beneficial program of
its own negotiations ultimately, win the negotiate or even tamper with the code of bargaining agent to buy into the high price of poor quality goods. Of course, in this case, the bargaining agent must use foregoing proposed ways to ensure that the security of data such as credit card information.
In the existing study about protecting the privacy of code, the methods can be roughly classified into the following categories:
1) Packaging intermediate results. The core idea of the method is: Agent visits each of its activities’ results on the platform, and then packages it to prepare for subsequent confirmation. It can be used for different purposes of different specific mechanisms to achieve the result of packaging, such as the use of encryption to ensure confidentiality, use of digital signatures to ensure integrity. Obviously, the more frequency platforms are visited, the higher cost of package and confirmed becomes.
2) Evaluation of encryption junction: This is an approach, which have basic theory. The purpose is to allow Mobile Agent (MA) carry in any Execution Environment (EE), even if the EE is not necessarily credible. The method can make the implementation of EE pairs of instruction is through a cryptographic function. EE is not directly “see” to the source. The method can be described as follows:
Set A has calculation function f, B has input x, B would like calculate the value of f (x) for A, but A does not want B understand the logic of the function f, B does not want A know about the contents of about x, and asks B cannot contact with A in the implementation of f (x), its implementation process is :
- A encrypt function f, set it E (f);
- A establishes a program, set it P to perform E (f), namely P (E (f));
- A sends P (E (f)) to B;
- B enters x, begins implement P (E (f)), and gets the result R (x) = P (E (f)) (x);
- B returns result R (x) to the A (the result of function is also encrypted);
- A decrypts R (x) and gets f (x).
If the function f embeds digital signature, then the MA can also encrypt the information unaware of EE. The key of this approach is that to be able to find an encryption method for any function f. Not yet find a common solution, but if you need to encrypt the polynomial and rational functions, then this method is entirely feasible.
3) Based on credible third-party: The first two parts introduce integrity protection and privacy protection of the code, and summarize some current research solutions, but each method has shortcomings. Therefore, we propose a solution based on trusted third-party program, while
addressing the code integrity and privacy protection issues. The core part of this program is performed into the trusted third party, while other parts are run on the host. In this way, as long as have well-designed agreement, we can solve the integrity and privacy issues of the code at the same time, as well as carrying data and security of state data.
III. SECURITY POLICY BASED ON MOBILE AGENT TRUSTED THIRD PARTY
Mobil Agent is used into security of e-commerce as backgrounds, in order to ensure the commercial interests of both e-commerce, business integrity and privacy, preventing malicious attacks between Mobil Agent and Mobile Agent platform, especially against a malicious agent platform or the third part steal the data information carried by Mobil Agent, pretend or even destroy the Mobile Agent, making losses to the owner of Mobile Agent. Using Security design of Mobile Agent system based on trusted third party and the integrated use of various information security technologies and measures can improve reliability and robustness of Mobile Agent system.
- Using Fault-Tolerant Technology
Using multi-Agent system and trusted third party as a data processing platform, divide data collection and data processing on different platforms, combined with threshold secret sharing technology, a number of Agent together to complete a task, to exclude malicious host or other Agent attacks, with tampering, impersonating, error and so on.
- Packing Intermediate Results
To prevent the intermediate results being stolen, using encryption method to carry. To solve the password management and distribution problems, using D-H key exchange technologies produce shared key, using symmetric cryptographic encrypt algorithm intermediate results to protect the privacy of data.
- Encrypted Information Transmission
Using encrypted method transmit, using symmetric key encrypt Mobile Agent, using other’s public key encrypt symmetric key, the encrypted symmetric key transmits with encrypted Mobile Agent, even if Mobile Agent was eavesdropped or captured by a malicious third party in the process of migration, a malicious third party could not get any information.
- Limited Authorization
The owner of Mobile Agent generates a pair of keys to deal with the Mobile Agent of intermediate results, and provides the issuance of a valid certificate and a short-term authorization documents, stating that the Mobile Agent may sign the agreement on their own behalf within the validity of the certificate. After Mobile Agent’s private key and the enabling instrument were encrypted with a symmetric key, deliver the Mobile Agent to carry. The symmetric key divide
into several key pieces according to the threshold technology, deliver the Mobile Agent to carry, so that only collecting a certain number of key pieces before they can be authorized.
- Two-Way Authentications
Using two-way authentications to prevent bogus.
- E-COMMERCE SECURITY MODEL BASED ON MOBILE AGENT
Figure 1 shows a trusted third party based on the security e-commerce model of Mobile Agent, it designs for the security threats, which comes from malicious main host to agent. Workflow of model is as follow:
(1) Client Program based on user input, gives Launch Server query request.
(2) Launch Server generates an agent object, the query is initialized, sets agent’s access route.
(3) Launch Server generates a pair of keys for the agent. (4) Launch Server signs the query request, and registers the public key of agent on the Key Server.
(5) Launch Server sends agent to the network.
(6) The Database Server of Host 1 obtain agent public key from Key Server, and verify the agent queries. Then, the search agent may check the information, and use their private key sign the query results and encrypt public key of agent.
(7) Agent migrates to Host 2.
(8) Database Server of Host 2 performs the same operation in step 6.
(9) Agent migrates to the next Host 3 of access route. (10) The Database Server of Host 3 performs the same operation in step 6.
(11) Agent returns to Launch Server.
(12) Launch Server decrypts query results, and verifies the signature of query results, then checks whether access routes change, calculates finally, reporting the best solution to the client.
(13) Launch Server deletes public key, which completes tasks on the Key Server.
- MODEL ANALYSIS AND TEST
This is a security model based on the public key encryption system; each agent and the host have a pair of keys for encryption and decryption. Agent and the host can encrypt or give digital signature to carry data of agent, in order to achieve protection of the transaction data (such as commodity prices, the number and query results, etc.) In this security model, it uses Key Server to facilitate management of agent’s public key. Before Launch Server sends query agent, queries are signed by the agent’s private key, and registers agent’s public key on the Key Server. Database Server of business obtains agent public key from querying the Key Server, it can verify the source of queries to prevent the agent was pretended. In addition, query results of Database Server use its own private key sign, using agent public key encrypt. on the one hand, to prevent others reading or tampering with query results, ensure Launch Sever that only those with private key of agent read the query results; on the other hand, Launch Server obtains merchant public key via Key Server to verify the source of query results, to prevent other businesses posing as a certain business return a false query result. This will solve the agents’ and merchants’ authentication problem in the system.
In this model, the system’s information security can be ensure through the following mechanism: the use of SSL (Secure Sockets Layer) protocol to make sure the safety of agent’s transmission in the channel; the use of authorized access, resource control, auditing and other security mechanisms to protect Key Server on; the use of RSA algorithm to encrypt and sign the information. The complexity of breaking RSA encryption system depends on the length of the key, the longer key is, the harder it will be broken, the higher security of the system become. Under the present circumstances, 128bits key length can assure the data’s safety. A longer key can be used to encrypt the information and signatures in the future.
To assess the performance of the model, the host agent was tested the round-trip time of information inquiries, which visit three businesses for different sizes (such as the
different volume and conditions of query goods). The results showed that agents’ round-trip time and agents’ query size are linear incremental relationship. This is mainly due to the introduction of the RSA encryption system, each query request and query result must be encrypted and decrypted, and it takes some time. The longer the key is, the more obvious time-consuming become. It also simulates malicious host’s attacks, and changes the agent’s query information and query results, the test revealed that agent’s round-trip time is longer than the time which never suffers from attacks, indicating agent’s round-trip time can be used as an indicator ,. of whether agent being attacked.
Mobile Agent is a major technology of e-commerce system in the future; the article explores security issues in details on e-commerce system based on Mobile Agent and gives a viable security model. With the continuous resolution of these security issues, it is believed that e-commerce system based on Mobile Agent will continue to be refined, promoting the development of e-commerce further.
[I] RuLin Lu. Knowledge Science and Computational SCience rMJ .
Tsinghua University Press 2003.01(ln Chinese)
 White,J.E.,Telescript technology:the foundation for the electronic
marketplaee. White Paper,General Magic Inc.,Mountatin
 Qi Lin,Jianwei Zhang. Mobile Agent Security on MaliciousHost [J], Computer Engineering,2002,(6):118 – 120. (In Ch nese)
 Jianxun Lin, Renfa Li, ShenSheng Zhang. The Issues of Mobile Agent and Safety[J]. Computer Engineering and Applications 2000.07,27 ¬30(In Chinese)
 Ruchuan Wang, Xiaolong Xu, Xiaoyan Zheng, Zhixin Shun.
Reserches on Mobile Agent Security Mechanism Model [J]. Computer reporl,2002, Vol. 25 No. 12,1294 – 1301(ln Chinese)
 Tomas Sander,Christian F Tschudin.Protecting Mobile Agent against
Mulicious Hosts.In:G .. Vigna(Ed.),4 Mobile Agent and
Security,Lecture Notes im Computer
ScienceI419,Springer,Berlin: 1988:44 – 46
 Xiang Tan, Yuqing Gu, Chongming BaD. Mbile Agent System
Security Research [J]. Computer Research and
Development,2003,Yol. 40 No. 7,984 – 993(ln Chinese)