A Security Architecture for Protecting Dynamic Components of Mobile Agents

Transcription

1 A Security Architecture for Protecting Dynamic Components of Mobile Agents by Ming Yao Bachelor of Mechanical Engineering (Zhejiang University of Technology, China) Master of Information Technology (Queensland University of Technology, Australia) Thesis submitted in accordance with the regulations for Degree of Doctor of Philosophy Information Security Research Centre Faculty of Information Technology Queensland University of Technology November 2004

2 QUEENSLAND UNIVERSITY OF TECHNOLOGY DOCTOR OF PHILOSOPHY THESIS EXAMINATION CANDIDATE NAME: CENTRE/RESEARCH CONCENTRATION: PRINCIPAL SUPERVISOR: ASSOCIATE SUPERVISOR(S): THESIS TITLE: Ming Yao Information Security Research Centre Dr. Ernest Foo Professor Ed Dawson Associate Professor Paul Roe A Security Architecture for Protecting Dynamic Components of Mobile Agents Under the requirements of PhD regulation 9.2, the above candidate was examined orally by the Faculty. The members of the panel set up for this examination recommend that the thesis be accepted by the University and forwarded to the appointed Committee for examination. Name: Dr. Ernest Foo Signature Panel Chairperson (Principal Supervisor) Name: Signature Panel Member Name: Signature Panel Member Under the requirements of PhD regulation 9.15, it is hereby certified that the thesis of the above-named candidate has been examined. I recommend on behalf of the Thesis Examination Committee that the thesis be accepted in fulfilment of the conditions for the award of the degree of Doctor of Philosophy. Name Signature Date Chair of Examiners (Thesis Examination Committee) ii

3 Keywords Mobile agents, offer integrity, offer privacy, forward integrity, security architecture, modification attack, insertion attack, colluding servers attack, truncation attack, stemming attack, interleaving attack, hash chaining relationship, recoverable key commitment, joint keys. iii

4 iv

5 Abstract New techniques, languages and paradigms have facilitated the creation of distributed applications in several areas. Perhaps the most promising paradigm is the one that incorporates the mobile agent concept. A mobile agent in a largescale network can be viewed as a software program that travels through a heterogeneous network, crossing various security domains and executing autonomously in its destination. Mobile agent technology extends the traditional network communication model by including mobile processes, which can autonomously migrate to new remote servers. This basic idea results in numerous benefits including flexible, dynamic customisation of the behavior of clients and servers and robust interaction over unreliable networks. In spite of its advantages, widespread adoption of the mobile agent paradigm is being delayed due to various security concerns. Currently available mechanisms for reducing the security risks of this technology do not efficiently cover all the existing threats. Due to the characteristics of the mobile agent paradigm and the threats to which it is exposed, security mechanisms must be designed to protect both agent hosting servers and agents. Protection to agent-hosting servers security is a reasonably well researched issue, and many viable mechanisms have been developed to address it. Protecting agents is technically more challenging and solutions to do so are far less developed. The primary added complication is that, as an agent traverses multiple servers that are trusted to different degrees, the agent s owner has no control over the behaviors of the agent-hosting servers. Consequently the hosting servers can subvert the computation of the passing agent. Since it is infeasible to enforce the remote servers to enact the security policy that may prevent the server from corrupting agent s data, cryptographic mechanisms defined by the agent s owner may be one of the feasible solutions to protect agent s data. v

6 Hence the focus of this thesis is the development and deployment of cryptographic mechanisms for securing mobile agents in an open environment. Firstly, requirements for securing mobile agents data are presented. For a sound mobile agent application, the data in an agent that is collected from each visiting server must be provided integrity. In some applications where servers intend to keep anonymous and will reveal their identities only under certain circumstances, privacy is also necessitated. Aimed at these properties, four new schemes are designed to achieve different security levels: two schemes direct at preserving integrity for the agent s data, the other two focus on attaining data privacy. There are four new security techniques designed to support these new schemes. The first one is joint keys to discourage two servers from colluding to forge a victim server s signature. The second one is recoverable key commitment to enable detection of any illegal operation of hosting servers on an agent s data. The third one is conditionally anonymous digital signature schemes, utilising anonymous public-key certificates, to allow any server to digitally sign a document without leaking its identity. The fourth one is servers pseudonyms that are analogues of identities, to enable servers to be recognised as legitimate servers while their identities remain unknown to anyone. Pseudonyms can be deanonymised with the assistance of authorities. Apart from these new techniques, other mechanisms such as hash chaining relationship and mandatory verification process are adopted in the new schemes. To enable the inter-operability of these mechanisms, a security architecture is therefore developed to integrate compatible techniques to provide a generic solution for securing an agent s data. The architecture can be used independently of the particular mobile agent application under consideration. It can be used for guiding and supporting developers in the analysis of security issues during the design and implementation of services and applications based on mobile agents technology. vi

7 Contents Certificate Recommending Acceptance Keywords Abstract Declaration Previously Published Material Acknowledgements ii iii v xix xxi xxiii 1 Introduction Aims and Objectives Contributions and Achievements Outline of the Thesis Current Mobile Agent Systems, Applications and Their Issues From Code Mobility To Mobile Agents What Is a Mobile Agent? Mobile Agent Data Structure A Mobile Agent s Lifecycle and Its State Transition Diagram State 1: Create and Clone State 2: Execute State 3: Services Search State 4: Migrate State 5: Arrival State 6: Halt and Dispose vii

8 2.2.3 An Agent s Itinerary - Fixed Vs. Flexible Application Domains of Mobile Agents Distributed information retrieval Advanced telecommunication services Work management and cooperation Electronic commerce Existing Mobile Agent Architectures Ajanta SOMA Gypsy Known Attacks General Threats in a Mobile Agent System Threats to the Dynamic Data of An Agent Truncation Attacks Stemming attack Security Objectives Review of Mobile Agent Systems Security Common Security Techniques Protection of Agent Applet Firewall Code Obfuscation Computing with Encrypted Functions Proof Verification Fault Tolerance Investigation and Trust Building State Appraisal Forward Integrity Tamper Resistant Devices Detection of agent tampering Prevention of agent tampering Protection of Host Protecting A Mobile Agent s Data - State of Art Forward Integrity KAG Protocol Forward Privacy viii

9 2.8.4 Execution Integrity Execution Privacy Conclusion Security Architecture Security Requirements Participants Security Mechanisms Digital Signatures Hash Chaining Relationship Pseudonyms Single Hop Verification Integration System Setup Creation Execution Migration Agent s Return Security Analysis Integrity of the Dynamic Component Privacy of the Dynamic Component Extension to the Architecture - A Secure Client Agent Environment Background Web Server as Agent Provider Web Agents from Server Side Secure Client Agent Environment (SCAE) Agent Manager Platform for Agent Collaboration and Delegation Security of SCAE Use of Tamper-Resistant Hardware An Prototype Implementation: Hosting Multiple Agents in SCAE A Demonstrative Application of SCAE: e-sales A Case Study - Application of Agent Technology to Certificate Objects Background ix

10 3.7.2 Protection to Active Certificates Agents Principles to Protect the Host Principles to Protect the Certificate Conclusion Offer Integrity Security Requirements for Forward Integrity An Improved Forward Integrity Protocol OF Notations Participants Publicly Verifiable Signature Scheme using Split Knowledge (OF1) Security analysis Implementation of OF1 in.net Choosing.NET and C# as an Implementation Platform. 101 Implementing the Protocol Large Number Arithmetic Agent Support Performance Analysis Recoverable Key Commitment Technique OF Variations of Truncation Attack and Strong Truncation Resilience Notation Recoverable Key Commitment (RKC) Application of the RKC Technique Against Truncation Attack in Mobile Agents Participants How to Apply the RKC in OF Setup Creation Execution Migration Agent s return Security Analysis Comparison of OF1 and OF Conclusion x

11 5 Offer Privacy Some Known Attacks Security Requirements for Offer Privacy Providing Offer Privacy Using Group Signatures OP Notations Group Signature Scheme Overview of Scheme OP Participants How it works A New Hashed Chained Group Scheme (OP1) Security Analysis Offer Privacy Single Hop Verification Prevention of Known Attacks Conditionally Anonymous Digital Signatures OP Notations New Conditionally Anonymous Digital Signatures The Anonymous Public-Key Certificate Generation Conditionally Anonymous Digital Signatures Using Conditionally Anonymous Digital Signatures to Provide Offer Privacy OP Overview of OP Participants Chaining Relationship and Data Integrity Chained Signatures with Conditional Anonymity Security Analysis Offer Privacy Defense against some known attacks Comparison of OP1 and OP Conclusion Security Properties and Performance Analysis Security Properties Properties Provided by the Supporting Mechanisms Digital Signature Schemes Hash Chaining Relationship xi

12 Pseudonyms Single Hop Verification Joint Keys Recoverable Key Commitment (RKC) Conditional Anonymous Digital Signature (CADS) Security Properties Provided by OF1, OF2, OP1, OP Offer Integrity Offer Privacy Offer Confidentiality Offer Creator Non-repudiation Digital Signatures and Hash Chaining Relationship Hash Chaining Relationship Single Hop Verification Pseudonyms Conditionally Anonymous Digital Signatures (CADS) Recoverable key commitment (RKC) Defending Against Known Attacks Modification, Insertion and Deletion Truncation and Stemming Colluding Servers Attack Performance Analysis Classification of OF1, OF2, OP1 and OP Discussion of the Security Architecture Configuration Components Required by OF1, OF2, OP1 and OP Electronic Marketplace Implementation Issues Conclusion Conclusions and Future Work Summary of Contributions A Security Architecture Security Properties and Their Supporting Mechanisms Avenues for Future Work A Cryptographic Tools 203 A.1 ElGamal Signature Scheme A.2 Group Signatures xii

13 A.2.1 Ateniese s Group Signature SETUP JOIN SIGN VERIFY OPEN Bibliography 209 xiii

14 xiv

15 List of Figures 1.1 A Mobile Agent s Working Mechanism Topics Covered in the Thesis Regarding Mobile Agent Technology Dynamic component and static component in a mobile agent A mobile agent s life cycle A Mobile Agent State Transition Diagram A Simple Example of Itinerary for a Shopping Agent Truncation attack and stemming attack Categories of Security Mechanisms in Protecting Mobile Agents against Distrusted Hosts The KAG Protocol Participants in our architecture Generate a pseudonym D i for server S i Pull All the Components Together Security techniques integration in the architecture Trust Link Established through Security Servers User-Centred Agent Collaboration Trust Link Requirements in different Models Downloading and Installation of Web Agent Communication Among Agents Colluding servers attack on the KAG protocol (Black dots mean colluding servers) Architecture and its participants for OF The New Forward Integrity Scheme OF1 using Split-knowledge Architecture of OF1 Implementation Top-level C# APIs in the OF ElGamal encryption algorithm using the managed C++ LN wrapper107 xv

16 4.7 The LN Structure in the C version of the LN library API primitives for exponentiation in the C version of the LN library Architecture and its participants for OF The protocol using recoverable key commitment mechanism Architecture and its participants for OP Generate a pseudonym D i for server S i Hash chained group signature scheme: S 0 E-market gateway (EG) Hash chained group signature scheme: e-market gateway (EG) S Hash chained group signature scheme: S i S i+1 (1 i n) Comparison between a regular public key certificate and an anonymous public key certificate Applying Pseudonyms Protocol Obtaining Blind Signature on the Public Key Protocol Architecture and its participants for OP Chained Signatures with Conditional Anonymity Scheme: S 0 E-market gateway (EG) Chained Signatures with Conditional Anonymity Scheme: E-market gateway (EG) S Chained Signatures with Conditional Anonymity Scheme: S i S i+1 (1 i n) The Mobile Agent Topics Covered in This Thesis and Potential Topics For Future Research A.1 JOIN protocol xvi

17 List of Tables 2.1 Threats in the corresponding agent state A summary of the detection mechanisms A summary of the protection mechanisms Access Control List Yellow Page Notation used in OF1 ( 0 i n unless i is indicated) Comparison of the KAG protocol and OF1 upon security requirements Performance of Exponentiation in various big number libraries Notation used in this paper ( 0 i n unless i is indicated) Comparison of OF1 and OF2 on Security Properties Comparison of average computational cost of the KAG and OF1, OF Comparison of maximum communication cost of the KAG and OF1, OF Notations used in OP1 ( 0 i n unless i is indicated) Notation used in OP2 ( 0 i n unless i is indicated) Comparison of OP1 and OP2 on security properties Comparison of average computational cost of OP1, OP2 and the KAG Comparison of the maximum communicational cost of OP1, OP2 and the KAG Properties provided by the security techniques The techniques employed by the new schemes Properties of the new schemes xvii

18 6.4 Defense against known attacks of the new schemes Performance characteristics of the techniques employed in OF1, OF2, OP1 and OP Comparison of Average Computational Cost Comparison of Maximum Communicational Cost Examples of Communicational Costs Classification of the new schemes Participants and mechanisms in OF1, OF2, OP1 and OP External and internal trusted third parties in the architecture xviii

19 Declaration The work contained in this thesis has not been previously submitted for a degree or diploma at any higher education institution. To the best of my knowledge and belief, the thesis contains no material previously published or written by another person except where due reference is made. Signed: Date: xix

20 xx

21 Previously Published Material The following papers have been published or presented, and contain material based on the content of this thesis. [1] Selwyn Russell and Ming Yao. Application of agent technology to certificate objects. In In Proceedings of the 2002 Symposium on Cryptography and Information Security Shirahama (SCIS2000), Japan. The Institute of Electronics Information and Communication Engineers, [2] Richard Au, Ming Yao, Mark Looi, and Paul Ashley. Secure client agent environment (scae) for world wide web. In G. Quirchmayr K. Bauknecht, A. Min Tjoa, editor, Proceedings of 3rd International Conference on Electronic Commerce and Web Technologies (EC-WEB 2002), volume 2455 of Lecture Notes in Computer Science, pages Springer-Verlag, Berlin Heidelberg, [3] Richard Au, Ming Yao, and Mark Looi. Agent based privilege negotiation for e-commerce on the world wide web. In J. Manuel Cueva Lovelle, B. Martín González Rodríguez, L. Joyanes Aguilar, J. Emilio Labra Gayo, and M. del Puerto Paule Ruiz, editors, Proceedings of International Conference on Web Engineering (ICWE 2003), volume 2722 of Lecture Notes in Computer Science, pages 68 71, Oviedo, Spain, July Springer-Verlag, Berlin Heidelberg. [4] Richard Au, Ming Yao, and Mark Looi. Privilege negotiation agents for distributed authorisation on world wide web. In Proceedings of 2003 IEEE/WIC International Conference on Intelligent Agent Technology (IAT 2003), pages IEEE Computer Society, October [5] Ming Yao, Ernest Foo, Kun Peng, and Ed Dawson. An improved forward integrity protocol for mobile agents. In G. Goos, J. Hartmanis, and J. van xxi

22 Leeuwen, editors, Proceeding of the 4th International Workshop on Information Security Applications (WISA 2003), volume 2908 of Lecture Notes in Computer Science, pages , Jeju Island, Korea, Springer-Verlag, Berlin Heidelberg. [6] Ming Yao, Matt Henricksen, Ernest Foo, Greg Maitland, and Ed Dawson. A mobile agent system providing offer privacy. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Proceedings of 9th Australian Conference on Information Security and Privacy (ACISP 2004), volume 3108 of Lecture Notes in Computer Science, pages , Sydney, Australia, July Springer-Verlag, Berlin Heidelberg. [7] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Secure architecture for protecting dynamic components of mobile agents. In M. Mohammadian, editor, Proceedings of International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC 2004), pages , Gold Coast, Australia, July Springer-Verlag, Berlin Heidelberg. [8] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Offer privacy in mobile agents using conditionally anonymous digital signatures. In S. Katsikas, J. Lopez, and G. Pernul, editors, Proceedings of the 1st International Conference on Trust and Privacy in Digital Business (TrustBus 04), volume 3184, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [9] Ming Yao, Kun Peng, Matt Henricksen, Ernest Foo, and Ed Dawson. Using recoverable key commitment to defend against truncation attacks in mobile agents. In Proceedings of the 5th International Conference on Electronic Commerce and Web Technologies (EC-Web 2004), volume 3182, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [10] Matt Henricksen, Ming Yao, and Ernest Foo. An implementation of the yao forward integrity protocol for mobile agents. In E. Dawson and W. Klemm, editors, Proceedings of Workshop on Cryptographic Algorithms and their Uses, pages , Australia, 5-6 July Queensland University of Technology. xxii

23 Acknowledgements I have been saving the writing of this special part of my thesis until this moment in order to have some more time to contemplate the many important people who have somehow paved the way that led to this Ph.D. I am very grateful to Dr. Ernest Foo, Professor Ed Dawson, and Associate Professor Paul Roe, my academic supervisors, for your guidance, support, constructive criticism and gentle natures; and the confidence you have put in me. Without your encouragement, my Ph.D would be a much longer journey; I would probably have wandered in a desert without gaining any results. Many thanks to Mr. Matt Henricksen, the very important person to me, both as a friend and a mentor, for his selfless help in the last year of this Ph.D. Our joint work in implementing a mobile agent protocol is presented in Section Another major thanks goes to all my friends and peer students: Riza, Kun, Richard, Praveen, Raymond, Jaimee and many of others in the Information Security Research Centre. I could not have had more fun with you all while undertaking research. I especially want to thank Kun Peng, who is an excellent researcher and has inspired me along my Ph.D course. Kun Peng has worked with me in designing protocols for providing offer integrity, which has be included in Chapter 4. Many thanks to Richard Au for showing me the use of mobile agents and how to organise research results into a conference paper. We have had much work done together in applications of mobile agents that is described in Section 3.6. Finally I want to thank my family - dear Steve and my parents, who have been there for me at every moment. No one could have asked for a more loving and supportive family. I promise that I will spend more time with you from now on. I must have left out many people that I do remember and probably some that I have forgotten. If you are not here because I have forgotten you, I offer my heartfelt apologies. xxiii

24 xxiv

25 Chapter 1 Introduction In the course of Internet proliferation, many network related technologies are examined for possible growth and evolution. In the past, computation relied solely on large sophisticated devices. Those devices were sophisticated to reform all processes and sequentially return to the end users returned with processed data. As computing devices and their underlying networks kept on improving, computation was no longer dedicated to a few devices. Instead, computation became distributed. Proceeding along the line of distributed computing, three major technologies occurred. In historical order, they are message passing systems, remote procedure call (RPC), and distributed object systems [68]. The mechanisms in message passing systems are simple and literal: Programs reside on two ends, and communicate with each other by sending simple passive messages over the network. Message passing systems are the core of all network systems. Many Internet applications such as FTP, the Web, or are based on simple message passing. In remote procedure calls (RPC) [96], a program communicates with another program on the remote server by calling the functions provided by the remote server [75]. This is intended to be similar to the program calling a local function. Distributed objects work similarly to RPC, but with an object-oriented abstraction on top of the procedure calls. Instead of calling a predefined function, the remote party invokes the objects residing on the server, and therefore is able to access the properties and methods of the objects. However, those functions 1

26 2 Chapter 1. Introduction and objects are pre-defined and lack the flexibility for customisation. Mobile agents continued the line of evolution by introducing client customisation and autonomy. Autonomy makes a mobile agent a self-contained software entity. This is different from the approaches mentioned previously, whereby the software modules are maintained on the server side, and are kept as functions or objects in a loosely coupled setting. Mobile agents are programs, encapsulating code, data and execution state, enabled with certain properties to work on behalf of human users in a distributed heterogenous environment. The mobile agent firstly resides on a home machine, and is dispatched to a remote host for execution. The accommodating host provides a suitable runtime environment for mobile agents to execute. The mobile agent executes, collects host-specific information, and generates runtime states and variables ready to migrate to the second host in the itinerary. This process continues until the mobile agent returns home with useful information from the last host in the itinerary. The working mechanism of the mobile agent can be readily observed in the following Figure (#) *+, -. - / , 5 "#%$ 7 "! '& Figure 1.1: A Mobile Agent s Working Mechanism What makes the mobile agent different from ordinary software? To differentiate mobile agents from other pieces of ordinary software, we could specifically investigate the properties associated with mobile agents [37]. Although researchers do not come to a definitive characterization of mobile agents, their ideas converge to a certain extent. Mobile agents should be, at least, autonomous, adaptive and learning, and mobile to justify their name [94, 93]. Being autonomous, mobile agents can carry out some set of operations on behalf of the users but acting independently. It is meant that the operations done by mobile agents should best be transparent to the users, and the operations should be done on the interests of the users too. Being adaptive and learning, mobile agents can learn and