Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation.     

A Security Architecture for Mobile Agent Based Applications

This paper describes a security architecture for mobile agent based systems. It defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We then discuss the application of the security model in roaming mobile agents and consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. Finally we describe the security infrastructure that implements the proposed security services and outline the development of a secure agent based application using the proposed architecture.     

Demand-driven caching in multiuser environment

We propose a novel demand-driven caching framework, called cache-on-demand (CoD). In CoD, intermediate/final answers of existing running queries are viewed as virtual caches that can be materialized if they are beneficial to incoming queries. Such an approach is essentially nonspeculative: the exact cost of investment and the return on investment are known, and the cache is certain to be reused! We address several issues for CoD to be realized. We also propose three optimizing strategies: Conform-CoD, Scramble-CoD, and Integrated-CoD. Conform-CoD and Scramble-CoD are based on a two-phase optimization framework, while Integrated-CoD operates in a single-phase framework. We conducted extensive performance study to evaluate the effectiveness of these algorithms. Our results show that all the CoD-based schemes can provide substantial performance improvement when compared with a predictive scheme and a no-caching scheme.     

Distributed computing paradigms for collaborative signal and information processing in sensor networks

In this paper, we report the development of an energy-efficient, high-performance distributed computing paradigm to carry out Collaborative Signal and Information Processing (CSIP) in sensor networks using mobile agents. In this paradigm, the processing code is moved to the sensor nodes through mobile agents, in contrast to the client/server-based computing, where local data are transferred to a processing center. Although the client/server paradigm has been widely used in distributed computing, the many advantages of the mobile agent paradigm make it more suitable for sensor networks. The paper first presents simulation models for both the client/server paradigm and the mobile agent paradigm. We use the execution time, energy and energy*delay as metrics to measure the performance. Several experiments are designed to show the effect of different parameters on the performance of the paradigms. Experimental results show that the mobile agent paradigm performs much better when the number of nodes is large while the client/server paradigm is advantageous when the number of nodes is small. Based on this observation, we then propose a cluster-based hybrid computing paradigm to combine the advantages of these two paradigms. There are two schemes in this paradigm and simulation results show that there is always one scheme which performs better than either the client/server or the mobile agent paradigms. Thus, the cluster-based hybrid computing provides an energy-efficient and high-performance solution to CSIP.     

A multipurpose audio aggregation watermarking based on multistage vector quantization

Watermarking technology can achieve multipurpose such as copyright protection, copy protection, and integrity authentication. We propose a novel watermarking approach which involves robust watermark and fragile watermark in a two-stage quantization technique. Traditional watermarking algorithms mostly have poor performance in imperceptibility as the codeword selected from the modified codebook is not optimal. In our method, we select the codeword in the original codebook to ensure optimality. Furthermore, we use Huffman encoding to pick up property which is sensitive to many attacks in the entire aggregation. For copyright protection, the proposed scheme can resist attacks such as lossy compression, noise addition, and normalization. As for content authentication, the proposed scheme is sensitive to various attacks provided by Stirmark Benchmark for Audio. Experimental results show that the proposed method can be used respectively for protecting the copyright and authenticating the integrity of the audio aggregation.     

An economics-based negotiation scheme among mobile devices in mobile grid

In this paper, we propose an economics-based distributed negotiation scheme among mobile devices in mobile grid. In our model, there are energy negotiation and transactions between buyer devices and seller devices. Dynamic allocation of energy resources in mobile grid is performed through online transactions within markets. Mobile devices can be sellers and buyers that use optimization algorithms to maximize predefined utility functions during their transactions. Seller device agents sell the underlying energy resources of the mobile device. Buyer device agent makes buying decisions within the budget constraints to acquire energy resources. An economics-based negotiation algorithm among mobile devices is proposed. The proposed algorithm decomposes mobile grid system optimization problem into a sequence of two sub-problems. In the simulation, the performance evaluation of economics-based negotiation algorithm is evaluated.     

Mobile agent‐based computational steering for distributed applications

The mobile agent‐based computational steering (MACS) for distributed applications is presented in this article. In the MACS, a mobile agent platform, Mobile‐C, is embedded in a program through the Mobile‐C library to support C/C++ mobile agent code. Runtime replaceable algorithms of a program are represented as agent services in C/C++ source code and can be replaced with new ones through mobile agents. In the MACS, a mobile agent created and deployed by a user from the steering host migrates to computing hosts successively to replace algorithms of running programs that constitute a distributed application without the need of stopping the execution and recompiling the programs. The methodology of dynamic algorithm alteration in the MACS is described in detail with an example of matrix operation. The Mobile‐C library enables the integration of Mobile‐C into any C/C++ programs to carry out computational steering through mobile agents. The source code level execution of mobile agent code facilitates handling issues such as portability and secure execution of mobile agent code. In the MACS, the network load between the steering and computing hosts can be reduced, and the successive operations of a mobile agent on multiple computing hosts are not affected whether the steering host stays online or not. The employment of the middle‐level language C/C++ enables the MACS to accommodate the diversity of scientific and engineering fields to allow for runtime interaction and steering of distributed applications to match the dynamic requirements imposed by the user or the execution environment. An experiment is used to validate the feasibility of the MACS in real‐world mobile robot applications. The experiment replaces a mobile robot's behavioral algorithm with a mobile agent at runtime. Copyright © 2009 John Wiley & Sons, Ltd.     

Mobile agent-enabled framework for structuring and building distributed systems on the internet

Mobile agent has shown its promise as a powerful means to complement and enhance existing technology in various application areas. In particular, existing work has demonstrated that MA can simplify the development and improve the performance of certain classes of distributed applications, especially for those running on a wide-area, heterogeneous, and dynamic networking environment like the Internet. In our previous work, we extended the application of MA to the design of distributed control functions, which require the maintenance of logical relationship among and/or coordination of proc- essing entities in a distributed system. A novel framework is presented for structuring and building distributed systems, which use cooperating mobile agents as an aid to carry out coordination and cooperation tasks in distributed systems. The framework has been used for designing various distributed control functions such as load balancing and mutual ex- clusion in our previous work. In this paper, we use the framework to propose a novel ap- proach to detecting deadlocks in distributed system by using mobile agents, which dem- onstrates the advantage of being adaptive and flexible of mobile agents. We first describe the MAEDD (Mobile Agent Enabled Deadlock Detection) scheme, in which mobile agents are dispatched to collect and analyze deadlock information distributed across the network sites and, based on the analysis, to detect and resolve deadlocks. Then the design of an adaptive hybrid algorithm derived from the framework is presented. The algorithm can dynamically adapt itself to the changes in system state by using different deadlock detec- tion strategies. The performance of the proposed algorithm has been evaluated using simulations. The results show that the algorithm can outperform existing algorithms that use a fixed deadlock detection strategy.     

Data Privacy in Tuple Space Based Mobile Agent Systems

More recently, distributed variants of tuple spaces have been proposed to exploit the Linda model for programming distributed applications over wide area networks, possibly exploiting code mobility. However, the flexibility of the shared tuple space model opens possible security holes; it basically provides no access protection to the shared data. In this paper we investigate some possible scenarios where mobile agents can benefit from our cryptographic tuple space based framework, CryptoKlava, and sketch how to possibly implement such agents in order to keep the privacy of items collected by the mobile agent during its itinerary. The functionalities of the framework are general enough to be applied to other Java frameworks using multiple distributed tuples spaces possibly dealing with code mobility.     

Ant-based survivable routing in dynamic WDM networks with shared backup paths

In this paper, we consider the problem of survivable routing in dynamic WDM networks with single link failure model. Our work mainly concerns in how to dynamically determine a protection cycle (i.e., two link-disjoint paths between a node pair) to establish a dependable lightpath with backup paths sharing. This problem is identified as NP-complete, thus a heuristic for finding near optimal solution with reasonable computation time is usually preferred. Inspired from the principle of ant colony optimization, we propose in this paper an ant-based mobile agents algorithm for this problem with improved blocking performance. To enable the new ant-based algorithm, we propose to use on each network node both a routing table that contains a set of feasible protection cycles between source destination nodes and also a pheromone table for mobile agents. By keeping a suitable number of mobile agents in a network to continually and proactively update the routing tables based on the current network congestion state, the routing solution of a connection request can be obtained with a reasonable computation time. Extensive simulation results upon the ns-2 network simulator and two typical network topologies show that our new algorithm can achieve a significantly lower blocking probability than the promising algorithm for dynamic lightpath protection proposed in [11] with a comparable computation complexity.     

一种移动agent结构化迁移机制的设计和实现

移动agent计算模式将成为未来网络计算的主流模式.移动agent的迁移机制是其技术核心之一.该文分析了现有移动agent系统中采用的几种代表性迁移技术,提出了一种新的结构化迁移机制.该机制的主要特点如下:(1) agent的旅行计划和功能体完全分离;(2) 旅行计划本身也具有严格定义的结构;(3) 提供了3种灵活有力的迁移模式.因此,它能有效地控制移动agent的复杂度,有利于agent的复用.在该机制的基础上,设计并实现了移动agent系统Mogent1.0.     

A secure and traceable E-DRM system based on mobile device

In recent years, intellectual property violation events have caused enterprise to respect digital content protection. Illegal copying digital content abuses become a serious problem. Because the mobile devices are more portable and individualized than personal computers, anyone can access the network resources at anytime from anywhere. However, valuable digital contents without proper protection make the content vulnerable to unauthorized copying, modification and re-distribution, causing revenue losses to service providers. Thus, constructing an effective Digital Right Management (DRM) system has become an important issue.On the basis of the mobile device, we propose an efficient digital rights management protocol. We apply symmetrical cryptosystem, asymmetrical cryptosystem, digital signature and one-way hash function mechanisms in our scheme. To overcome the computing resource weakness problem of mobile devices, we also integrate digital certificate, hardware information and one time password mechanisms such that the security, persistent protection, integrity, authentication, track usage of DRM work, changeable access right, integration and portability issues will be assured. In this way, the mobile user can access the digital content securely in the enterprise via authorization mechanism.     

基于移动代理的一个鲁棒路由协议

移动代理是一种能在异质网络里各计算机间自主迁移的程序．尽管移动代理技术很适合分布式应用,但是安全问题一直是它得到更广泛应用的主要障碍之一．首先对已有的移动代理路由协议进行分析,然后提出了一个基于基本签字基本加密的移动代理路由协议,并对其安全性和计算复杂度进行了详细分析．结果表明,该协议满足路由协议的所有安全性质,而且相比原有的嵌套签字嵌套加密协议,具有更低的计算复杂度．最后,在此基础上提出了一个基于移动代理的鲁棒路由协议,该协议不需要在主机中配备安全的代理创建环境,对路由主机的配置要求不高,具有更广泛的应用性．     

一个安全的移动代理数据保护方案

移动代理数据安全是移动代理系统面临的主要安全问题之一。基于ElGamal公钥体制,提出了一个安全的移动代理数据保护方案。对其分析的结果表明,该协议不仅满足所有的安全要求,而且可以使得同一移动代理多次经过同一主机,弥补了当前方案的不足。     

Protecting Business Secrets in an EDI/CALS Environment

ABSTRACT

Communicating with confidential data requires special attention in a mobile agents environment, especially when the other hosts must be prevented from eavesdropping on the communication. We propose a communication model for secured communication between the agents belonging to publishers and consumers data. Confidentiality is ensured using our on-the-fly encryption-decryption sequence using ElGamal system to directly convert the message or plaintext into one that is encrypted directly with the public key of consumer. The scheme ensures that the data possessed by the agents is secured at all times when it is executing at any untrusted host. Our minimal implementation of the model with Aglets agent platform gives the first faithful picture of the happenings in the model. Finally, we also explain how the homomorphic property of ElGamal scheme can be integrated with our model for a Web-based application such as voting involving multiple agents.     

Locating mobile agents in a wide distributed environment

Finding the position of a mobile agent in a wide distributed system still represents an open research issue. The paper proposes a naming scheme and a location protocol of general validity for mobile agents able to effectively meet all the typical requirements of mobile agent environments and, thus, easy to integrate into different platforms. The paper identifies the main characteristics which an agent naming scheme and a location protocol of general validity should have, and suggests some properties and parameters to be taken into account to evaluate the effectiveness of naming schemes and location protocols. Then, we propose a "human readable" agent naming scheme based on the distributed environment outlined in MASIF, and a suitable location finding protocol called the Search-By-Path-Chase. Both of them are compared with some of the solutions already provided, using the properties and the parameters suggested. The performances are finally evaluated by means of a set of measurements.     

A formal architectural model for logical agent mobility

The process of agent migration is the major difference between logical code mobility of software agents and physical mobility of mobile nodes in ad hoc networks. Without considering agent transfer, it would make little sense to mention the modeling of strong code mobility, which aims to make a migrated agent restarted exactly from the state when it was stopped before migration. From the perspective of system's architecture, this paper proposes a two-layer approach for the formal modeling of logical agent mobility (LAM) using predicate/transition (PrT) nets. We view a mobile agent system as a set of agent spaces and agents could migrate from one space to another. Each agent space is explicitly abstracted to be a component, consisting of an environmental part and an internal connector dynamically binding agents with their environment. We use a system net, agent nets, and a connector net to model the environment, agents, and the connector, respectively. In particular, agent nets are packed up as parts of tokens in system nets, so that agent transfer and location change are naturally captured by transition firing (token game) in Petri nets. Agent nets themselves are active only at specific places and disabled at all the other places in a system net. The semantics of such a two-layer LAM model is defined by transforming it into a PrT net. This facilitates the analysis of several properties about location, state, and connection. In addition, this paper also presents a case study of modeling and analyzing an information retrieval system with mobile agents.     

Mobile agents for information retrieval in hybrid simulation environment

In this paper, we propose a hybrid simulation environment that incorporates with wired/wireless networks, IEEE standard 1516 high-level architecture (HLA), and IBM Aglets mobile agent system. Therefore, HLA simulations are not restricted to be participated solely by using desktop computers with cable connections. Users can use a wide variety of devices to join in HLA simulations and explicitly exclude from junk data in terms of a personalized data filtering policy. Based on data correlation between HLA objects and a client's data filtering policy, we employ the simulation environment manager in distributing a client to an appropriate federate server (FS). In particular, a mobile agent, namely data filtering agent, is devised to temporarily reside at the FS to perform mobile agent-based data distribution management for clients. As a result, the clients can receive the most interested information corresponding to their pre-defined data filtering policies. Once either the data transmission quality within the wireless network is degraded below a threshold or the clients abnormally modify the data filtering policies, their own mobile agents carry out migrations to provide the users with the ubiquitous and seamless services. Consequently, the users can use any mobile device as well as using a desktop computer in a stationary point to participate in the HLA simulations. The experimental results also show that the proposed mobile agent-based data distribution can raise adaptability and applicability to large-scale HLA simulations.     

A Study of Building Internet Marketplaces on the Basis of Mobile Agents for Parallel Processing

In this paper, we propose a framework of Internet marketplaces on the basis of mobile agents. It not only simulates real commercial activities by consumers, agents and merchants, but also provides an environment for parallel processing. The latter is particularly important as more shops (sites) can be searched in real time to provide consumers with better choices. Meanwhile, if the number of mobile agents is very large and the dispatch is processed in a serial way, it can become a bottleneck that impacts the efficiency as a whole. In this paper, we also present and discuss several hierarchical dispatch models where the dispatch of multiple mobile agents can be processed in parallel over different hosts. We study these models analytically and empirically. The conducted experiments show that, in comparison with several serial mobile agent models, parallel mobile agent models can improve the performance significantly. In addition, in the best case for the parallel dispatch model, the time complexity for dispatching n mobile agents is O(log₂ n).     

A secure migration process for mobile agents

This article describes a decentralized secure migration process of mobile agents between Mobile‐C agencies. Mobile‐C is an IEEE Foundation for Intelligent Physical Agents (FIPA) standard compliant multi‐agent platform for supporting C/C++ mobile and stationary agents. Mobile‐C is specially designed for mechatronic and factory automation systems where malicious agents may cause physical damage to machinery and personnel. As a mobile agent migrates from one agency to another in an open network, the security concern of mobile agent systems should not be neglected. Security breaches can be minimized considerably if an agency only accepts mobile agents from agencies known and trusted by the system administrator. In Mobile‐C, a strong authentication process is used by sender and receiver agencies to authenticate each other before agent migration. The security framework also aims to guarantee the integrity and confidentiality of the mobile agent while it is in transit. This assures that all agents within an agency framework were introduced to that framework under the supervision and permission of a trusted administrator. The Mobile‐C Security protocol is inspired from the Secure Shell (SSH) protocol, which avoids a single point of failure since it does not rely on a singular remote third party for the security process. In this protocol, both agencies must authenticate each other using public key authentication, before a secure migration process. After successful authentication, an encrypted mobile agent is transferred and its integrity is verified by the receiver agency. This article describes the Mobile‐C secure migration process and presents a comparison study with the SSH protocol. The performance analysis of the secure migration process is performed by comparing the turnaround time of mobile agent with and without security options in a homogeneous environment. Copyright © 2010 John Wiley & Sons, Ltd.