Concordia Architecture Concordia
Remote Administration API
Permission DB Administrator
Concordia:-A framework for mobile agents • Concordia is a full – featured framework for development and management
of n/w efficient mobile agent applications. Concordia consists of multiple components (all written wholly in Java), which combine together to provide a complete, robust environment for applications.
• Concordia Architecture: • A Concordia system is made up of a
– JVM (Java Virtual Machine) – a Concordia server – at least one agent
• JVM – It is a standard environment, it can be on any machine. • Concordia server- It is a java program, which runs there $ at any other
nodes on the n/w where agents may need to travel. • Agent – It is also a java program, which the Concordia server manages
including its code, data and movement. • There are many Concordia server; The Concordia server are aware of one
another and connect on demand to transfer agents in a secure and reliable fashion. The agent initiates the transfer by invoking the Concordia server’s methods. After being transferred, the agent is queued or execution on the receiving node. The work that the agent performs depends on its purpose, i.e. the code, which it was programmed to execute. To have a reliable guarantee of agent transfer: = (RAT) while transferring the agent, agent, Concordia servers suspend the agent and create a persistent image of it to be transferred. The Concordia server inspects an object called the Itinerary, created and owned by each agent, to determine the appropriate destination. That destination is contacted and the agent’s image is transferred, where it is again stored persistently. In this way the agent is given a reliable guarantee of transfer. In all the cades, the Concordia agent is autonomous and self- determining in its operation.
Concordia:-A framework for mobile agents • Concordia components: = The Concordia system is made up of numerous components,
each of which integrates together to create the full Mobile agent framework. The Concordia server is the major building block, inside which the various Concordia managers reside-
• Note- All Concordia components are coded completely in Java language. 1. Concordia server – It provides the communications infrastructure that allows for agents
to be transmitted form and received by nodes on the n/w. It also manages the life cycle of the agent. It provides for agent creation and destruction and also provides an environment in which the agents execute.
2. Administration Manager – It manages all of the services provided by Concordia, including Concordia servers, security managers, event manager etc. the administration manager supports remote administration form a control location, so only one Administration manager is required in the Concordia n/w.
3. Security manager – It is responsible for identifying uses, authenticating their agents, protecting server resources and ensuring the security and integrity of agents and their accumulated data objects as the agent moves among systems.
4. Persistence Manager – It maintains the state of agents in transit around the n/w. It also allows for the checkpoint and restart of agents in the event of system failure.
5. Event Manager – It handles the registration, posting and notification of events to and form agents. The events manager can pass event notification to agents on any node in the Concordia n/w. The event manager works in conjunction with the Concordia server, to distribute events as needed. It also supports Concordia agent collaboration.
6. Queue Manager – It is responsible for scheduling and retrying the movement of agents n/w Concordia systems. It also provides the mechanism for prioritizing and managing the execution of agents on entry to Concordia nodes. (Retrying – necessary when Concordia systems are disconnected form the n/w. Maintaining persistent state, as they enter and leave a system.)
7. Agent Tool Library – The ATL is a library, which provides all the classes needed to develop Concordia mobile agents.
Concordia:-A framework for mobile agents • Uses of Concordia Agents:-
– Process data at the data source – All data with them as they travel i.e. they “Learn” – Can literally run anywhere: Web, desktop, palmtop etc. – Enable highly scaleable $ parallel programming. – Hide the n/w transport form application, developer and user – Hide distribution, scale, and parallelism form application.
• Uses of Concordia Systems:- – Offer rapid prototyping with easy paths to production – Offer robust operation via persistent agents – Provide security and integrity – Support off- line and/ or disconnected operation – Provide for heterogeneous database access – Are a natural for s/w distribution: agent carry code to remote platforms
• Uses of Concordia:- – Enables mobilization of legacy applications – Is a great way to program mobile devices as clients of applications – Breaks client/server barriers – Integrates with distributed objects e.g. cobra – Integrates with legacy systems e.g. databases – Easily run standalone.
Concordia:-A framework for mobile agents
• Advantages of Concordia • Concordia is written in Java, therefore it is portable, even
ubiquitous • Concordia agents provide for mobile applications, Agent
support mobile computing as well as off- line processing and disconnected operation.
• Concordia agents are secure, each agent carries the identity of the user that created it, and the operations the agent requests are subjected to the same user’s permissions.
• Concordia agents are reliable; All Concordia agents are check pointed before execution by the persistence manager.
• Concordia agents can collaborate, It can divide a task into suitable pieces and these pieces can be carried out in the most appropriate places. The results of these sub- tasks are then assembled by collaboration.
• Agent Privacy and integrity – Part of the agent system may be sensitive – Agent may not trust all servers – Selective – servers – Security breaches in the code – hard to prevent but
detectable – Secure communication
• Agent and server authentication – Identity – digital signatures
• Authorization and access control • charging and payment mechanisms
1. Security between 2 agents 2. Security between agents and hosts 3. Security between host 4. Security between hosts and unauthorized
Classification of Security threats in an Mobile Agent System
Classification of Security threats in an Agent System
•Agents attacking Hosts - Malicious agents can steal or modify the data on the host. Lack of sufficient authentication and access control mechanisms lead to these attacks. If resource constraints are not set, they can also commit Denial of Service( DoS ) attacks by exhausting computational resources and denying platform services to other agents (Masquerading, Denial-of-Service, Unauthorized service). •Hosts attacking the Agents – A malicious host can attack the agent, by stealing or modifying its data, corrupting or modifying its code or state, deny requested services, return false system call values, reinitialize the agent or even terminate it completely. It can also masquerade the agent by delaying the agent until the task is no more relevant. The Host may also analyze and reverse engineer the agent( Masquerading, Denial-of-Service, Eavesdropping, Alteration). •Malicious Agent attacking another agent – A malicious agent may invoke public methods of another agent to interfere with its work (Masquerading, Denial-of-Service, Unauthorized service, Repudiation). •Attack by other entities – Some other entity in the network may manipulate or eavesdrop on agent communication (Masquerading, Denial-of-Service, Unauthorized service, Copy or Replay).
Between two agents • Attacks :
– code and data manipulation by having physical access to the code and data areas
– Masking of agents (I.e. faking a wrong identity) – Cheating (e.g. using a service without paying for it) – Denial-of-service (e.g. by filling a message pool,
message booming) – Mechanism that prevent such attacks:
• Authentication: Authenticity requires that the sender can validate the source of a message.
• Secrecy: An intruder can’t find out the plain text for a given cipher text and should not be able to reconstruct the key by examining the cipher text for a known plain text.
• Integrity: It is the ability of an assurance that an information has not been modified accidentally or deliberately by insertion, deletion, or replacement.
• Resource / Access Control: Limited resource and runtime restrictions.
Security Measures Security in Agent System is based on the principle of trust. A set of security policies and protocols establish the trust relationship between the entities. It is assumed that the agent trusts the Home platform that dispatches it. Agent attacking the Host environment •Traditional methods such as authentication, access control, sand-boxing techniques, cryptography can be used to secure the Host. • Authentication and access control mechanisms – This is the first line of defense against a malicious agent. If the Host can authenticate the agent and in turn the device that dispatched the agent, it can apply authorization and access control. •Safe Code Interpretation – Due to the necessity for the agents to run on heterogeneous computer , interpreted scripting or programming languages are used. This produces intermediate code that is executed by a virtual machine that sits on top of the native processor and OS. This virtual machine can enforce additional security.
• Path Histories - An agent could reach the host by making a number of hops. During this transit a malicious host could have morphed the agent into a malicious agent. By storing the log of the travel of the agent, the current host can determine the route taken by the agent. . Each host platform to which the agent travels to, appends a signed entry to the path. This entry indicates the hosts identity as well as the identity of the next host the agent intends to visit. The platform has to judge by looking at the log if the previous platforms can be trusted.
• State Appraisal – The author of the agent supplies a state appraisal function called maximum function. This function calculates, depending on the state of the agent, the maximum set of permissions to be granted to the agent. This function is packaged together with the agent. The user/owner of the agent also supplies another state appraisal function called the request function. This calculates the permissions the user wants the agent to have during execution. The host platform uses these state functions to verify the correct state of the agent and hence determines the privileges to give to the agent depending on its state. This ensures that the agent has not turned malicious due to alterations of its states.
Host Platform attacking the Agents
•Providing security against the attacks by the host is difficult due to the fact that the host needs to have the full knowledge of the code and the state in order to execute the agent. Traditional mechanisms are not sufficient to protect an agent from the attack of malicious hosts. •Mobile Cryptography – Cryptography is used to maintain code and data privacy and integrity. Both code and data can be encrypted. Encrypted Functions – For the host to execute the agent, it has to have full control over the code. As prevention, the function of the agent is encrypted according to some conversion algorithm. This encrypted function is implemented as a cleartext program. Even though the host is able to read the program it won’t understand what the program does i.e. the “program’s function”. The disadvantage of this technique is finding the encryption schemes to transform the arbitrary functions. Encrypted Data - The agent data is encrypted and sent to host for computation. The data that the agent needs for its computation may have to be decrypted again and again at the host platform. For this reason, the agent will have to carry the decryption key making it that much vulnerable.
• Obfuscated code – A “blackbox” agent is generated from the agent specification wherein the agent’s code and data cannot be read or modified. Only its input and output can be observed. The algorithm that creates the agent is called “mess-up or obfuscating algorithm”. To prevent dictionary attacks the algorithm, that converts the agent specs into an agent, uses some random parameters. These parameters allow creation of number of different agents out of the same specification. The agents differ in code and data representation but give the same results.
• Secure Routing - An agent can be programmed to have a routing policy such that it migrates only to certain servers. Since a malicious host can tamper with the agent’s itinerary and also computation results, which can propagate, some fault tolerance is needed to ensure that the agent reaches its destination and perform its job correctly. Replication and voting can be used to achieve fault tolerance. The agent is replicated at each stage and run on hosts. The results from these computations are compared (i.e. voted). Then the correct result is sent out as output.
•Detecting attack using Dummy data –In this technique, dummy data items called detection objects are used. This dummy data is stored in the database of the agent and it will not be modified while the agent performs its functions. After the agents return, if the detection objects have not been modified, then one can have reasonable confidence that legitimate data also has not been corrupted. This technique requires that the dummy data should not adversely affect the results of the query.
• Using Trusted Hardware - This technique uses tamper proof trusted hardware to encapsulate the entire agent execution environment in which the agent executes, thus isolating the agent from the malicious host. The whole agent is not visible to the host environment. The agent in this system will interact with the Host environment through messages. Each Host in the Mobile Agent System is equipped with this hardware. The hardware can be in form of PC Cards, Smartcards, Integrated Circuits, etc. PC Cards are powerful and allow the whole agent code to be loaded into the card. Smartcards are limited in their capabilities. Only a part of agent code can be loaded on the card. The agent carries rest of the code along with it. The code that the agent carries is encrypted.
Security Approaches 1. Conventional Encryption Algorithm( Data
Encryption Algorithm, Tripple data Encryption Algorithm, Advanced Encryption Standard)
2. Public Key Algorithm (RSA, DSS) 3. WAP supports WTLS ( Wireless transport Layer
Security) 4. Wireless Security Standards ( Biometrics,
OMAP-Open Multimedia Protocol developed by Texas, MET- Mobile Electronic Transactions formed by Ericsson, Nokia, Motorola and Siemens)
5. Protecting the Server (Sandbox Model, Code Signing, Firewall, Proof carrying code)
Examples of Mobile Agent Systems
• TACOMA(Tux) - Mobile Agent System. Operating System Support for mobility. Tromosø and Cornell Moving Agents (TACOMA) is a joint project between the University of Tromosø, Norway and Cornell University,USA. It is primarily focused on providing operating system support for agents.
• Telescript- developed by General Magic, includes an object oriented,type-safe language for agent programming.
• Agent TCL is a mobile agent system created at Dartmouth College. agents are written in the Tool Command Language (Tcl), which is an embeddable scripting language that is highly portable and freely available.
• Aglets is a Java based system developed by IBM. Agents are called aglets in this System.
Advantages of an Agent System •Reduces network load and latency – There is usually no transmission of intermediate result. This conserves the network bandwidth.
•Asynchronous – Since the agents are autonomous, the mobile device that dispatches the agent need not be connected all the time.
• Fault Tolerant – If one of the host is down, the agent can be transferred to another host for execution. The agents can be programmed to adapt dynamically to the network conditions.
•Can be customized according to the needs.
•Can be deployed in a heterogeneous environment, as only the execution environment is of concern not the specifics of the Host Platform.
Disadvantages Of using Mobile Agents
• Mobile agent tools are still new and may have security bugs and vulnerabilities that are yet unknown.
• Network test suites tend to be relatively large. Managing many lightweight agents introduces additional communication and control overhead.
• MA are not a mature technology and most agent development tools are alpha or beta versions.
• Although an agent’s ability to travel throughout the N/W introduces fault-tolerant properties to the security tool, it also exposes the agents to new security threats and risks that host-based security tools do not encounter.