Protection of mobile agent and its itinerary from malicious node:

1. Introduction:
Mobility stems from desire to move towards resources and away from scarcity. The concept of mobility in the field of computer science has thus chronologically provided in process migration since 1970s, in mobile computers since the 1980s and in mobile agents from 1990s. Mobile agent is a program that can move through a network and autonomously execute tasks on behalf of the users. Mobile agents are object oriented software code which have characteristic like intelligence, autonomy and communication ability. Mobile agents encompass two components i.e. mobile agent and agent platform. As a general rule, mobile agent encompasses code, data and execution state and it migrates across number of platform to accomplish its aims. The migration of computing to the remote site make mobile agent superior than other communication system but this feature make the mobile agent system vulnerable to many type of attacks. Mobile agents are used to great advantage in application like e-commerce, software distribution, information retrieval system etc. There are two major security problems with respect to mobile agent: 1) Protection of agent platform from malicious agent. In the lieu of first problem, widely accepted techniques have been already proposed such as access control, password protection. 2) Protection of agent from malicious platform is still being challenging issue for researchers. This paper comprises the issue of code security, data security and itinerary security from malicious host. The basic reason behind this classification is that malicious host can compromise the basic pillar of security i.e. confidentiality and integrity of agents code during code execution. Protection of itinerary from tampering, disclosure abd impersonation performed by malicious host is an open issue for research. This model gives sophisticated mechanisms to deal with each of the a foresaid problems

2. Analysis of previous researches:

Malicious host problem: Malicious host's problem is commonly agreed security issue in the area of agent security. Agent owner, who creates and dispatches the mobile agent, is usually treated as the most trusted and secure execution environment for that agent. Once this agent migrates from home platform (agent owner) it travels in an untrusted execution environment. The execution platform to which the agent migrates has full control over its code, data and state part so that this platform could tamper with code, data or execution state part of mobile agent.

Also, it could invade the privacy of code or data part to gain advantages over other platforms in network infrastructure.

Several researchers have proposed their solution for malicious host problem is as follows: 1) For the security of data part of agent i.e. the security of result generated during execution, Yee proposed partial Result encapsulation techniques that aim to detect any possible security breaches e.g. tampering by malicious host. Limitations: This approach exploits digital signature, PRAC (partial result authentication code). 2) To identify the unauthorized modification of an agents code and state during its lifetime, Vigna (1997) proposed execution tracing technique. Traces are the cryptographic log of actions that are not repudiated and performed by an agent which help to detect unauthorized modification. Limitations: Execution tracing approach faces challenges like large size of logs to be maintained. 3) To strengthen the security of mobile agents, Roth proposed the concept of co-operating agent in which functionality and information is divided among different agents with the help of co-operating agents. 4) Schneier and Riordan proposed environmental key generation method in which a host platform sends a message to another platform and ensures that the message is received by original recipient only if a certain predefined condition is satisfied. Limitations: The major vulnerabilities of this mechanism are as follows: Group conspiracy alerts, data channel protection. 5) Sander and Tschudin proposed a software solution for secure execution of mobile agents under untrusted execution environment. In their solution, agent owner made its code hidden from the remote host on which it executes to maintain privacy. Limitations: it is not capable to prevent the system from denial of service attack and replay attack. 6) Hohl proposed a preventive technique, in which mobile code is scrambled by some obfuscation mechanism so that no host is able to analyse its functions easily. This feature is known as black box security. Obfuscation is a mechanism which provides security to mobile code so that it cannot be analysed and modified by malicious host. Limitations: In this scenario, attacks can be possible after the black box time interval is over. 7) Regarding the protection of agent itinerary, Mir and Borrell proposed a mechanism for the protection of flexible and dynamic itineraries whereas Roth proposed solution for sequential itineraries. Flexible itinerary allows the agents owner to define alternative routes or path that can be opted at run time and followed in any order rather than only sequential. Limitations: Sequential itinerary has a fixed order of routes which is predefined and lacks flexibility to choose alternative path.

In this paper, we concentrate on the problematic issue of code security, data security and itinerary security and provide a multilevel solution for malicious host problem.

3. Proposed security model for malicious host problem:

Mobile Agent security can be classified into code security (tampering attack, code privacy and code integrity), data security (data integrity, data privacy, etc.). Mobile agent migration is happened in two ways. - Predefined itinerary - Free roaming The term Predefined itinerary means itinerary of agent is defined initially by agent owner in which sequence of itinerary node is predefined. Description of notations used in this model:

In this model, itinerary list of nodes is predefined but migration of agent to next node is decided at execution time for providing flexibility. In this model, we assume a trusted key server S. Each host platform that wants to participate in agent based transaction first has to register with trusted key server and get a certificate of its identity. Each host platform should have its public private key pair.

Following steps have been followed to provide security to mobile agents and its itinerary. A. Agent Owner Side: Step 1: Suppose Host A acts as the home platform (Agent Launcher or agent owner) which creates a mobile agent M and defined an itinerary list of registered hosts. Step 2: After creating Mobile Agent M, host A selects arbitrary random number K to encrypt the mobile agent. Host A encrypts Mobile agent M with key K. With this encrypted agent, host A also sends key K encrypted with public key of next hop B (According to itinerary list and decided at run time) and digitally sign this with its private key. B. At Agents Platform:

Figure1. Process of securing Itinerary of Mobile Agents Step 3: Now, agent migrates from home platform to Host B i.e. next hop. Host B first decrypt E Pr iA (E PubB (K)) with the help of public key PubA and then decrypt inner part with private key of B. Once host B get the key K. it will be able to decrypt E K (M). As soon as agent decrypts

E K (M) an inbuilt environmental condition occurs and agent T breaks into two halves T1 (Task Agent) and T2 (clone creator Agent). Task agent executes on host B and gets result RB while clone creator agent has inbuilt itinerary list. Clone creator agent creates encrypted clone agent, selects next host from itinerary list, deletes visited host name from list and encrypts secret random key K with public key of next hop i.e. Host C. Step 4: Now, Host B generates the result, encrypts it with secret public key of agent launcher i.e. Host A and digitally signs it with its own private key. Host B has encrypted Key K and encrypted cloned agent. Host B digitally signs the encrypted key K with private key. Now encrypted cloned agent and digitally signed encrypted result along with digitally signed encrypted key K move to next hop i.e. host c and host c follows same steps and so on .

4. Security analysis of proposed model:

The main challenges of security which we discussed in previous section lie in following categories-: - Itinerary Security - Agents code security - Agents data (Result) security - Agents Platform security A. Itinerary Security: Mobile agent moves from one host to another in network infrastructure according to its own choice. We assume the path (itinerary) is predefined but the next visiting host is decided at run time. Suppose in the scenario of agent based e-commerce application where whole itinerary is pre-decided and known by each host in network, agent itinerary is vulnerable to various attacks. Malicious hosts, which execute the mobile agent, can change or modify the itinerary of agent for their benefits. Attacks hamper the availability factor of communication. To make communication secure and reliable, we classify the itinerary list into two parts. One is formed by visited node and another is composed of non-visited hosts. In this proposed model, mobile agents travel their itinerary from one host to another in encrypted form. B. Agents code security: This solution has the ability of solving malicious host problem and balances the security and autonomy (flexibility) of mobile agent. In this solution, whole mobile agent does not come into the direct interaction of executing platform. Mostly when encrypted agent migrates to a new host, executing host is first required to decrypt it. After decryption, executing platform has full control over mobile agent to execute it.

C. Agents Data (Result) Security: To preserve the integrity and privacy of all results generated during itinerary of agent so that only agent owner can access the results, each executing platform encrypts its result with the secure public key of agent owner (Pri PubA ) and appends previous hosts digitally signed result with it and puts signature on whole results. D. Agents Platform Security: Our model has also the provision of agents platform security by establishing mutual authentication between agent and agent platform. Inner part of equation (1), E PubN 1 (K) ensures confidentiality and implicit authenticity, because PubN 1 is authenticated by trusted third party and ensures key K is only decrypted by the owner of Pri N1 .

5. Comparative Analysis:
This security model challenges following security aspects. - Confidentiality of executing code - Authentication of agent platform - Confidentiality of results generated at each However, various proposals are already proposed for these security aspects. But, there is no such security model which provides so many security services in a single approach. Here, we compare all widely accepted method with our method on the ground of following terms. - Category: Preventive or Detective - Security objective - Security services Table shows the comparison between different techniques.

Comparison of different techniques for mobile agent security

6. Conclusion:
This paper presented a multi-phase security approach aiming to secure mobile agent from malicious host attack. Initially, we reviewed existing approaches of security against malicious host problem and acknowledged existing security flaws that should be solved for widespread adaptation of this technology. We proposed a multi-phase approach which preserves the flexibility and autonomy characteristics of mobile agent and ensures the protection of agents code, data and itinerary.

Reference: Protection of Mobile agent and its Itinerary from Malicious host
978-1-4577-1386-611$26.002011 IEEE