Security Issues with Mobile Agent Technology (MAT)

As good and effective as the MAT is, with all its benefits, it introduces new security threats from malicious agents and hosts. It also introduces an additional complication in the sense that, as an agent traverses multiple machines that are trusted to different degrees, its state can change in ways that adversely impact its functionality (Farmer et al., 1996). Security threats of mobile agent technology have been generally classified into three categories; these are disclosure of information, denial of service and unauthorized access (Admassu, 2008; Nitin et al., 2011). Wayne (2000) introduced an interference or nuisance as the fourth class. Security concern of mobile agent technology is in various dimensions, between the agent and the agent platform, between various agents and the network. The agent platform can be compromised by visiting agent; an agent may be compromised by the platform or other agents and the network may be compromised by incoming agent, common security threats to mobile agents are presented under these scenarios.

2.4.3.1 Agent to agent platform

A malicious agent has two major lines of attack on the platform, to gain unauthorized access into the platform and to use this unauthorized access in an unexpected and destructive way (Jansen et al., 1999; Wayne, 2000). Possible threats of this category include:

Masquerading: the agent poses as another agent to gain access to services or data at a host it is not authorized to and to shift blame for actions ( Biermann, 2004).

Denial of service: agents may attempt to consume or corrupt a host‟s resources to prevent other agents from accessing the host services (Wayne, 2000). Host can ignore an agent‟s request for services or access to resources, i.e., block agent execution.

Unauthorized access: agents can gain access to sensitive data by exploiting security weaknesses or interfering with another agent to gain access to data, information residing at the platform can be disclosed or altered. Depending on the level of access, agent may be able to completely shut down or terminate the agent platform.

UNIVERSITY OF IBADAN LIBRARY

46 2.4.3.2 Agent Platform to Agent

The security threats in this category are difficult to detect and prevent because the platform has full access to both agent data and code (Admassu, 2008). The platform is responsible for accepting and executing the mobile agent, this makes visiting agent open to attacks from the platform (Biermann, 2004). A receiving platform can easily isolate and capture an agent, extract information, corrupt or modify its state or code.

Threats in this category are:

Masquerading: Host could assume false identity in order to lure agents, and extract sensitive information from the agent. When an agent arrives at a host, it expresses its code, state and data, malicious host can modify agent‟s code, state or data without being detected (Nitin et al 2011). According to Admassu (2008), this attack has more to do with the capability of a visiting agent to correctly identify and authenticate its executing host, while it is on it.

Denial of Service: a host may ignore service requests, introduce unacceptable delays for critical tasks, refuse to execute agent‟s code, or terminate an agent without notification (Admassu, 2008). The host may also deadlock other agents while competing for same resources or livelock by generating more work continuously . Eavesdropping: with agents that are interpreted, the host can inspect their internal algorithms and data. This is serious in mobile agent systems as agent platform has access to the agent‟s code, state and data (Admassu,2008). The platform can monitor communications, read instructions executed by agent, read all unencrypted data; the visiting agent may be at the risk of exposing proprietary algorithms, trade secrets and transmit privilege information (Wayne, 2000). The platform can also infer secrete information from service requests and identity of the agents it communicates with (Wayne, 2000; Admassu, 2008).

Alteration: hosts can change an agent‟s internal data, state, code or results from previous processing to influence the agent. According to Wayne (2000) alteration can only be detected but cannot be prevented, since the agent‟s code and data can be interpreted by the host.

2.4.3.3 Agent to agent

Agent can exploit the security weakness of other agents through any of the following

UNIVERSITY OF IBADAN LIBRARY

47 Masquerading: agent assumes the identity of another agent; this harms both the attacked agent and the agent that is impersonated (Wayne, 2000).

Repudiation: after agreeing to some contract, an agent can subsequently deny that any agreement ever existed or any event or action ever happened or a legitimate transaction ever occurred (Wayne, 2000), it can also modify the conditions of the contract.

Denial of Service: agent can debar other agent from executing its task by sending repeated messages to another agent (Wayne, 2000). This can cause undue burden on message-handling techniques of the system and monetary loss if agent is being charged for resource-utilization.

Unauthorized Access: agent may get hold of and modify another agent‟s data or code it has no right to (Wayne, 2000). An agent may directly interfere with another agent by accessing and modifying agent‟s data or code which in turn changes the agent‟s behaviour.

Eavesdropping: a malicious agent may use platform services to eavesdrop on intra- platform messages of an unsuspecting agent (Wayne, 2000).

2.4.3.4 Other Entities against Agent System

Some other entities both outside and inside the agent framework may attempt to attack the agent system, and carry out actions that could harm or disrupt the agent system (Wayne, 2000).

Masquerading: an entity may disguise itself to intercept or gain access to inter-agent and inter-platform communication for example through replay or forgery (Wayne, 2000).

Eavesdropping: an entity may eavesdrop on messages in transit to and from a target agent or platform to gain information (Wayne, 2000).

Alteration: an entity may intercept agents or messages in transit and modify their contents, substitute other contents or simply replay the transmission dialogue at a later time in an attempt to disrupt the synchronization or integrity of the agent framework (Wayne, 2000).

Denial of service: service can be denied the entire agent system through available network interfaces (Wayne, 2000).

Biermann (2004) categorized these threats using their modes of attack which are fundamental requirements of computer network users. These threats are directed at attacking the following:

UNIVERSITY OF IBADAN LIBRARY

48

 Integrity: attacks against integrity interfere with the agents‟ execution. Sub- classes in this class are integrity interference and information modification

 Availability: an authorized agent is prevented from accessing objects or resources to which it should have legitimate access. In this class, denials of service, delay of service and transmission refusal are typical sub-classes.

 Confidentiality: a host illegally accesses the resources of mobile agent. The three sub-classes that are identified are eavesdropping, theft and reverse engineering

 Authentication: agent is unable to correctly identify and authenticate its executing host. two subclasses identified here are masquerading and cloning