Joan Borrell

Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation

We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.

Securing the itinerary of mobile agents through a non-repudiation protocol

We propose a cryptographic solution to protect the itinerary of mobile agents. We consider real-life applications, where hosts do not act independently but are included in a hierarchical structure. In this structure, at least one trusted authority exists: the certification authority that provides hosts with the necessary cryptographic keys to establish secret and authentic communications between them. In our solution, all agents necessary to the application are launched by a trusted authority (TA). Each agent carries its itinerary as a sequence of encrypted entries. Each entry is readable only by one of the hosts. It includes private information useful only to this host, and the identification of the next host in the agents itinerary.

Agent mobility architecture based on IEEE-FIPA standards

Mobile agents are autonomous software entities driven by a set of goals and tasks. Reactivity, social ability, autonomy, the ability to move to different network locations, and the weak agent notion of proactiveness, allow for autonomous processing of distributed information according to their environment (context awareness).Although agent mobility has been devised for homogeneous environments, deployment of agent mobility in heterogeneous environments has been hindered by the absence of a common set of interoperation rules and ontologies for different agent middlewares.In this article, an agent migration model based on the communication standards of the IEEE-FIPA organisation is proposed. The approach described encompasses the definition of several specifications to achieve interoperability in the migration process in heterogeneous environments.The model provides a basic and extensible common migration process, which is flexible enough to support different kinds of migration methods and future upgrades. It is completely independent of any specific middleware implementation.

Protecting Mobile Agent Itineraries

Mobile agents are believed to be playing an important role in future e-commerce systems, offering great flexibility and improved performance. Mobile agents are processes which can autonomously migrate from host to host. The migration path followed by an agent can be abstracted for programming convenience into an itinerary. A flexible structure of itinerary is used in Concordia or Ajanta Agent Systems, using sequence, alternative, and set entries.

Design of a trust model for a secure multi-agent marketplace

A general trust model and security framework for a multi- agent system designed to manage resources in future mobile communications networks is described. The multi- agent system is being developed as part of the IST SHUFFLE project [1]. A business model appropriate for selling of bandwidth resource and services is investigated and mechanisms to achieve a Global Trust Model is outlined. Our trust model for the marketplace is based on concentric spheres structure. The core of this model will be physical security. A security infrastructure is located in middle spheres: the internal and the external security infrastructure. In outer spheres we will use complex aspects of trust such as fairness, reliability, reputation and loyalty to provide a complete model of basic trust for marketplaces.

Promoting the development of secure mobile agent applications

In this paper, we present a software architecture and a development environment for the implementation of applications based on secure mobile agents. Recent breakthroughs in mobile agent security have unblocked this technology, but there is still one important issue to overcome: the complexity of programming applications using these security solutions. Our proposal aims to facilitate and speed up the process of implementing cryptographic protocols, and to allow the reuse of these protocols for the development of secure mobile agents. As a result, the proposed architecture and development environment promote the use of mobile agent technology for the implementation of secure distributed applications.

Protecting mobile agents from external replay attacks

This paper presents a protocol for the protection of mobile agents against external replay attacks. This kind of attacks are performed by malicious platforms when dispatching an agent multiple times to a remote host, thus making it reexecute part of its itinerary. Current proposals aiming to address this problem are based on storing agent identifiers, or trip markers, inside agent platforms, so that future reexecutions can be detected and prevented. The problem of these solutions is that they do not allow the agent to perform legal migrations to the same platform several times. The aim of this paper is to address these issues by presenting a novel solution based on authorisation entities, which allow the agent to be reexecuted on the same platform a number of times determined at runtime. The proposed protocol is secure under the assumption that authorisation entities are trusted.

Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation.

Practical Mental Poker Without a TTP Based on Homomorphic Encryption

A solution for obtaining impartial random values in on-line gambling is presented in this paper. Unlike most previous proposals, our method does not require any TTP and allows e-gambling to reach standards of fairness, security an auditability similar to those common in physical gambling.

Agent Migration over FIPA ACL Messages

In this paper, we present the design and implementation of an inter-platform mobility (migration) mechanism for agents. This migration is based on FIPA ACL messages. We also evaluate the performance of this implementation Agent mobility is an essential requirement for some electronic commerce applications, such as those in the Sea-of-Data (SOD) family. The majority of agent systems at present do not support mobility or do not respect standards. This situation does not encourage inter-operability. Our implementation provides a Mobile Agent System that is compatible with the FIPA standard, and SOD applications can be implemented using it. Our solution has been confirmed as feasible by performance evaluation, even in situations of extreme agent load. Already existing applications may make use of our idea to increase their functionality and flexibility, as our results have been integrated in the well-known JADE agent platform.