Geri Dön

How cryptographic implementations affect mobile agent systems

Şifreleme gerçekleştirmelerinin gezgin aracı internet sistemlerini nasıl etkilediği

  1. Tez No: 139400
  2. Yazar: İSMAİL ULUKUŞ
  3. Danışmanlar: PROF. DR. EMİN ANARIM
  4. Tez Türü: Yüksek Lisans
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2003
  8. Dil: İngilizce
  9. Üniversite: Boğaziçi Üniversitesi
  10. Enstitü: Fen Bilimleri Enstitüsü
  11. Ana Bilim Dalı: Sistem ve Kontrol Mühendisliği Ana Bilim Dalı
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 67

Özet

ÖZET ŞİFRELEME GERÇEKLEŞTİRMELERİNİN GEZGİN İNTERNET ARACI SİSTEMLERİNİ NASIL ETKİLEDİĞİ Bu yüksek lisans çalışmasında, gezgin İnternet aracı sistemleri ve gezgin İnternet aracı sistemlerinde verilerin korunması için kullanılan şifreleme gerçekleştirmeleri üzerinde çalıştık. Gezgin İnternet aracısı, çoktürel ağlar üzerinde verilen görevleri yerine getirmek üzere kendi kontrolünde bir makineden diğer makineye gidebilen programdır. Gezgin İnternet aracılarının uygulamalı birçok avantajı olmasına rağmen gezgin İnternet aracılarının kötücül gezgin İnternet aracı sunucularından ve gezgin İnternet sunucularının kötücül gezgin İnternet aracılarından korunması gibi önemli dezavantajları vardır. Bu çalışmanın uygulamalı kısmının amacı şifreleme sistemlerinin gezgin İnternet aracı sistemlerini nasıl etkilediğinin incelenmesidir. Bir Kullanımlık Anahtar Üretmeli Sistem ve Diffie-Hellman Anahtar Değiştokuş Sistemi gerçekleştirilmi ve bu sistemler elde edilen veri büyüklüğü, ziyaret edilen istemci sayısı, şifreleme anahtar boyu ve algoritması gibi farklı değişkenler kullanılarak test edilmiştir. Çalışmanın sonuç kısmında, gezgin İnternet aracılarının ihtiyaçlarına göre uygun şifreleme sisteminin seçilebilmesi için test sonuçları hakkında yorumlar yapılmıştır.

Özet (Çeviri)

IV ABSTRACT HOW CRYPTOGRAPHIC IMPLEMENTATIONS AFFECT MOBILE AGENT SYSTEMS In this Master Thesis Project we studied on mobile agent systems and cryptographic implementations used in these mobile agent systems for data protection. Also this thesis examines how cryptographic implementations affect mobile agent systems. A mobile agent is a program that can move from machine to machine under its own control in order to achieve some tasks over a heterogeneous network. Although mobile agents have many practical advantages, they have significant drawbacks such that protecting mobile agents from malicious mobile agent servers and protecting mobile agent servers from malicious mobile agents. The practical part of this work aims to examine how cryptographic systems affect the mobile agent systems. One-time Key Generation System and Diffie-Hellman Key Exchange System are implemented and tested using different variables such that retrieved data size, visited number of clients, encryption key sizes and algorithms. At the conclusion part of the study, we commented on the test results to be able to choose a cryptographic system according to the mobile agent requirements.ÖZET ŞİFRELEME GERÇEKLEŞTİRMELERİNİN GEZGİN İNTERNET ARACI SİSTEMLERİNİ NASIL ETKİLEDİ?İ Bu yüksek lisans çalışmasında, gezgin İnternet aracı sistemleri ve gezgin İnternet aracı sistemlerinde verilerin korunması için kullanılan şifreleme gerçekleştirmeleri üzerinde çalıştık. Gezgin İnternet aracısı, çoktürel ağlar üzerinde verilen görevleri yerine getirmek üzere kendi kontrolünde bir makineden diğer makineye gidebilen programdır. Gezgin İnternet aracılarının uygulamalı birçok avantajı olmasına rağmen gezgin İnternet aracılarının kötücül gezgin İnternet aracı sunucularından ve gezgin İnternet sunucularının kötücül gezgin İnternet aracılarından korunması gibi önemli dezavantajları vardır. Bu çalışmanın uygulamalı kısmının amacı şifreleme sistemlerinin gezgin İnternet aracı sistemlerini nasıl etkilediğinin incelenmesidir. Bir Kullanımlık Anahtar Üretmeli Sistem ve Diffie-Hellman Anahtar Değiştokuş Sistemi gerçekleştirilmi ve bu sistemler elde edilen veri büyüklüğü, ziyaret edilen istemci sayısı, şifreleme anahtar boyu ve algoritması gibi farklı değişkenler kullanılarak test edilmiştir. Çalışmanın sonuç kısmında, gezgin İnternet aracılarının ihtiyaçlarına göre uygun şifreleme sisteminin seçilebilmesi için test sonuçları hakkında yorumlar yapılmıştır.VI TABLE OF CONTENTS ACKNOWLEDGEMENTSiii ABSTRACTiv ÖZETv TABLE OF CONTENTSvi LIST OF FIGURESix LIST OF ABBREVIATIONSxi 1. INTRODUCTION1 1.1. MASIF1 1.2. IBM's Aglets Software Development Kit2 1.3. About This Thesis3 2. MOBILE AGENTS4 2.1. Characteristics of Mobile Agents4 2.1.1. Mobility5 2.1.2. Autonomy5 2.2. Evolution of Mobile Agents5 2.2.1. Remote Procedure Calls (RPC)5 2.2.2. Remote Evaluation (REV)5 2.2.3. Mobile Agents6 2.3. Mobile Agent Systems7 2.4. Applications of Mobile Agents9 2.4.1. E-commerce9 2.4.2. Search Engines and Content-Based Image Indexing and Retrieval...9 2.4.3. Personal Assistance10 2.4.4. Electronic Mail...10 2.4.5. Parallel Processing for Distributed Systems10 2.5. Benefits of Mobile Agents11 2.5.1. Reduce Network Load11 2.5.2. Overcome Network Latency11 2.5.3. Execute Asynchronously and Autonomously11 2.5.4. Heterogeneous12vıı 2.5.5. Robust and Fault Tolerant12 2.5.6. Adapt Dynamically12 2.6. Drawback of Mobile Agents12 IBM AGLET MODEL13 3.1. Basic Elements13 3.2. Aglet Life-Cycle14 3.3. Benefits of Agent Characteristics of Java15 3.3.1. Platform Independence15 3.3.2. Secure Execution15 3.3.3. Dynamic Class Loading15 3.3.4. Multithread Programming16 3.3.5. Object Serialization16 3.4. Drawback of Agent Characteristics of Java16 3.4.1. Inadequate Support for Resource Control16 3.4.2. No Protection of References17 SECURITY ISSUES18 4.1. Protecting Mobile Agents from Malicious Host18 4.2. Protecting Hosts From Malicious Mobile Agents18 4.3. Protecting Mobile Agents from Other Agents19 4.4. A Security System for Data Protection of Mobile Agents19 4.4.1. Key Generation Module21 4.4.2. Algorithm of the System22 4.4.3. Rlk, R2k Random Numbers22 4.4.4. Generation of DES Key Seed22 4.4.5. Agent Execution and Retrieving Data23 4.4.6. Encryption of Rlk, R2k and DSA (DES (data))24 4.4.7. Creating New Coupler for the Next Server26 4.4.8. Decryption of the Cipher26 4.5. Step by Step Implementation of the Encryption System27 4.5. 1. Generating Initial Coupler CO, RSA, DSA Key Pairs and Sending the Aglet to the Next Server27 4.5.2. Receiving Aglet and Generating Rl, R2 Random Numbers27 4.5.3. Generating DES Key28vııı 4.5.4. Encrypting the Plaintext and Signing28 4.5.5. Combining the Rl, R2 and DSA(DES(data)) and Encrypting Using RSA29 4.5.6. Receiving Aglet and Decrypting RSA Cipher text30 4.5.7. Decrypting the DES Cipher Text31 4.6. An Alternative Security Model Using Diffie-Hellman Key Exchange3 1 4.6.1. Diffie-Hellman Key Exchange31 4.6.2. Security Model with Diffie-Hellman33 5. EXPERIMENTAL RESULTS35 5.1. Test Environment35 5.2. Experiments with Different Encryption Algorithms35 6. CONCLUSION48 6.1. Number of Clients48 6.2. Size of the Retrieved Data49 6.3. Encryption Algorithms and Key Sizes49 REFERENCES50IX LIST OF FIGURES Figure 1.1. Tahiti Aglet server2 Figure 2.1. General representation of agent systems4 Figure 2.2. Evolution of mobile agents6 Figure 3.1. Relationship between Aglet and Proxy13 Figure 3.2. Aglet life-cycle model14 Figure 3.3. Object serialization in Java16 Figure 4.1. Overview of security system20 Figure 4.2. Key generation module21 Figure 4.3. DES key generation23 Figure 4.4. Generating coupler and key pairs27 Figure 4.5. Generating Rl and R2 random numbers27 Figure 4.6. Generating DES key28 Figure 4.7. Encrypting the plaintext and signing29 Figure 4.8. Encryption with RSA30 Figure 4.9. Decryption of RSA30X Figure 4.10. Decryption of DES31 Figure 4.11. Diffie-Hellman key exchange33 Figure 4.12. Security model using Diffie-Hellman key exchange33 Figure 5.1. Encryption vs. number of clients (500 Kbytes, 512 Bits)37 Figure 5.2. Encryption vs. number of clients (750 Kbytes, 512 Bits)39 Figure 5.3. Encryption vs. number of clients (1000 Kbytes, 512 Bits)40 Figure 5.4. Encryption vs. number of clients (500 Kbytes, 768 Bits)42 Figure 5.5. Encryption vs. number of clients (750 Kbytes, 768 Bits)44 Figure 5.6. Encryption vs. number of clients (1000 Kbytes, 768 Bits)45 Figure 5.7. Ratio of encryption algorithms for encryption systems (512 Bits)46 Figure 5.8. Ratio of encryption algorithms for encryption systems (768 Bits)47XI LIST OF TABLES Table 2.1. Agent mobility support8 Table 5.1. Aglet execution times for 500 Kbytes data size and 512 Bits key size for RSA (msec.)36 Table 5.2. Aglet execution times for 500 Kbytes data size and 512 Bits key size for Elgamal (msec.)36 Table 5.3. Aglet execution times for 500 Kbytes data size and 5 12 Bits key size for Diffie-Hellman (msec.)37 Table 5.4. Aglet execution times for 750 Kbytes data size and 512 Bits key size for RSA (msec.)38 Table 5.5. Aglet execution times for 750 Kbytes data size and 512 Bits key size for Elgamal (msec.)38 Table 5.6. Aglet execution times for 750 Kbytes data size and 512 Bits key size for Diffie-Hellman (msec.)38 Table 5.7. Aglet execution times for 1000 Kbytes data size and 512 Bits key size for RSA (msec.)39 Table 5.8. Aglet execution times for 1000 Kbytes data size and 512 Bits key size for Elgamal (msec.)40Xll Table 5.9. Aglet execution times for 1000 Kbytes data size and 512 Bits key size for Diffie-Hellman (msec.)40 Table 5.10. Aglet execution times for 500 Kbytes data size and 768 Bits key size for RSA (msec.)41 Table 5.11. Aglet execution times for 500 Kbytes data size and 768 Bits key size for Elgamal (msec.)41 Table 5.12. Aglet execution times for 500 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec.)42 Table 5.13. Aglet execution times for 750 Kbytes data size and 768 Bits key size for RSA (msec.)43 Table 5.14. Aglet execution times for 750 Kbytes data size and 768 Bits key size for Elgamal (msec.)43 Table 5.15. Aglet execution times for 750 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec.)43 Table 5.16. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for RSA (msec.)44 Table 5.17. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for Elgamal (msec.)45Xlll Table 5.18. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec.)45XIV LIST OF ABBREVIATIONS API ASDK CBR CPU DES DSA GSM IBM MASIF M.I.T. OKGS OMG PDA RAM REV RPC RSA SHA TCP URL WWW Application Programming Interface Aglets Software Development Kit Content Based Retrieval Central Process Unit Data Encryption Standard Digital Signature Algorithm Global System for Mobile communication International Business Machines Mobile Agent System Interoperability Facility Massachusetts Institute of Technology One-Time Key Generation System Object Management Group Personal Digital Assistant Random Access Memory Remove Evaluation Remote Procedure Call Rivest, Shamir and Adleman Algorithm Secure Hash Algorithm Transmission Control Protocol Uniform Resource Locator World Wide Web1. INTRODUCTION Over the last few years, Internet and local networks are becoming overloaded and busy. So that developers are searching for new software technologies other than client server, applets and servlets to overcome these problems. Mobile agent is an alternative to solve these problems. Mobile agent is a program that can halt itself, ship itself to another computer on the network, and continue execution at the new computer. The key feature of this kind of software agent is that both its code and state are mobile. There are some organizations that determine the standards for mobile agent systems. Object Management Group (OMG) and Foundation for Intelligent and Physical Agents (FIPA) represent almost 1000 members. Mobile Agent System Interoperability Facility (MASIF) is another foundation, which is supported by OMG. 1.1. MASIF Although mobile agents are new technologies, there are some various kinds. These systems differ widely in architecture and implementation, so some aspects of mobile agents should be standardized. MASIF [1] is a collection of definitions and interfaces that provides an interoperable interface for mobile agent systems. There are some aspects that MASIF standardize and doesn't standardize. Aspects that MASIF doesn't standardize:. Language interoperability Local agent operations such as agent interpretation, serialization/deserialization, and execution.Aspects that MASİF standardize:. Agent Management: Standard operations such as creating an agent, suspending it, resuming, and terminating should be done in a standard way for different types of agent systems.. Agent Transfer: Agent applications can freely move among agent systems of different types.. Agent and Agent System Names: Agent and agent system names allow agent systems and agents to identify each other.. Agent System Type and Location Syntax: The agent transfer cannot happen unless the agent system type can support the agent. The location syntax is standardized so that the agent systems can locate each other. 1.2. IBM's Aglets Software Development Kit The Aglets Software Development Kit (ASDK) is an implementation of Aglet API, which can be downloaded from IBM Tokyo Research Laboratory's Web site [2]. The Aglet API is a set of Java classes and interfaces that allows creating mobile Java agents. Figure 1. 1 represents the Tahiti Aglet server. Si^ft& ik}%mWk&&;'^fa*t^ -.- '- C i hr ?.WX. iej m Aglet Mobility View Options Tools Help >< Create AsrVfJ^b Retract e3tamples.simp]e.DisplayAglet : Mori Jim 16 22:46:47 EEST 2003 Hello, world! I amexamp] e3amp]es.http.WebServerAgkt : Mon Jun 16 22:45:55 EEST 2003 examp]es.hel]o.He]bAglet : Mon Jun 16 22:45:52 EEST 2003 Create : examples.simp]e.DisplayAglet fromatp://ism:4434/ Figure 1.1. Tahiti Aglet server1.3. About This Thesis In this part we will describe the order of how our work is organized. First of all we mention about theoretical information about mobile agents. Then it follows with the security issues of mobile agents and practical implementations. Next parts summarize the experimental results and conclusions. This thesis consists of following chapters:. Chapter 2,“”Mobile Agents“, is about theoretical information about mobile agents.. Chapter 3, ”IBM Aglet Model“, gives information about ASDK.. Chapter 4, ”Security Issues“, is about the security concern with the mobile agents and implementation of cryptographic systems for data protection.. Chapter 5, ”Experimental Results“, includes results obtained from tests using ASDK according to some variables.. Chapter 6, ”Conclusion“, summarizes conclusions of this study according to test results.2. MOBILE AGENTS Mobile agents are software programs that can migrate from one node to another autonomously and can collect, filter and process the information. They can suspend their own executions, transfer themselves to another agent server and resume their execution. Mobile Agent MIGRATION Agent Server A ?*”Mobile Agent Agent Server B Authentication and decryption of code, data and state of mobile agent Figure 2.1. General representation of agent systems Mobile agents include the code, the data and the state of running application during their itinerary. They need agent servers to execute. Agent servers' role in the agent environment is to load mobile agents' code and to provide communication between the nodes. 2.1. Characteristics of Mobile Agents Although there is no exact set of characteristics that define an agent, there are two main characteristics that an agent must have:2.1.1. Mobility Mobility is the primary characteristic of mobile agents. By using mobile characteristic, mobile agents can migrate from one node to another where data is physically stored. When mobile agent travels to the host and access the data locally, it prevents the transfer of large amount of information from one host to another. 2.1.2. Autonomy Another essential characteristic of mobile agents is autonomy. A mobile agent is able to travel and execute without direct need of human intervention or guidance. Also, the agent maintains control over its own actions and state. Mobile agents can collect, filter, process the information and return back to the home server so the user can perform other applications in the same time. 2.2. Evolution of Mobile Agents 2.2.1. Remote Procedure Calls (RPC) In the RPC model, there are two processes: client process and server process. Client process sends a message including procedure parameters and wait for the results. After receiving them, client process resume execution. On the server side, server process waits for a message and when a message is arrived, it executes a procedure using the parameters. Server process returns the procedure results to the client and waits for the next message [3,4]. 2.2.2. Remote Evaluation (REV) Remote evaluation is an extension to the RPC model. It allows the client to send a request to the server in the form of a program. The server executes this program locally and returns the results to the client. This is synchronous a interaction that the client is blocked until the remote computation finishes and returns the results [5].2.2.3. Mobile Agents Mobile agent comprises the code, the data and the context that it can migrate from one server to another. Unlike REV, mobile agents doesn't have to return any results to the client or home server. Also mobile agents have much more autonomy that remote procedure calls. Figure 2.2 illustrates the differences between RPC, REV and mobile agents. Figure 2.2. Evolution of mobile agents #?,tf£lN2.3. Mobile Agent Systems Telescript [6], developed by General Magic, includes an object-oriented, type-safe language for agent programming. Telescript servers are called as places. Telescript has significant support for security, including an access control mechanism similar to capabilities [7]. Each agent and place has an associated authority. A place can query an incoming agent's authority and deny its entry or restrict its access rights. Each agent has a permit, which specifies its access rights and resource consumption quotas. Agents that exceed their quotas or attempt unauthorized operations are terminated by system. Because Telescript is not successful commercially, General Magic reimplements Telescript with Java classes and named as Odyssey. Tacoma is developed by the University of Tromso, and Cornell University. Agents are written in Tel language [8]. Tacoma generally focuses on operating system support for agents. The Tacoma system is based on Unix and Transmission Control Protocol (TCP). Tacoma agents can carry scripts written in C, Tcl/Tk, Perl, Pyhton and Scheme. Agent Tel is developed by Dartmouth College and allows Tel scripts to migrate between servers [9]. It focus on five research areas: o Performance. o Support for multiple languages. o Cryptographic authentication and restricted execution environments to protect a machine from malicious agents, o Economic-based models to limit agent's resource consumption, o Networking sensing, navigation and planning to determine the best path through the network according to its task. Agent Tel has two main components: o A server that runs on each computer. o An execution environment for each supported language.Azlet is a Java-based system developed by IBM. Agents (called Aglets), migrate between agent servers (called Tahiti), located on different network hosts. Aglets will be mentioned in detail later. Concordia [10] developed by Mitsubishi Electric, supports mobile agents written in Java. Like most Java-based systems, it provides agent mobility using Java's serialization and class loading mechanisms. A Concordia system is made up of Java VM, a server and a set of agents. In this system agent state is protected during transition. Servers can protect their resources using access control list based on user identities. Each agent is associated with a particular user and carries user's password, which is hashed. This system can only be used in closed networks because passwords should be stored in global file for verifying. Voyager is a Java-based agent system, which is developed by ObjectSpace [11]. In this system a global unique identifier is assigned to an agent and a symbolic name during the creation of agent. Agents migrate to other servers by moveTo command. Following table summarizes the agent system naming and agent migration: Table 2.1. Agent mobility support2.4. Applications of Mobile Agents 2.4.1. E-commerce E-commerce is an up growing industry such that only in United Stated online sales grew 52% over last year to $78 billion (Forrester Research) so different technologies are thought to be used in e-commerce. Mobile agents are one of these technologies that they can perform transactions between business-to-business, business-to-consumer and consumer-to-consumer. Mobile agents reduce the amount of human interaction in order to buy and sell goods. Kasbah System, developed in M.I.T., is a good example of how mobile are used in e- eommerce. Users who would like to buy or sell item create the agent and dispatch it to agent marketplace. This agent finds other buying/selling agents and negotiates with them on behalf of the user. If they agreed according to the constraints that are defined by the user, they return back and inform the users. Lastly they arrange the payment and delivery of the item. Another example is Zeus agents, which is developed in Hewlett Packard Laboratories by using British Telecommunication's Zeus Toolkit, which is written in Java [12]. 2.4.2. Search Engines and Content-Based Image Indexing and Retrieval In the content-based retrieval (CBR) searching technique, search engines are queried according to a sample media type and similar media types are returned back. [13] In this technique, search engine generates a list of URLs pointing to a similar images and a thumbnail for each image. In the WWW indexing is used as centralized. Because of centralized indexing, bottlenecks are occurred when attempting to locate information. To cope with these bottlenecks the index needs to be decentralized in the same manner. Mobile agents can be used for performing distributed indexing [13, 14].10 2.4.3. Personal Assistance Mobile agents can be used for personal assistance such that scheduling a meeting. An interesting study was performed in [15] on this subject. An organizer will organize a videoconference with the participants who are in different domain but have the same electronic agenda server domain. A mobile agent is dispatched by organizer and visits all participants. Mobile agent negotiates the potential rescheduling with the each participant's personal agent on his behalf. Mobile agent only returns the possible schedules. 2.4.4. Electronic Mail Today a widely used communication tool is e-mail but if slow dialup connection is used, opening large attachments or spam mail is becoming a problem. Also mobile users that use low capability devices such as mobile phones or PDAs might not be able to read the attachments because the format is simply not supported by the device. S. Karnouskos and A. Vasilaskos proposed a new flexible, secure and intelligent mobile e-mail system [16]. In this e-mail platform, system will contain context information for each user. This context information includes user's location and devices with capabilities. This context information could be updated by mobile agents. Also mobile agents could be used to retrieve user's location, i.e. querying GSM phones. When a PDA user receives an email, which includes an attachment with video and sound, video may be send to mobile phone of the same user and sound is send to PDA if PDA doesn't support video format. 2.4.5. Parallel Processing for Distributed Systems Another area that mobile agents can be used is distributed computing. When a calculation requires so much computing, it could divided into discrete units and each can be assigned to mobile agents than mobile agent would be dispatched to the host with the smallest workload and return back with the results. This technique is successfully tested on prime number calculation by Penny Noy and Michael Schroeder [17].11 Some of the other applications of mobile agents are:. Weather Forecast [ 1 8]. Distributed Intrusion Detection [ 1 9]. Telemedicine [20] 2.5. Benefits of Mobile Agents Various reasons to use mobile agents [21]: 2.5.1. Reduce Network Load When very large amounts of data are stored at the remote hosts, these data should be processed locally instead downloaded over the network. Mobile agents allow transporting the program to the data to process locally rather than transporting the data to the program. Generally this reduces network load. 2.5.2. Overcome Network Latency In the real-time systems, the most important point is to respond to change in real time. Controlling such systems through a large network, significant network latencies occur. To overcome this network latency, mobile agents are alternative solution because mobile agents can be dispatched from a central controller to act locally and execute the controller's directions. 2.5.3. Execute Asynchronously and Autonomously It is not economic to maintain a continuous network connection for mobile devices such as PDAs, cellular phones and mobile devices because they have expensive network conditions. At this point mobile agents are useful because they do not require a continuous network condition. Use could dispatch a mobile agent into the network and disconnect the12 connection. When user reconnects, mobile agent returns back with completing its tasks. This is also very useful for laptops because it provides power consumption. 2.5.4. Heterogeneous Mobile agents are computer independent and depended only execution environment. This is an important benefit because networks may consist different types of computers and different types of software. 2.5.5. Robust and Fault Tolerant Mobile agents can react effectively to undesired changes to the environment. For example if a network host is to be shutdown the mobile agent can detect this and dispatch itself to another host. 2.5.6. Adapt Dynamically Mobile agents can clone themselves to maintain optimal configuration for solving a problem. 2.6. Drawback of Mobile Agents Although mobile agents have many advantages, they have a major drawback such that security threads. As mentioned before mobile agents could be used in many applications but all these applications feel need for security mechanism. For example if a mobile agent were used for e-commerce, maybe it would carry credit card number and personal information. All these critical information should be protected against malicious servers or third parties. Also malicious agents could be exist in the network so agent servers should protect their stored data or prevent their CPU usage from agents.13 3. IBM AGLET MODEL As it is briefly described at the previous section, Aglet is a Java-based system developed by IBM [22]. Agents (called Aglets), migrate between agent servers (called Tahiti), located on different network hosts. 3.1. Basic Elements IBM Aglet agent system is formed by 3 basic elements:. Aglet: An Aglet is a mobile Java object that visits Aglet-enabled hosts in a computer network. It is autonomous because it runs in its own thread of execution after arriving at a host.. Proxy: A Proxy is a representative of an Aglet. It serves as a shield that protects the Aglet from direct access to its public methods. Figure 3.1 illustrates the relationship between Aglet and Proxy.. Context: A context is an Aglet's workspace. Context provides maintaining and managing running Aglets in a uniform execution environment where the host system is secured against malicious Aglets.. Identifier: An identifier is bound to each Aglet. This identifier is unique throughout the lifecycle of the Aglet. Clients Figure 3.1. Relationship between Aglet and Proxy14 3.2. Aglet Life-Cycle There are basically only two ways to bring an Aglet to life: one is creation; another is cloning from an existing Aglet. Figure 3.2. represents the life-cycle of an Aglet [23]. Dispose Clone Aglet L_ Dispatch Retract Create Deactivate Class File Active Disk Storage Figure 3.2. Aglet life-cycle model Creation: The creation of an Aglet takes place in a context. An identifier is assigned to new Aglet and initialized. The Aglet starts executing after successfully initialized. Cloning: Cloning of an Aglet is copying the original Aglet. The only difference is the assigned identifier. Dispatching: Dispatching an Aglet from one context to another will remove it from its current context and insert it into the destination context, where it restarts execution. Retracting: The retraction of an Aglet will remove it from its current context and insert it into the context from which retraction is requested. Activation and Deactivation: The deactivation of an Aglet is the ability to temporarily halt its execution and store its state in the secondary storage. Activation of an Aglet will restore it in the same context. Disposal: The disposal of an Aglet will halt its current execution and remove it from its current context.15 3.3. Benefits of Agent Characteristics of Java 3.3.1. Platform Independence Java is designed to be able to operate in heterogeneous environments. Java compiler generates byte code to make the Java applications to run on any computer where Java runtime system is present. Java byte code different from the non-portable native code. The Java language is not platform dependent such as primitive data types are not dependent on the underlying processor or operating system. Also libraries are platform independent. 3.3.2. Secure Execution As Java is also been known Internet language, it provides security mechanisms for the secure design. These are the security concepts of Java:. Does not allow illegal type casting or ant pointer arithmetic.. Programs do not have access to private data in objects. If byte code is changed, Java runtime environment ensures that the code will not violate the rules of Java.. Java has a security manager to check operations such that file access and network connections. 3.3.3. Dynamic Class Loading Dynamic class loading mechanism allows the Java virtual machine to load and define classes at runtime. This provides a protective name space for each agent, so each agent can execute safely.16 3.3.4. Multithread Programming An agent can execute independently of other agents being in the same place. Java allows each agent to execute in its own process, which is also called thread of execution. 3.3.5. Object Serialization Object serialization is briefly described by N. Karnik in his Ph. D. Thesis [24]. Java provides object serialization functions, which allow us to convert an object instance into a machine independent array of bytes. This byte array can be transmitted over a network to another host and de-serialized there where converted back to a Java object. This is illustrated in Figure 3.3. This is the most important property for agent's mobility. Figure 3.3. Object serialization in Java 3.4. Drawback of Agent Characteristics of Java Although Java language system is suitable for mobile agents, it has some disadvantages that some of them can be handled by work around solutions, but some of them couldn't be handled. 3.4.1. Inadequate Support for Resource Control Java language is not adequate to provide resource control. An agent can start looping and waste processor cycle and start consuming the CPU and memory resources. In the terminology of security, this is called denial of service. Using this inadequateness, one type of attack is an agent group penetrated into a server and takes over all its resources and17 makes it impossible to operate. Unfortunately Java couldn't provide limiting the CPU and memory resources allocated by an object. 3.4.2. No Protection of References A Java object's methods are available to any other object that has a reference to it. This access is very important for agent. There is no way that the agent can directly monitor and control which other agents are accessing its methods. In the Aglets, this problem is solved by using a Proxy object between the caller and the callee to control access.18 4. SECURITY ISSUES As described before mobile agent technology introduces many potential advantages that result from its mobility and autonomy features such as reducing network load, being robust and fault tolerant. Despite of its advantages, mobile agent technology raises several security problems. Nowadays, security problems recognized as a major problem to put mobile agent technologies in practical use. The security problems can be categorized as follows: 4.1. Protecting Mobile Agents from Malicious Host Although mobile agents can act autonomously, it is obvious that they require mobile agent servers to execute. At this point integrity and confidentiality is major concern for mobile agents because a mobile agent server could modify, remove or add mobile agent code or data. So it is important that server shouldn't able to tamper with an agent or its information. Following criterias should be ensured [25, 26]:. Sensitive information never passes through an untrusted machine in an unencrypted form.. The information should be meaningless without cooperation with a trusted site.. Theft of the information should not be catastrophic and could be detected by an audit. 4.2. Protecting Hosts From Malicious Mobile Agents As mobile agents execute on mobile agent servers, malicious mobile agents may pretend to be a virus or worm and could give damage to servers. When a mobile migrates to a server, it uses the server's CPU and data stores to execute. So following precautions should be taken at the server side [27]:19. Server should authenticate the agent.. Resource limits should include access rights for reading a certain file and CPU usage. 4.3. Protecting Mobile Agents from Other Agents During mobile agents execute on the mobile agents environment, they could execute at the same machines and meet. So agent should not permit the other agents to steel or modify the agent's resources. This problem can be viewed as like a protecting the machine. 4.4. A Security System for Data Protection of Mobile Agents As described before during the trip of the mobile agent, confidentiality and integrity of agent data should be obtained. For instance if a mobile agent is used in e-commerce application to buy or sell books, it will travel from one host to another, find the cheapest book and buy it. In this application to buy this book, it should carry the credit card number or personal information. This information should be kept secret and confidentiality and integrity should be provided. A one-time key generation system is proposed by Jong-Youl Park for the confidentiality and integrity of agent data [28]. The main idea is a sequence of interrelated encryption keys to encrypt the agent data. Important point of the system is one-way hash function, which is used to generate the encryption keys and make the system one way. Figure 4.1 illustrates the general view of the system.20 Agent Server ASk Agent Structure on Agent Server ASk.i Agent Code Encrypted Data DESfc,(dataM) Encrypted random number ASo-pub (Rlk-i) R2k- Coupler Ck.; Sep I Agent Structure on Agent Server ASk Code Check * ? Agent Run i t Step 3 RU Step 2 >. Hash (1) Encryption DES key R2k Step 4 > Hash (2) Kev Generation Module Agent Code Encrypted Data DESk.,(jiatok.i) D£Sk (data*) ASo.pUb (Rlk-b k-l- ) I- AS“.pub(Rlk,R2k...) > Coupler Ck Figure 4.1. Overview of security system As illustrated in Figure 4.1, at the first step agent server ASk-i generates a coupler and sends it to the next agent server ASk. If ASk-i is home server, coupler Co is random 160-bit value generated by ASn. Secondly, after receiving Ck-i, server ASk generates own DES key in the key generation module, which is based on one-way hash function. Combination of Ck-i and random number Rlk is used as an input for the first hash function and output of the first hash function is used as a DES key seed to encrypt data retrieved from server ASk. At the third step server ASk encrypts data using the previously generated DES key, which is the output of the first hash function. At the last step, to establish inter-relationship between servers, server ASk generates a new coupler using the combination of output of the first hash function and random number R2k as an input of the second hash function. Also random numbers Rlk and R2k are encrypted using the home server's public key and send to home server to be able to decrypt the ciphers. When the next server receives the coupler, it also generates own DES key and encrypt the data.21 4.4.1. Key Generation Module A one-time agent key, which is used to encrypt the data, is based on this one-way property, and it provides an inter-relationship between two consecutive agent keys. Figure 4.2 briefly shows how to make the inter-relationship; Rlk and R2k are 320 bits random numbers generated by the current host and they are encrypted with ASo-pub, the public key of the home server. ASk.! ASk coupler Ck-1 & Ck-i ® & Hash Function (> Hash Function Code Agent ASk ck -- »< c, coupler Agent Datak DesKey DESk(Datak) run Code Code Figure 4.2. Key generation module22 4.4.2. Algorithm of the System A server, ASk, receives a coupler Ck-i from the previous server, ASk-i, and generates random numbers Rlk and R2k that are secret information of ASk. If ASk-i is the home server (ASo), it creates a mobile agent and the initial coupler Co, and then dispatches it to the next agent server ASi. Otherwise agent server ASk generates its key seed Sk using Ck-i, Rlk and SHA-1, and also generates a new DES key based on Sk. then ASk generates Ck, a new coupler for the next agent server, and sends it to the next agent server ASk+i with the agent data. 4.4.3. Rlk, R2k Random Numbers Rlk and R2k are provided by the current host, and they are encrypted with ASo-pub, the public key of the home server. An agent key is created using not only Rlk but also the coupler Ck-i. So only the home server, ASo, can have Rlk, R2k, and Ck-i for each host, and reconstruct every agent key. In order to generate a one-time agent key, two random numbers Rlk and R2k are generated and they are 320 bits. These are used to scramble a coupler and to satisfy the secure condition of the one-way function from the birthday attack. Secure condition of a one-way hash function imposes restrictions on size of input and output data; size of an output must be more than 128-bits and that of input is double of the output size. For the reason of secure condition, Rlk and R2k, which are inputs of SHA-1, is decided on double size (320-bit) of the output (160-bit). They are encrypted using ASo-pub, the public key of the home agent server. Therefore only the home ASo can decrypt them. 4.4.4. Generation of DES Key Seed As it is seen in Figure 4.3 Sk is the DES key seed, which is used for DES key generation. It is the digest of the hash function SHA-1 where its input is the combination of Ck and Rlk- Combination is refers to XOR operation between Ck-i and Rlk. Before the XOR operation Ck-i should be concatenated with the same value because Ck-i is a 160-bit value and Rlk is 320-bit value. Equation is as follows:23 S^SHA-ÜC^-.C^Rl,) (4.1) To make these two variables at the same size concatenation is necessary. After DES key seed is generated, data retrieved from current server is encrypted with the DES key, which is generated using DES key seed. Figure 4.3 illustrates the generation of DES key from the DES key seed: 159 11 ? T> 6T, t M QS ? Qrt 177 ? 1?R Sk3 Sk3 Sk3 W DES key Figure 4.3. DES key generation 4.4.5. Agent Execution and Retrieving Data Data is the result of the agent execution and is encrypted with the agent key, which generated previously. datak = agent data retrieved from server ASk (4.2.)24 4.4.6. Encryption of Rlk, R2k and DSA (DES (data)) Rlk, R2k, and DSAk(DES(data)) are encrypted by current server with ASo-pub. Agent data, i.e. ASo-pub(Rlk, R2k, DSAk(DES(data))), might be modified or be deleted by another agent server. However, when the agent returns to the home server ASo, the deletion or modification is detected due to the inter-relationship among Sk's. In addition, digital signature is inserted to encrypted data to verify the data. In the implementation part RSA is used for the encryption. Encryption = AS^^ (Rlk, R2k, DSAk (DES(data))) (4.3) As a public key cryptography algorithm RSA or ELGAMAL could be used. The RSA algorithm is a cryptosystem for both encryption and authentication developed in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman. Following steps represents the RSA key generation, encryption and decryption phases [29]: Key generation:. Select p, q where p and q both prime numbers,. Calculate n = pxq. Calculate 0(n) = (p-l)(q-l). Select integer e where gcd(0(n),e) = 1 ; l : [ 27 -89 -50 83 1 123 27 67 31 51 75 -91 36 110 -64 -49 60 54 69 -82 I XXXXXXXXXKXXXKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXHXX Generating RSA key pairRSA Key pair generatedGenerating DSA key pair - DSA Key pair generated... ”ixxx Addr: atp: //ism =4435 place: Figure 4.4. Generating coupler and key pairs 4.5.2. Receiving Aglet and Generating Rl, R2 Random Numbers After home server dispatches the Aglet, client server receives it and generates random numbers Rl and R2. XXXXXXXXXXXXXXXXXXXXXMXXXMWXXXXXXXXXXXXXXXXXXKKXXXMXXXXXXXXMMXI* I fiM HT THE 1. SERUER*3E3gXXXXMXXXXXXXXXXXXXXMXXXXXXXX«-X-«XXXXXXXXMXXXX-KXXXXX'»fr»H6XXXXXXX Generating Random Numbers Ril, R21 fill : C 37 121 -11 87 -6 -120 -88 76 89 58 15 77 17 -186 -116 72 -11 -44 -102 19 -95 49 6 91 40 -29 37 44 -128 35 -108 24 121 42 -95 68 -55 118 -54 69 ] R21 : 1-123 -25 81 76 117 75 -55 84 122 -22 -42 95 -20 -100 -63 70 -90 124 -21 -114 -54 120 -55 -63 -42 -45 3 1 -24 -70 -30 56 107 -11 -28 0 -66 118 76 -53 3 XXXXXXMXXXXXXXXXXXXXXXXXXMMXXXXXXXXXXXXXXMXXXMMXXXXXXXMMXXMMXXK- Figure 4.5. Generating Rl and R2 random numbers28 4.5.3. Generating DES Key Client server generates DES key using random number Rl and received coupler CO to encrypt the plain text. *** DES KE¥ GENERATION *** MaKMMXKKaaMKXlilOIKXKXXXtBHWHt-M-X-H /////// / Rİİ /- /////// MHOR>! HASH FUNCTI0N !> * DES KEY * ft*««*3frM-»*BfrJM«£ I /////// \ / G0 //////// Generating DES KeyDes Key Seed : [ 107 68 77 56 94 -38 -46 27 ] DES Key is GeneratedDES Key : T 21-123 -95İ492 74 -89 107JW»BH»etXXXXXXXKX«!e!XXXXaMKKMXXXXWaXXXX«XXXKX?HiXXXXl(X»BaXXXXi»Ht Figure 4.6. Generating DES key 4.5.4. Encrypting the Plaintext and Signing Data, retrieved at the client server, is encrypted using the previously generated DES key and ciphertext is signed.29 !!!!?!!!!!!!!!!!!****!!??*!! DATA : ismail ENCODED DATA : : [ 105 İİ5 109 97 105 108] Encrypt ing Data with DESData is EncryptedENCRYPTED DATA : [ 126 93 111 112 29 -45 8 1841 ^X«KXXKKKXXXXXXXMMXWHHH] *** «SHt *X-X- MXXXXXXXXXKXKKKKXXHM-MKKXXKXKXK Signing The Encrypted DataDSA.Lenght = 46 Encrypted Data Signed52 35 97 -43 36 42 64 -122 60 18 -100 -81 2 20 126 79 -26 70 10 65 -72 70 53 3 -35 65 ] iHHBHWtXXXXXXXXXWHHHWHBHHH(XXXXXXli*iHHCXXKXXXKXXXXXX4HHt«XXKXXXKWt Figure 4.7. Rncrypting the plainte* 4.5.5. Combining the Rl, R2 and DSA(DES(data)) and Encrypting Using RSA Random numbers Rl, R2 and signed DES data are encrypted using RSA public key, so only home server can decrypt it using its private key. After Encryption is completed Aglet is dispatched to home server.30 Encrypting Combined Data Using RSA Public Key... Encyrption is CompletedIHlMKKKKKXXKKIIKKKXIIKieKKKKlHBHHHHlKXXKKKKllKKKXKICmilBHt^iBHHi *** CIPHERTEXT = RSft CR11, R21, DSA EDES I> ~~~ K4H* KKK KXKKKK-«»MKKKKKKKKKKWWXKKKMMMMKKKKKKKM-K»K-K-K-M-»MKKKKKMKKMW 18 -127 8 -29 93 -99 83 3 »X»XXX»XMeHH«HH(XXXXXXXX«»XXX»^HHtX«(X«XXX»HHHWWWWtW(X*lHHHBHH(» kkkkk flddr: atp://isn/ place: Figure 4.8. Encryption with RSA 4.5.6. Receiving Aglet and Decrypting RSA Cipher text When home server receives the Aglet first of all it decrypts the RSA cipher text using its private and obtain random numbers Rl, R2 and Signed DES data. Because home server has signed DES data, it verifies whether it is changed or not. «-W-W-M-M X X X M X M M M X X M M X X X X X-3g^»E-*XK»XKXXX»»XllKI(lHHll(XXXXKIHBHHHHHHBeHlKKKX)t ENCODED PLAIN TEXT RECEIUED FROM SERUER 1 : [ 105 115 109 97 105 108] XmtKKXXXMXXXXXKKXXlCXXXXXXllXXXXKXXKXXXXlBlXXXXXXXKKKMXKXiHtXMWXXX PLAIN TEXT RECEIUED FROM SERUER 1 : ismail Figure 4.10. Decryption of DES 4.6. An Alternative Security Model Using Diffie-Hellman Key Exchange Although previously described security system provides data protection during the itinerary, it has some disadvantages:. The security system completely depends on the initial coupler Co. If this value is replaced or disrupted, all of the system will collapse down. Another security system is proposed in this thesis, which is based on the Diffie- Hellman key exchange. 4.6.1. Diffie-Hellman Key Exchange Diffie-Hellman key exchange is proposed by Whitfield Diffie and Martin E. Hellman [31]. The purpose of the algorithm is to enable two users to exchange a secret key securely than can be used for encryption. Diffie-Hellman allows two A and B to agree on a shared key through public messages:32. Alice and Bob publicly agree on: o p: large (5 12-bit) prime number o g: smaller number, not prime, g mod p. Both k values are same. kA = TBS“ mod/? = \gSB modp) A mod/? (4.6) kB = T/B mod p = (gSA mod pfB mod p (4.7) If the following Chinese Remainder Theorem is applied to above equations, it can be proved that kA = ks. Chinese Remainder Theorem: (x mod pY mod/? = x7 mod/? (4.8) So; kA=kB=gSBS”modp (4.9) Figure 4.1 1. Illustrates the Diffie-Hellman key exchange:33 Generate Random Sa Calculate Ta = gSA mod p Calculate k = (TB)SAmodp Generate Random Sb Calculate Tb = gSs mod p Calculate k - (Tb)^ mod p Figure 4. 1 1. Diffie-Hellman key exchange 4.6.2. Security Model with Diffie-Hellman This security model is based on Diffie-Hellman key exchange. The main idea of this model is encrypting the data using one key, which is obtained with Diffie-Hellman key exchange. Figure 4.12. Illustrates this security model. Agent Code Public T]x Public T2x Public Tn.lx Public Tn Code Check * ? Agent Run DES key 1“ Encryption Diffie Hellman Key Exchange ^. Agent Code *. DES(dataO *' Public Tiv Public T2x Public Tn.i, Public T”. Figure 4.12. Security model using Diffie-Hellman key exchange34 Let's explain the system step by step: Home server generates public Tjx values for each agent server in the network using the public values p and g. When agent server receives the agent, it generates a secret value using Diffie- Hellman key exchange algorithm. Agent server uses this secret key as a DES key seed, generates DES key and encrypt the retrieved data. Generates public Tiy value, which will be used by home server to generate secret key. Replace this Tiy value with the Tix value and send the agent to the next server. When home server receives all Tny values it generates secret keys and DES keys so it is able to decrypt all encrypted data.35 5. EXPERIMENTAL RESULTS In this section our aim is to examine how encryption system affects our agent system and the performance of different types of encryption algorithms in the agent system. For this examination we performed our tests according to following variables:.. Different data sizes which is retrieved from agent servers. Different encryption algorithms. Different key sizes for encryption. Different number of agent servers. 5.1. Test Environment In this project we have constituted a local area network using 3 computers:. PHI 500 MHz. 192 Mb. RAM. Celeron 466 MHz. 256 Mb. RAM. Celeron 433 MHz. 160 Mb. RAM These 3 computers have connected with 100Mbps. ethernet card over a hub. 5.2. Experiments with Different Encryption Algorithms In this section we present our results obtained for different encryption algorithms. As it is previously described in the one-time key generation system, for equation 4.3, RSA and ElGamal algorithms are used for public key encryption and Diffie-Hellman key exchange model is compared. Table 5.1, Table 5.2 and Table 5.3 present the encryption, data retrieving and agent journey times for the following parameters:36. Data size: 500 Kbytes. Encryption key size: 512 Bits Figure 5.1 represents the percentage of encryption period for the encryption algorithms according the same parameters. Table 5.1. Aglet execution times for 500 Kbytes data size and 512 Bits key size for RSA (msec) Table 5.2. Aglet execution times for 500 Kbytes data size and 512 Bits key size for ElGamal (msec)37 Table 5.3. Aglet execution times for 500 Kbytes data size and 512 Bits key size for Diffie-Hellman (msec)“?if l\v3A\ ElGamal -*- Diffie-Hellman 3 5 7 Number Of Clients Figure 5.1. Encryption vs. number of clients (500 Kbytes, 512 Bits) Table 5.4, Table 5.5 and Table 5.6 present the encryption, data retrieving and agent journey times for the following parameters: Data size: 750 Kbytes Encryption key size: 512 Bits Figure 5.2 represents the percentage of encryption period for the encryption algorithms according the same parameters.38 Table 5.4. Aglet execution times for 750 Kbytes data size and 5 12 Bits key size for RSA (msec) Table 5.5. Aglet execution times for 750 Kbytes data size and 5 12 Bits key size for ElGamal (msec) Table 5.6. Aglet execution times for 750 Kbytes data size and 512 Bits key size for Diffie-Hellman (msec)39 RSA EIGamal. Diffie-Hellman 13 5 7 Number Of Clients Figure 5.2. Encryption vs. number of clients (750 Kbytes, 512 Bits) Table 5.7, Table 5.8 and Table 5.9 present the encryption, data retrieving and agent journey times for the following parameters:. Data size: 1000 Kbytes. Encryption key size: 512 Bits Figure 5.3 represents the percentage of encryption period for the encryption algorithms according the same parameters. Table 5.7. Aglet execution times for 1000 Kbytes data size and 5 12 Bits key size for RSA (msec)40 Table 5.8. Aglet execution times for 1000 Kbytes data size and 512 Bits key size for ElGamal (msec) Table 5.9. Aglet execution times for 1000 Kbytes data size and 512 Bits key size for Diffie-Hellman (msec) 13 5 7 Number Of Clients RSA ElGamal. Diffie-Hellman Figure 5.3. Encryption vs. number of clients (1000 Kbytes, 512 Bits)41 We performed the same tests increasing the key sizes from 512 bits to 768 bits for all three algorithms RSA, ElGamal and Diffie-Hellman. Table 5.10, Table 5.11 and Table 5.12 present the encryption, data retrieving and agent journey times for the following parameters:. Data size: 500 Kbytes. Encryption key size: 768 Bits Figure 5.4 represents the percentage of encryption period for the encryption algorithms according the same parameters. Table 5.10. Aglet execution times for 500 Kbytes data size and 768 Bits key size for RSA (msec) Table 5.1 1. Aglet execution times for 500 Kbytes data size and 768 Bits key size for ElGamal (msec)42 Table 5.12. Aglet execution times for 500 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec) EIGamal -k- Diffie-Hellman 3 5 Number Of Clients Figure 5.4. Encryption vs. number of clients (500 Kbytes, 768 Bits) Table 5.13 Table 5.14 and Table 5.15 present the encryption, data retrieving and agent journey times for the following parameters:. Data size: 750 Kbytes. Encryption key size: 768 Bits Figure 5.5 represents the percentage of encryption period for the encryption algorithms according the same parameters.43 Table 5.13. Aglet execution times for 750 Kbytes data size and 768 Bits key size for RSA (msec) Table 5.14. Aglet execution times for 750 Kbytes data size and 768 Bits key size for ElGamal (msec) Table 5.15. Aglet execution times for 750 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec)44 Figure 5.5. Encryption vs. number of clients (750 Kbytes, 768 Bits) Table 5.16 Table 5.17 and Table 5.18 present the encryption, data retrieving and agent journey times for the following parameters:. Data size: 1000 Kbytes. Encryption key size: 768 Bits Figure 5.6 represents the percentage of encryption period for the encryption algorithms according the same parameters. Table 5.16. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for RSA (msec)45 Table 5.17. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for ElGamal (msec) Table 5.18. Aglet execution times for 1000 Kbytes data size and 768 Bits key size for Diffie-Hellman (msec) 3 5 Number Of Clients RSA ElGamal. Diffie-Hellman Figure 5.6. Encryption vs. number of clients (1000 Kbytes, 768 Bits)46 We also observed the ratio of encryption algorithms for OKGS and Diffie-Hellman key generation system. Figure 5.7 represents these ratios. For example the first bar in Figure 5.7 represents DES, DSA and RSA ratios in the OKGS system when RSA is used for public encryption for 512 bits key size and 500 Kbytes retrieved data. Similarly second bar represent the ratios in OKGS but ElGamal instead of RSA is used for public key cryptography. Third bar represents the DES and Diffie-Hellman key exchange ratios for Diffie-Hellman key exchange system. Like Figure 5.7, Figure 5.8 also represents the ratios in the OKGS and Diffie- Hellman key exchange system for 768 bits key sizes. 500 KBits 750 KBits 1000 KBits 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% B Diffie-Hellman Key Exchange j D ElGamal ORSA QDSA HDES RSA/ElGamal/Diffie RSA/ElGamal/Diffie RSA/ElGamal/Diffie Hellman Hellman Hellman Figure 5.7. Ratio of encryption algorithms for encryption systems (512 Bits) m>' §p^ an» &»w47 100%-fT 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 500 KBits 750 KBits 1000 KBits ^ UDiffie-HelIman Key Exchange DEIGamal ORSA DDSA ' EDES RSA/ElGamal/Diffie Hellman RSA/ElGamal/Diffie Hellman RSA/ElGamal/Diffie Hellman Figure 5.8. Ratio of encryption algorithms for encryption systems (768 Bits)48 6. CONCLUSION In this thesis, we have integrated OKGS and Diffie-Hellman Key Exchange System to IBM Aglets and performed tests to compare these systems how they affect the agent system. As we performed our tests for different parameters, now we will conclude according to these variables. 6.1. Number of Clients In the experimental results section, from Figure 5.1 to Figure 5.6 represent that what ratio does the different encryption systems occur in the whole agent system. The whole agent system is formed with encryption system, Aglet's journey (serilization + class loading + travelling) and data retrieving. As a result when the number of clients that Aglet visits increase, the encryption ratio decreases because when tables from Table 5.1. to Table 5.16. are investigated, it can be concluded that while the increment rate of encryption time interval approximately equals to increment rate of the number of clients, increment rate of the journey time is more than increment rate of the number of clients. This is because of the fact that the agent carries the data retrieved from the previous servers. For example from Table 5.1., when the number of clients is increased from 1 to 7, the encryption time interval increases approximately 7 times, on the other hand journey time interval increases 1 1 times.49 6.2. Size of the Retrieved Data Again in the exprimental results from Figure 5.1 to Figure 5.6, it can be concluded that when the retrieved data size increases, encryption time interval increases. Because when tables from Table 5.1. to Table 5.16. are investigated, it can be concluded that while the increment rate of encryption time interval approximately equals to increment rate of the retrieved data size, increment rate of the journey time interval is less than increment rate of the retrieved data size. This is because of the fact that the time formed with serilization, class loading and data carrying. When only data carrying increases, increment rate of the journey time becomes less than increment rate of the retrieved data size. For example from tables Table 5.1 and Table 5.2, when retrieved data size is increased from 500 Kbytes to 750 Kbytes for 5 clients encryption time interval increases 1.5 times, on the other hand journey time interval increases 1.1 times. 6.3. Encryption Algorithms and Key Sizes Each figure from Figure 5.1 to Figure 5.6 represents how the encryption systems affect the general agent system when different encryption algorithms are used with different key sizes. From the figures it is clear that OKGS with ElGamal algorithm has the biggest ratio when it is compared aganist OKGS with RSA and Diffie-Hellman key exchange system and OKGS with RSA has greater ratio than the Diffie-Hellman key exchange system. On the other hand key size changes should be taken on care while making compration between systems with different encryption algorithms. Figure 5.7. and Figure 5.8. represents the ratio of encryption and key exchange algorithms in the whole encryption system. When these 2 figures investigated, it can be concluded that RSA key generation and encryption has the least ratio in the whole encryption system, ElGamal is the second and Diffie-Hellman has the greatest ratio. As a result of this statement, when key size is increased, the ratio of the Diffie-Hellman Key System is increased more than OKGS.50 REFERENCES 1. Milojicic, D., M. Breugst, I. Busse, J. Campbell, S. Covaci, B. Friedman, K. Kosaka, D. Lange, K. Ono, M. Oshima, C. Tham, S. Virdhagriswaran and J. White, ”MASIF, The OMG Mobile Agent System Interoperability Facility“, Second International Workshop on Mobile Agents 98 (MA'98), Stuttgart-Germany, 9 September- 11 September, 1998. 2. ASDK, Aglets Software Development Kit, IBM, http://www.trl.ibm.co.jp/Aglets/ 3. Andrew, D. B. and B. J. Nelson, ”Implementing Remote Procedure Calls“, ACM Transactions on Computer Systems, Vol. 2, No. 1, pp. 39-54, February 1984. 4. Srinivasan, R., Remote Procedure Call Protocol Specification Version 2, RFC 1831, August 1995. 5. Hartson, H.R., J.C. Castillo, J. Kelso, J. Kamler and W.C. Neale, ”Remote Evaluation: The Network as an Extension of the Usability Laboratory“, Proceedings of CHI'96 Human Factors in Computing Systems, pp. 228-235, 1996. 6. White, J. E., Mobile Agents, Technical Report, General Magic, October 1995. 7. Tardo, J. and L. Valente, ”Mobile Agent Security and Telescript“, Proceedings IEEE Computer Conference 96, Los Alamitos-California, 1996. 8. Jahansen, D., R. V. Renesse and F. B. Schneider, An Introduction to TACOMA Distributed System: Version 1.0, University of Tromso, Technical Report 95-23, 1995. 9. Gray, R. S., ”Agent Tel: A Flexible and Secure Mobile-Agent System“, Proceedings Fourth Annual Tcl/Tk Workshop, 1996.51 10. Kobrick, R., ”Concordia“, Communication of the ACM, Vol. 42, No. 3, pp. 96-97, March 1999. 11. ObjectSpace Inc., ObjectSpace Voyager Core Package Technical Overview, Technical Report, July 1997. 12. Fonseca, S., An Agent-Based Electronic Commerce Marketplace, Ph. D. Thesis, University of California, 2000. 13. Roth, V., ”Content-based image indexing and retrieval with mobile agents“, Proceedings First International Symposium on Agent Systems and Applications, and Third International Symposium on Mobile Agents (ASA/MA '99), pp. 260-261, CA, USA, 1999. 14. Grey, D. J., P. Dunne and R. I. Ferguson, ”A Mobile Agent Architecture for Searching the WWW“, Proceedings Workshop on Agents in Industry, 4th International Conference of Autonomous Agents, Barcelona, June 3rd 2000. 15. Glitho R., E. Olougouna and S. Pierre, ”Mobile Agents and Their Use for Information Retrieval: A Brief Overview and an Elaborate Case Study“, IEEE Network Magazine, Vol. 16, No. 1, pp. 34-41, January/February 2002. 16. Karnouskos, S. and A. Vasilikos, ”Active Electronic E-mail“, Proceedings of the ACM 2002 Symposium on Applied Computing, Madrid-Spain, 2002. 17.Noy, P. and M. Schroeder, ”Mobile Agents for Distributed Processing“, Agents Workshop on Infrastructure for Multi-Agents Systems 2000, pp.263-265, 2000. 18. Johansen, D., ”Mobile Agent Applicability“, Proceedings of the Mobile Agents 1998, Springer- Verlag LNCS series, Stuttgart, 9-11 September, 1998.52 19. Farmer, W. M., J. D. Guttman and V. Swarp, ”Security for Mobile Agents: Issues and Requirements“, Proceedings of 4th European Symposium on Research in Computer Security, pp. 1 18-130, September 1996. 20. Smith, K. D. and R. B. Paranjape, ”Mobile Web Agents for Telemedicine“, 1st International Workshop on Mobile Agents for Telecommunication Applications, Ottawa-Canada, October 6-8, 1999, pp. 405-417, 1999. 21. Lange, D. B., M. Oshima, ”Mobile Agents with Java: The Aglet API“, World Wide Web Journal, Vol. 1, No. 3, pp. 1 1 1-121, 1998. 22. Lange, D. B., M. Oshima, Programming and Deploying Java Mobile Agents with Aglets, Addison- Wesley, Massachusetts, 1998. 23. Karjoth, G., D. Lange and M. Oshima, ”A Security Model For Aglets“, IEEE Internet Computing, Vol. 1, No. 4, pp. 68-77, July- August 1997. 24. Karnik, N., Security in Mobile Agents Systems, Ph.D. Thesis, University of Minnesota, 1998. 25. Gray, R., S. D. Kotz, G. Cybenko and D. Rus, ”D'Agents: Security in a Multiple- Language, Mobile Agent System“, Mobile Agents and Security, Lecture Notes in Computer Science, Springer- Verlag, 1998. 26. Koon, S., Protecting Mobile Agents Against Malicious Hosts, M. S. Thesis, The Chinese University of Hong Kong, 2000. 27. Sameh, A. and D. Fakhry, ”Security in Mobile Agent System“, Proceedings of the 2002 Symposium on Applications and Internet, Nara- Japan, Jaunary 28-01 February 2002, p.4, 2002.53 28. Park, J. Y., D. I. Lee, H. H. Lee and J. G. Park, ”One-Time Key Generation System for Agent Data Protection“, IEICE Transaction on Information and Systems, Vol. E85-D, No. 3, March 2002. 29. Stallings, W., Cryptography and Network Security, Prentice Hall, New Jersey, 1999. 30. ElGamal, T., ”A public key cryptosystem and a signature scheme based on discrete logarithms“, IEEE Transactions on Information Theory, 1985. 31. Diffie, W. and M. E. Hellman, ”New Directions in Cryptography", IEEE Transactions on Information Theory, pp. 644-654, November 1976.

Benzer Tezler

  1. Tez No

    557452

    New lightweight DoS attack mitigation techniques for RPL based IoT networks

    RPL temelli IoT ağları için DoS saldırılarının etkisini azaltacak yeni teknikler

    AHMET ARIŞ

    Doktora

    İngilizce

    İngilizce

    2019

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    PROF. DR. SEMA FATMA OKTUĞ

  2. Tez No

    374697

    Hibrit bir kripto algoritmasının paralelleştirilerek çok çekirdekli işlemcilerin performansının analiz edilmesi

    Analyzing performance of multicore processors by parallelization of a hibrid crypto algorithm

    ECEM İREN

    Yüksek Lisans

    Türkçe

    Türkçe

    2014

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolEge Üniversitesi

    Bilgisayar Mühendisliği Bölümü

    DOÇ. DR. AYLİN KANTARCI

  3. Tez No

    557784

    Blokzincir tabanlı elektronik seçim sistemi modellemesi

    Blockchain based e-voting system modelling

    DOĞA BARIŞ ÇAKMAK

    Yüksek Lisans

    Türkçe

    Türkçe

    2019

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    PROF. DR. ERTUĞRUL KARAÇUHA

  4. Tez No

    444562

    Real time detection of cache-based side-channel attacks using hardware performance counters

    Donanım performans sayacları ıle on-bellek kullanılarak yapılan yan-kanal saldırılarının gercek zamanlı olarak tespıt edılmesı

    MARCO CHIAPPETTA

    Yüksek Lisans

    İngilizce

    İngilizce

    2016

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolSabancı Üniversitesi

    Bilgisayar Bilimleri ve Mühendisliği Ana Bilim Dalı

    Prof. Dr. ERKAY SAVAŞ

    Assist. Prof. Dr. CEMAL YILMAZ

  5. Tez No

    822061

    A study on SIMD parallelization in elliptic curve cryptography

    Eliptik eğri kriptografisinde SIMD paralelizasyonu üzerine bir çalışma

    NURİ FURKAN PALA

    Yüksek Lisans

    İngilizce

    İngilizce

    2023

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolYaşar Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    DR. ÖĞR. ÜYESİ HÜSEYİN HIŞIL

Geri Dön