Towards a Secure Agent Society

Towards a Secure Agent Society

Towards A Secure Agent So ciety Qi He Katia Sycara The Rob otics Institute The Rob otics Institute Carnegie Mellon University Carnegie Mellon University Pittsburgh, PA 15213, U.S.A. Pittsburgh, PA 15213, U.S.A [email protected] [email protected] March 23, 1998 Abstract We present a general view of what a \secure agent so ciety" should b e and howtode- velop it rather than fo cus on any sp eci c details or particular agent-based application . We b elieve that the main e ort to achieve security in agent so cieties consists of the following three asp ects:1 agent authentication mechanisms that form the secure so ciety's foundation, 2 a security architecture design within an agent that enables security p olicy making, se- curity proto col generation and security op eration execution, and 3 the extension of agent communication languages for agent secure communication and trust management. In this pap er, all of the three main asp ects are systematically discussed for agent security based on an overall understanding of mo dern cryptographic technology. One purp ose of the pap er is to give some answers to those questions resulting from absence of a complete picture. Area: Software Agents Keywords: security, agent architecture, agent-based public key infrastructure PKI, public key cryptosystem PKCS, con dentiality, authentication, integrity, nonrepudiation. 1 1 Intro duction If you are going to design and develop a software agent-based real application system for elec- tronic commerce, you would immediately learn that there exists no such secure communication between agents, which is assumed by most agent mo del designers. In fact, software agents, as primarily human-delegated software entities, would face almost all the risk and security threats, whichhuman b eing have to face[1],esp ecially in commercial activities. 1.1 Security mechanisms Security risks are various. In addition to providing con dentiality for data communication b e- tween agents, it is also very imp ortant for agent designers and develop ers to take the following three basic security mechanisms into account: 1. Authentication: the mechanism that makes it p ossible for an agent to ascertain an origin of a received message; with the mechanism, an intruder should not b e able to masquerade as someone else. For example, for a site or a no de on the Internet, this mechanism makes it p ossible to verify the identi cation of a visiting mobile agent. 2. Integrity: the mechanism that makes it p ossible for agents to verify that a received message has not b een mo di ed in transit; with the mechanism, an intruder should not b e able to substitute a false message for a legitimate one. The mechanism also makes it p ossible for a site or no de on the Internet to verify that for instance, a legitimate mobile agent has not b e mo di ed in transit. 3. Nonrepudiation: the mechanism that makes an agent who sent a message not b e able to falsely deny later that it sent the message. The mechanism may also make it imp ossible for anyone else to replay the message later. To construct and use these security mechanisms itself is very crucial part in designing/planning pro cedure of commercial activities for agents. 1.2 Agent and Mo dern Cryptography The ground breaking development of mo dern cryptography has b een meeting the demand of securityofvarious applications over op en network: Conceptually, the op enness of mo dern cryp- tosystems, b oth symmetrical cryptosystem such as DES[2], IDEA[3], and asymmetric cryptosys- tem, such as RSA[4], lays a shared foundation of security op erations of agents across the Internet. Technically, some security standard software packages and APIs are under development, and they could b e available in very near future[6][7]. Those achievements, like the achievements in AI, are rip e to b e adopted in development of agent applications. Agents, as primarily human-delegated software, could b ecome the primary area for us to practice mo dern cryptographic technology b ecause: 1. Software agents are playing increasingly active and bigger role in electronic commerce. To b e adopted into soft agent developmentwould b e the direction for mo dern cryptography to fully demonstrate its p otential signi cant function in electronic commerce. 2. Execution of most security proto cols would b e big burden for end-user, however, it could b e done fairly easily by autonomous software, agents. 2 RETSINA[8], an intelligentmulti-agent pro ject at Carnegie Mellon University, is developing a general architecture of agents which can communicate with agent communication language, such as KQML[9] and work together co op eratively by applying DAI theory and technology. The multi-agent system is exp ected to b e employed in various agent-based applications over the In- ternet, particularly in electronic commerce. Because of the imp ortance and feasibility of security mentioned ab ove, security mechanisms and functionality are considered as one of the basic fea- tures in our design[10]. At same time, we recognize that to achieve agent security, it is necessary to establish trust relationship among agent so cieties and an agent-based public key infrastructure is under construction[11]. In this pap er, we systematically and comprehensively intro duce our metho dology and design of trust establishment, internal security functional mo dule structure of agent, as well as an exten- sion of agent communication language to achieve security of agent and agent so ciety for general agent-based applications. The remainder of the pap er is organized as follows: Section 2, will intro duce our work on establishment of trust for security agent so cieties, which will lay, in a b ottom up fashion, a au- thentication foundation for agent security. This is security infrastructure for secure environment of agent. In section 3, we will intro duce the basic metho dology, a three-level partition for agent securityinvolving security p olicy making, security proto col generation and security op eration execution, as well as the security architecture within an agent. In section 4, we will intro duce an extension of agent communication language for agent secure communication and trust man- agement. In section 5, we will discuss some limitations and op en problems. Since our work, unlike other pap ers[12][13], fo cuses on general reusable software agent architec- ture,we are not going to fo cus on any sp eci c application pro ject or on a particular asp ect. 2 AgentTrust Infrastructure Authentication, integrity, nonrepudiation are fundamental parts of mo dern cryptography.We use those mechanisms through out our daily life, when we sign our name to some do cument for instance, and as wemovetoa world where our decisions and agreements are communicated elec- 1 tronically,we need to replicate these pro cedures . A great advantage of public key cryptography is that it provides mechanisms for such pro cedures in very ecientway[14]. 2.1 PKI: Public Key Infrastructure Whenever we, however, use a public key to encrypt a message or to verify the authenticity digital signature of a message, wemust ensure that the public key we are using is valid and it b elongs to the claimant rather than anyone else. This issue known as the public key integrity problem vitally determines the whole security of communication, including conducting transactions over the Internet. The current state-of-the art solution is to establish in a hierarchical manner a system to is- sue public key certi cates, in which the principal's public key probably as well as some other information is included and signed by an authority, and the authoritymay hold a certi cate issued by a sup er authority, and so on up the hierarchy. This system is the so called public key 1 Obviously,ifwe exp ect to delegate agents to do job for us, wemust incorp orate the corresp onding security mechanisms into agent design and development. 3 Hierarchy 1 Hierarchy 2 Hierarchy 3 application agent Figure 2.1 Multiple Hierarchies across a agent. certi cate management infrastructure, or PKI Public Key Infrastructure[15 ]. It is worth p ointing out that although several PKI implementations are currently evolving such as IETF's PKIxPublic-Key Infrastructure,X.509[16], PKCSPublic Key Crypto System[17], PGPPretty Go o d Privacy[18], SPKISimple Public Key Infrastructure[19 ], SDSISimple Dis- tributed Security Infrastructure[20 ],etc., there is no single PKI implementation nor even a single agreed-up on standard for setting up a PKI. Even those implementations that are based on the same standard X.509 recommendation[16] are still incompatible with each other b ecause of indep endentinterpretations in their actual implementations[21] [22]. Further more, security proto cols, op erations and inter-op erations b etween principals agents, as well as public key management are really dicult for the ordinary end-users to handle. Those routines themselves should b e autonomously and co op eratively p erformed by programs running on the Internet so that the workload of the users can b e lessened. 2.2 Security Agent: Agent-Based/Oriented PKI To exploit public key cryptography for agent security,itwould b e unavoidable for us to consider construction of agent-oriented PKI, which is exp ected not only to b e suitable for agent-based applications[11], but also can take advantages of autonomous agent to facilitates inter-op erability and exibility. Unlike the traditional way of PKI implementation, our PKI implements the authorities of au- thentication veri cation service systems as autonomous software agents, called security agents, instead of building a static monolithic hierarchy.Formats of certi cates for various applications can b e p ersonalized by the users or sp eci c applications.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    12 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us