TY - BOOK
T1 - Secure auction for mobile agents
AU - Wallin, Arto
N1 - Project code: E1SU00357
PY - 2004
Y1 - 2004
N2 - In this work, a secure auction place for mobile agents
has been developed and implemented. In the implemented
auction application, software agents are able to bid on
different products independently without user
intervention in a secure manner. For implementation,
quality requirements for mobile agent systems were
studied. By defining the possible threats that a mobile
agent system may face, a set of protection mechanisms
were selected to build a security architecture that was
used in protecting the agent system. The agent platform
and the agents were designed based on the security
architecture and the implementation was carried out using
Java. Finally, in order to provide proof about the
robustness of the implemented system, it was tested using
a mini-simulation method.
As a result of the implementation, the communication
security for transferring a mobile agent between nodes
could be provided effectively by using traditional
security mechanisms. However, the distribution of keys
and certificates is required to be done manually so that
the counterparts of the auction events can trust each
other, which on the other hand, causes scalability
problems. As a difference to most other agent platforms,
the type of agent mobility was more restricted and code
mobility was not used. For this reason, the security of
the agent platform could be provided better. However,
restrictions that had to be made to the system were quite
big resulting in a decrease in the agent system's ability
to adapt dynamically.
In summary, there are still a few problems that have to
be overcome before the time is ready for large-scale
mobile agent auctions. In particular, the security of the
mobile agent residing on a remote platform has to be
guaranteed without the assumption of trusted platforms.
AB - In this work, a secure auction place for mobile agents
has been developed and implemented. In the implemented
auction application, software agents are able to bid on
different products independently without user
intervention in a secure manner. For implementation,
quality requirements for mobile agent systems were
studied. By defining the possible threats that a mobile
agent system may face, a set of protection mechanisms
were selected to build a security architecture that was
used in protecting the agent system. The agent platform
and the agents were designed based on the security
architecture and the implementation was carried out using
Java. Finally, in order to provide proof about the
robustness of the implemented system, it was tested using
a mini-simulation method.
As a result of the implementation, the communication
security for transferring a mobile agent between nodes
could be provided effectively by using traditional
security mechanisms. However, the distribution of keys
and certificates is required to be done manually so that
the counterparts of the auction events can trust each
other, which on the other hand, causes scalability
problems. As a difference to most other agent platforms,
the type of agent mobility was more restricted and code
mobility was not used. For this reason, the security of
the agent platform could be provided better. However,
restrictions that had to be made to the system were quite
big resulting in a decrease in the agent system's ability
to adapt dynamically.
In summary, there are still a few problems that have to
be overcome before the time is ready for large-scale
mobile agent auctions. In particular, the security of the
mobile agent residing on a remote platform has to be
guaranteed without the assumption of trusted platforms.
KW - multi-agent systems
KW - mobile agent systems
KW - security architecture
KW - robustness
KW - security threats
KW - protection
M3 - Book (author)
SN - 951-38-6394-8
T3 - VTT Publications
BT - Secure auction for mobile agents
PB - VTT Technical Research Centre of Finland
CY - Espoo
ER -