Secure communication for electronic business applications in mobile agent networks Secure communication for electronic business applications in mobile agent networks Woei-Jiunn Tsaur Department of Information Management, Da-Yeh University, Changhua 515, Taiwan a r t i c l e i n f o Keywords: Mobile agent Electronic business applications Smart card Proxy signature Network security a b s t r a c t The mobile agent plays an increasingly important role in electronic business applications, because it can provide the essential properties of personalization, automation and intelligence, etc. This paper proposes several appropriate security schemes for protecting mobile agent networks in electronic business appli- cations. As far as mobile agent security is concerned, we develop a proxy signature scheme for protecting mobile agents against malicious agent hosts. The proposed proxy signature scheme can protect users’ pri- vate keys stored in smart cards, and provide the fairness of contracts signed by agents. In addition, we also design a proxy authenticated encryption scheme so that the signature of the contracts will satisfy users’ constraints, and the non-repudiation of servers can be achieved. On the other hand, as far as agent host security is concerned, we apply the idea of proxy signature to construct an authentication scheme for protecting agent hosts. This scheme is to achieve the requirements of authentication and authoriza- tion. Furthermore, we also implement the proposed security schemes to achieve security requirements of confidentiality, integrity, authenticity, and non-repudiation for protecting Linux-based mobile agents and hosts in an electronic auction application. Hence, we affirm that the proposed security schemes are suit- able for practical electronic business applications in mobile-agent-based network environments. � 2011 Elsevier Ltd. All rights reserved. 1. Introduction In recent years, there are many business applications based on mobile agent on a variety of networks (Benouhiba & Nigro, 2006; Kang, Lee, & Choi, 2008; Kim, Kwon, & Kwak, 2010; Park, Kang, & Kim, 2006; Wu et al., 2010; Yun, Lee, Yu, & Choi, 2009). The agents of the business applications usually provide personalization, auto- mation and intelligence, etc. However, it also results in many secu- rity threats such as stealing data from hosts by agents and tampering constraints of agents by hosts. For instance, when a mo- bile agent carrying a user’s private key roams among servers on the Internet, the agent may find a bid satisfies the user’s constraints, and then sign the bid (Chess et al., 1995; White, 1994). However, users will not wish to equip agents with their private signature keys when the agents may execute on untrusted agent hosts (Maes, Guttman, & Moukas, 1999; Sander & Tschudin, 1998; Takeda, Iino, & Nishida, 1995). On the other hand, a problem specific to mobile agents is the protection of the agent platforms running the agents. A hostile agent can destroy the hard drive, steal data, or do all sorts of undesirable operations to agent platforms. In this paper we will develop efficient security schemes based on cryptographic solutions (Mambo, Usuda, & Okamoto, 1996; Sander & Tschudin, 1998) for prevention of both agents and hosts tampering. This paper develops a proxy signature scheme and a proxy authenticated encryption scheme for protecting mobile agents against malicious agent hosts using the proposed ECC-based self- certified public key cryptosystem. The proposed proxy signature scheme can protect users’ private keys stored in smart cards, and provide the fairness of contracts signed by agents. The proposed cryptosystem is constructed using the ECC, and it also integrates the identity-based public key cryptosystem with the self-certified public key cryptosystem (Girault, 1992; Petersen & Horster, 1997; Saeednia, 1997, 2003) to provide higher security strength. Furthermore, based on the proposed cryptosystem, we employ the proposed proxy signature scheme to further design a proxy authenticated encryption scheme so that the signature of the con- tracts will satisfy users’ constraints, and the non-repudiation of servers can be achieved. In summary, these proposed schemes are able to accomplish the security requirements of confidentiality, integrity, authenticity, and non-repudiation for protecting mobile agents in electronic business applications. On the other hand, this paper also presents an authentication scheme for protecting mo- bile agent hosts against unauthorized mobile agents. In such a scheme, a mobile agent can register once to the system authority for several services in the mobile-agent-based networks. Finally, we implement the proposed security schemes for protecting Li- nux-based mobile agent networks in an electronic auction application. 0957-4174/$ - see front matter � 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.eswa.2011.07.105 E-mail address: wjtsaur@yahoo.com.tw Expert Systems with Applications 39 (2012) 1046–1054 Contents lists available at ScienceDirect Expert Systems with Applications j o u r n a l h o m e p a g e : w w w . e l s e v i e r . c o m / l o c a t e / e s w a http://dx.doi.org/10.1016/j.eswa.2011.07.105 mailto:wjtsaur@yahoo.com.tw http://dx.doi.org/10.1016/j.eswa.2011.07.105 http://www.sciencedirect.com/science/journal/09574174 http://www.elsevier.com/locate/eswa The rest of this paper is organized as follows. In Section 2, we briefly describe the elliptic curve cryptosystems. Section 3 first develops an efficient public key cryptosystems, and then several security schemes constructed using it are designed for protecting mobile-agent-based electronic business applications. In Section 4, security analyses about attacks on the proposed schemes consoli- date the feasibility of the schemes. Performance evaluation of the proposed schemes, which is measured by the required computa- tional effort and communicational cost, is given in Section 5. In Section 6, we present the implementation of the proposed schemes on an electronic auction application. Finally, some concluding re- marks are presented in Section 7. 2. Elliptic curve cryptosystems (ECC) Assume that P is a point with order n on an elliptic curve E: y2 = x3 + ax + b (mod p), where 4a3 + 27b2 – 0 (mod p), and Q is some other point on the same curve. Let P = (xP, yP), Q = (xQ, yQ), and P + Q = R = (xR, yR). If xP – xQ, set k ¼ yQ�yP xQ�xP ; if xP = xQ, set k ¼ 3x 2 P þa 2yP . Then the point R = (xR, yR) can be defined by using the fol- lowing formulae: xR ¼ k2 � xP � xQ yR ¼ðxP � xRÞk � yP In ECC, the elliptic curve discrete logarithm problem (ECDLP) is to determine an integer x (0 6 x 6 n � 1) such that Q = x � P if such an x exists. As long as n and p are large enough, it is computationally intractable to find x with knowing E, Q, and P. Koblitz (1987) and Miller (1986) implemented this characteristic to elliptic curve cryp- tosystems. We need 1024-bit keys when using modular exponenti- ation schemes, like RSA or ElGamal cryptosystems, but we can get the same security level only using 160 bits in ECC. In addition, RSA needs to generate Ni = pi � qi for each user, respectively; however, ECC generates only fixed public information stored at SA, and can afterwards uses it repeatedly. Therefore, the storage cost required by ECC is less than that required by RSA. 3. Security schemes for protecting mobile agent networks In this section, we first develop an efficient public key crypto- systems, and then several security schemes constructed using it are designed for protecting mobile-agent-based electronic busi- ness applications. 3.1. Initialization The entities in the system are a system authority (SA), users (Ui), hosts (Hi), and mobile agents (MA) generated by specific users. We assume that SA is responsible for key generation and user registra- tion. We then define the notations used in the proposed schemes as follows: � p: a field size, where p is typically either an odd prime or a power of 2 in general applications, and its length is about 160 bits. � An elliptic curve E over Fp: E: y2 = x3 + ax + b, where the two field elements a, b 2 Fp and 4a3 + 27b2 – 0 (mod p), and all the points (x, y), x 2 Fp, y 2 Fp, on E form the set of E(Fp) containing a point O called the point at infinity. � B: a base point of order n over E(Fp), where n is a large prime (160 bits) and the number of Fp-rational points on E, denoted by # E(Fp), is divisible by n. � sSA: SA’s private key, where sSA 2 [2, n � 2]. � PSA: SA’s public key, where PSA = sSA � B (‘‘�’’ means the multiplica- tion of a number and an elliptic curve point.). � h( ): a one-way hash function that accepts a variable length input and produces a fixed length output value j, where j 2 [2, n � 2] and its length is 160 bits. The one-way hash func- tion h( ) should satisfy the properties (Harn, 1994) that given h(x), it is computationally infeasible to find x0 – x such that h(x0) = h(x), meanwhile, h(x0) – h(x) if and only if x0 – x. � X(P): output the x-coordinate of point P. After that, SA publishes E, B, p, n, PSA and h, while keeping sSA secret. 3.2. The proposed public key cryptosystems The operations of the proposed public key cryptosystems are di- vided into two phases: the system setup phase and the key gener- ation phase. 3.2.1. The system setup phase SA creates a system public key and some public parameters in this phase, and then SA releases these parameters. SA randomly chooses a numbersSA and keeps it secret. Then SA computes the system public key PSA ¼ sSA � B 3.2.2. The key generation phase User Ui and host Hi perform the following steps to register to SA, and obtain the corresponding public key, respectively. They also compute their private keys in this phase. Step 1. Ui and Hi execute the following tasks, respectively: (1-1) Select an identity information, denoted by Ii. (1-2) Randomly choose an integer xi 2 [2, n � 2] as the master key. (1-3) Compute Zi = h(xikIi) � B (1-4) Submit {Ii, Zi} to SA. Step 2. SA executes the following tasks for Ui and Hi, respectively: (2-1) Randomly choose a time-variant integer ki 2 [2, n � 2]. (2-2) Compute a public key Pi and its witness wi, where Pi ¼ Zi þðki � hðIiÞÞ � B ¼ðPix; PiyÞ wi ¼ ki þ sSA � ðPix þ hðIiÞÞ ðmod nÞ (2-3) Return {Pi, wi} to Ui and Hi, respectively. Step 3. Ui and Hi then execute the following tasks, respectively: (3-1) Calculate their own private keys as si ¼ wi þ hðxikIiÞ ðmod nÞ (3-2) Verify the authenticity of Pi by testing if si � B ¼ Pi þ hðIiÞ � B þ½ðPix þ hðIiÞÞ mod n� � PSA ð1Þ If the verification result of Eq. (1) is correct, then the partici- pant’s public key is Pi and the corresponding private key is si; otherwise, it means that the public key Pi is altered in the transmission. For the consideration of security, the private key si is stored in a smart card for subsequent electronic business applications. In the following, we show that the private key si and the corre- sponding public key Pi satisfy Eq. (1). Theorem 1. User Ui and host Hi can utilize Eq. (1) to verify his/her public key Pi by himself/herself. W.-J. Tsaur / Expert Systems with Applications 39 (2012) 1046–1054 1047 https://isiarticles.com/article/3791