Software agents, as the main body of agent-oriented E-commerce systems, have a great potential for E-commerce applications. Agents can dynamically discover and compose E-services and mediate interactions, which can serve as delegates in order to handle routine tasks, monitor activities, set up contracts, execute business processes, and find the best services [Gri01, GK94, Nwa96]. However, agents are vulnerable to several attacks from the running environment, such as, insecure network, malicious users and malicious hosts, etc. Therefore, the success or failureof this paradigm is connected to the issues whether the mechanisms in agents can protect their security and privacy. Policy-based cryptography, which consists of two cryptographic primitives: policy-based encryption and policy-based signature,was firstly proposed by Bagga and Molva [BM06, BM05]. It has the advantage of addressing the security problems of software agents. We are motivated by the concept of policy-based cryptography [BM06, BM05] and use cryptographic primitives mentioned above to provide security and privacy for agents systems. There are several kinds of software agents, such as mobile agents, multi-agents,intelligent agents and distributed agents. In this thesis, we focus on mobile agents and multi-agents. Mobile agents have the ability of migrating across different execution environments. Due to this property, the security and privacy of mobile agents can be easily compromised when they are traveling on a hostile environment. Therefore, security and privacy are critical to mobile agents applied in E-commerce. There exist several solutions for mobile agent security [ST98b, KBC00, LKK01, ZMZ09], among which the proxy-based model is believed to be a sound solution to provide authentication, where the visiting host of an agent acts as a proxy signer who can sign an offer. However, any host (including a malicious host) could act as the signer to forge valid signatures. To solve this problem, a secure policy-based mobile agent scheme is introduced in this thesis, that is, only the hosts who satisfy the designated policies can generate a valid signature. A security model and a rigorous security proof related to scheme are provided as well. Multi-agent systems are different from mobile agents systems in the way that they do not have the property of mobility. In most of current multi-agent systems, the identity authentication and privacy issues have not drawn adequate attentions. Without the protection mechanism, the secure information exchange channel cannot be provided in multi-agent systems. Policy-based schemes can solve the problem of multi-agents identity authentication and privacy protection. Bagga and Molva[BM06] firstly proposed a concrete policy-based encryption (PBE) scheme. PBE allows entitiesd to encrypt a message with respect to a credential-based policy so that only the entities who are compliant with policy can successfully decrypt the ciphertext. However, the size of ciphertext in [BM06] will increase linearly if the policy set is growing larger. This is a significant issue in a resource limited communication channel. In this thesis, we propose a new policy-based encryption scheme with much smaller ciphertext size and less computational cost. To the best of our knowledge, this is the first time PBE is applied to the multi-agent system, which allows policy-based authenticated communications and provides privacy protection to agents. We define a rigorous security model for multi-agent transaction, which captures the most powerful attacks including adaptive chosen message attacks. The security of our scheme is based on the hardness of ((p, g, F)-GDDHE) problem inthe random oracle model.
History
Year
2011
Thesis type
Masters thesis
Faculty/School
School of Computer Science and Software Engineering
Language
English
Disclaimer
Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.