Validating Medusa a study on the performance and security of a revolutionary approach for survivable trust management

This thesis presents a new approach for enabling highly survivable secure communications within multi agent systems and combines two independent research projects aimed at validating this revolutionary approach. The traditional approach for providing secure communications, however efficient, presents a central point of failure and thus reduced survivability. The Medusa approach covered here, which is the focus of the two research projects, aims to capture the advantages of the traditional approach whilst dealing with its deficiencies. The two research projects covered here are the following: The first project entitled: Simulating the establishment of trust infrastructures in multi-agent systems, presents and simulates a new approach for creating trusted infrastructures within multi agent systems. A bootstrapping protocol initializes a disordered space by turning it into an organized, redundant hierarchical structure, headed by elected security distribution centers with a pool of successors in case of a failure. A simulation was created of the establishment of this hierarchy to judge both the resulting structure and the process of creation in a varying environment. Networks are tested of different scale, type and topology, with different numbers of malicious agents, intent on disrupting the bootstrapping process. The results show the bootstrapping protocols ability to handle the abovementioned constraints. Based on the results some improvements are suggested to improve the bootstrapping protocol further. In the second project entitled: Ascertaining the security of a distributed survivable trust management protocol, the security of a new approach for enabling survivable secure communications in multi agent systems is validated. The security validation of this approach centers around three security properties: confidentiality, integrity and authentication. Requirements for these security properties are defined for every message generated by this security protocol during its life cycle. A logical analysis of these requirements is followed up by a thorough security validation, based on a model-checking CSP/FDR analysis. Both analyses show that with minor modifications the protocol is able to deliver on its security requirements for the three tested security properties. Finally, the protocol is optimized with possible improvements that increase its efficiency whilst maintaining the security requirements. The conclusions of these two research projects are combined to form an overall conclusion regarding the viability of the Medusa concept as a practical solution for survivable secure communications. The enhanced survivability of the Medusa concept is proven in a simulated environment and trade-offs with regards to security, autonomy and trustworthiness are excluded. Although more research is required before …