SITA: Protecting Internet Trade Agents from Malicious Hosts

The role of agents and their potential in the electronic marketplace has been discussed widely, but the issue of mobile agent vulnerability to attack, particularly from malicious hosts, needs further development. This paper describes our Secure Internet Trade Agents (SITA) framework that allows for multiple ‘window shopping’ agents to retrieve results, whilst providing anonymity for the user, and providing a manageable key structure. 1 The Secure Internet Trade Agent (SITA) Framework The SITA model we propose is intended to offer better security for trading with Mobile Agents on the internet, whilst at the same time providing a level of anonymity for purchasers and ‘window shoppers’. It relies on a master agent running on a trusted host that dispatches a series of slave agents to carry out the designated tasks. One advantage offered by mobile agents is support for concurrent job processing. Thus, a task can be separated into several sub-tasks that can be delegated to several “slave” agents, each of which can execute the task in parallel. We use a layered approach to agent initiation, with one superior agent taking control of the task and dispatching child agents, to give improved security. Since the slave agent is sent to one specific shop server only, the control flow of the code is eliminated (i.e., no comparison is done on that server) and agent itinerary modification is avoided. This allows for confidentiality of the slave agent to be achieved by partial encryption of the agent’s components — namely the agent data. Using this mechanism, an agent protects data that must be used at a particular site by encrypting that data with the site’s public-key. In this way, the data is accessible only when the agent reaches the intended execution environment. We divide the process of inquiring and purchasing in the electronic marketplace into seven stages — ITA (Internet Trade Agent) initialization, ITA migration, directory search, product information inquiry, negotiation, evaluation, and purchase and delivery. Fig. 1 shows a simple architecture of an electronic market with secure mobile agents that also makes provision for anonymity. 174 Mark Perry and Qin Zhang Fig. 1. Secure trade agents in the electronic market 1) The user creates an ITA and specifies the name of an item and purchase conditions he/she wants to purchase and delegates this task to an ITA. 2) The user sends the instructed agent to an Agent Trade Centre (ATC), which separates the agent from its home address. 3) The trade agent queries a directory agent on the ATC and receives a list of destinations it should visit (for example, ‘ask for all addresses of servers that provide airline tickets’). 4) The trade agent sits on the ATC as a static agent, dispatches one child mobile agent to each destination server using concurrent parallel scheme. 5) The child agent migrates to a market server where it negotiates with the market server and collects offer and reports to the parent agent. 6) The trade agent is responsible for evaluation of the collected offers. It can, after it has finished its task, send a message (by email or mobile phone call or pager) back to its user, giving evaluated result. Alternatively, it queries the database of the ATC for a home address and dispatches a result back to the user with the best offer. 7) The user reviews the offer found by the ITA. If the offer is reasonable, he/she contacts the best-offer server, does the transaction under the terms of the specific signed offer. Eventually, the user receives the purchased goods By using this architecture we can make sure that the market servers have no chance of getting any information about the user or about other servers that have serviced such requests. In the case of traditional pseudonyms a trusted third party signs the pseudonyms and thus ensures that in case of need it can identify the user. In our architecture the ATC could do this job, because it is able to identify the user, register the user and ITA together with their home addresses. The ATC can digitally sign the mobile agent and thereby guarantee the trustworthiness of the agents. On the other hand, the agent is ensured and guaranteed by the user who also provides the ATC with her certified personalities (e.g., digital certificates). For the security of the mobile agents in this system, the ATC can also take the place of the trusted server in one of the trust approaches. The purchasing stage can then be executed over the net between the ATC and the appropriate market server by using secure electronic payment system, such as Secure Electronic Transaction (SET) [1]. SITA: Protecting Internet Trade Agents from Malicious Hosts 175