Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

20 74-1-pb

454 views

Published on

Published in: Technology
  • Be the first to comment

20 74-1-pb

  1. 1. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 2, April 2012 Light wieght Authentication System and resource Monitoirng using MAS Abhilasha Sharma Rajdeep Singh Jitendra S RathoreRKDF Institute of Science Tech. RKDF Institute of Science Tech. Technocrats Institute of Tech Bhopal, India Bhopal, India Bhopal, IndiaAbstract— Application, resource and Network supervision and Management of network and other resources is atrust management is a significant issue due to today’s speedily distributed activity by nature follows the widely used client-development of computer and communication environment server model [1]. The well known developed applicationspecially in Local Area Network (LAN).Client-server based protocol is Simple Network Management Protocol (SNMP)network management approach suffer from problems such [4]. Most of the essential functions of network and otheras insufficient scalability, interoperability, reliability, and resources management are well realized in this client-flexibility, as networks become more geographically server model, and the network entities with limiteddistributed [1]. Another big issue is trust management. RSA, computation power follow SNMP’s philosophy of simpleDES and Kerberos is another good methods to achieve and passive agent structures. However, this approach hasauthentication but require but high computation is a big dealfor LAN, another issue is availability. In this paper, we have several technical confines like scalability, reliability,proposed a new (novel) light weight approach for resource and performance degradation, and more complicated as well astrust management using the concept of Multi agent system. networks are expanding and more distributed [5].Proposed method used the concept of certificate authority (AS Distributed management with authorization is anotherof Kerberos) for authenticating the users in LAN or peer to alternate to centralized management. In distributedpeer network. Availability and minimum delay are the key management system there must be authenticate applicationsfactor of any authentication scheme, in this paper we proposed that concurrently worked as managing as well as manageda fresh new concept for authenticity and supervision of agents (or hosts to agents). The distributed managementresources. Our Mobile agent based solution will work same as architecture was developed to trim down the centralizedKerberos with better throughput and with high availability management system computation yoke at the managingdue to distributed and roaming features of MAS system. entity, to reduce and localize the network traffic byProposed method provides good solution for trust management decreasing overhead due to polling[6].as well as supervision for network resource and application. Efficient distributed management architecture must dealWe have used SPADE for development of MAS. with the reliability, flexibility, consistency, and scalability [7].Managing of public and private keys in a largeKeywords-Authentication, kerberos ,MAS ,Resource organization is a big challenge. Software agents can be anmanagement, SPADE adaptive and reactive method for administration and authenticate users trying to connect to network resources. I. INTRODUCTION The advantages are that the agents can query multiple Application, resource and Network supervision is a information sources to select the level of trust to entrust to asignificant issue due to today’s speedily development of user [8].The task of validating legitimate users overcomputer and communication environment. Client-server distributed network and services remains a tricky practicebased network management approach suffer from [9].problems such as insufficient scalability, interoperability, Due to recent advances in web services, Quality ofreliability, and flexibility as networks become more Service (QoS) becomes a key factor [2] to distinguish servicegeographically distributed [1]. A framework for an providers. Since current web service and technologiesintelligent Multi Agents System (MAS) architecture is standards are ill with of QoS. Software agents have beenproposed using agents to achieve distributed management. recognized as a promising technology for organizingThe policies that govern the mobile agents’ operation are network and web services. Using FIPA [3] compliant Multispecified by the management entity. The MAS Agents we were able to propose a Multi Agents based webarchitecture diminish the complexity of management service QoS Management Architecture.(application, resource or network) at the managing entity In this paper we have give the solution of two problemsby entrusting part of the management responsibility to first one is authentication of the users to use network servicesthe managed network entities. Adding mobility and and second is the supervision and management of networkintelligence to an agent provides many advantages such resources. Our proposed scheme used the core concept ofas extensibility and portability. The intelligence of mobile Multi Agent System (MAS). For developing of agents weagents helped to make dynamic decisions. have used the Smart Python Based Agent Development 45 All Rights Reserved © 2012 IJARCSEE
  2. 2. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 2, April 2012Environment (SPADE) [10] version 2 on UBUNTU 11.10  Tickets come from the TGS (except the ticket forenvironment. the TGS!). Rest of the paper organized as follow, section 2 give the  Workstations cannot understand tickets; they arebrief overview of basic terminology and background to encrypted using the server key.understands idea clearly , section 3 insight on related work of  Every ticket has an associated session key.authentication and resource supervision in distributedenvironment, section 4 discuss the proposed method and  Tickets are reusable.finally section 5 conclude the paper.  Tickets have a finite lifetime.  Authenticators are only used once (new connection II. BASIC TERMINOLOGY AND BACKGROUND to a server).  Authenticators expire fast.A. Authentication  Server maintains list of authenticators (preventAuthentication ensures that the identity of particular cannot stolen authenticators).be ambiguated or misrepresented. In addition, interactions b) Ticket Contents:between entities maybe anonymous and still require that the  Client name (user login name)participants be authenticated; some information about the  Server nameentity is known and is adequate for interaction [11].Authentication is the method allows users (sender or  Client Host network addressreceiver) of in sequence to validation. If the  Session Key for Client/Servercommunications party has not validated each other, there is  Ticket lifetimeno faith in the activities supplied by either party. Lots of  Creation timestampresearch based on Authentication have been used some of Primer designer of Kerberos was Steve Miller and Cliffordthem are highly complex and secure methods or a simplest Neuman.one. The simplest form of authentication is the transmission C. Multi Agent System (MAS)of a shared password between entities wishing toauthenticate each other. Agent-based computing permits proficient utilization ofFollowing factor affect the authentication- resources and amortizes communication delay in a1. What you know – password. distributed environment. In a dynamically and2. What you have – Smart card or token. heterogeneous environment like the Internet, no3. What you are – Fingerprint, handprint, retina assumptions can be made about execution environments ofpattern, voice and keystroke pattern etc. agents [11].Network authentication used authentication protocol like, Agents have many characteristics like [18]; they are social,digital signature, username/password and smart card. Some mobility and migration. Interested readers will refer Russellwell known authentication protocols are Kerberos, CHAP and Norvig [19] for agent characteristics. Agentsand Microsoft CHAP. communicate with other agents through message passingAuthentication is one of the major concerns of information KQML [20] and FIPA-ACL [21] is two well knownsecurity especially in distributed environments [12]. languages used agents for communication. Agents alsoMarcel Waldvogel [13], address the necessity of additional negotiate with other agents this process called”searching forfeatures for distributed environment: Quality of Service and an agreement” [22]. The function that maps input to anresource reservation issues [14] [15]. Reliable transmission agent act is called Agent Function or Behavior Agentof data and concurrency oath is usually measured to be Architecture [19]. Many different multi-agent frameworksapplication-specific, if overhead is to be minimal [16], [17]. have been proposed [23], [24], [25], [26], [27].But currently the prerequisite of confidentiality and D. SPADEauthenticity for group members is still missing. Existing Simply put, SPADE[10] is an agent platform based on themethods often necessitate human intervention (manual XMPP/Jabber technology. This technology offers by itselfkeying is common), or limit the dynamics provided by many features and facilities that ease the construction ofmulticasting and required by many applications. MAS, such as an existing communication channel, theB. Kerberos concepts of users (agents) and servers (platforms) and anKerberos is used as an authentication protocol, allows extensible communication protocol based on XML, just likecommunication between hosts over non-secure networks. It FIPA-ACL. Many other agent platforms exist, but SPADEused client-server model. Kerberos used mutual is the first to base its roots on the XMPP [28] technology.authentication. Client and server identify each other. The SPADE Agent Platform does not require (but strongly recommends) the operation of agents made with the SPADE a) Kerberos method perform following steps for Agent Library (see next section). The platform itself usesauthentication- the library to empower its internals, but aside from that, you  Every service request needs a ticket. can develop your own agents in the programming language 46 All Rights Reserved © 2012 IJARCSEE
  3. 3. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 2, April 2012of your choice and use them with SPADE. The only architecture provides a number of security services with therequirement those agents must fulfill is to be able to goal of automating the process of user authentication andcommunicate through the XMPP protocol [28]. The FIPA- trust management. In particular, the agents handle allACL messages will be embedded in XMPP messages. Be password, encryption keys and certificate management [9].warned, however, that some features of the whole SPADE Our proposed prototype agent architecture offer twoexperience may not be available if you do not use the function first one is Light weight solution to theSPADE Agent Library to build your agents. authentication problem and second objective is monitoringSPADE is written in the Python programming language. In and supervision of network resource and applications.order to fully understand and use SPADE, a bit of We are using SPADE [10] as our multi-agent framework, aknowledge about Python is required. XMPP [28] server is the foundation for our communication and provide interface to agents. Each area of monitoring III. RELATED WORK should have one or more agent which will decide what to do Marcel Waldvogel [29], address the necessity of with the information receive like: communicate to theadditional features for distributed environment: Quality of customer, negotiate with others and check whichService and resource reservation issues [30] [31]. Reliable information is valid and correct.transmission of data and concurrency oath is usually The SPADE framework acts as a XMPP server and wheremeasured to be application-specific, if overhead is to be all agents connect to and are responsible to manageminimal [32], [33]. But currently the prerequisite of communication through XMPP protocol.confidentiality and authenticity for group members is still Our proposed method has divided into two sections, first ismissing. Existing methods often necessitate human Authentication of users using MAS and second isintervention (manual keying is common), or limit the supervision and management of resources.dynamics provided by multicasting and required by manyapplications. A. Authentication With the rapid growth and development of Computer Our main key agenda for proposed work is its simplicity.Networks, avail services located from remote places is easy. This is very new concept we are going to proposed in theSometimes these services use the personal data of users like field of cryptography. Our first work is, to test on PEER TOon-line account passwords while doing on-line transactions, PEER network, then for Internet afterward in wirelessthus need of security become prime importance. To providequicker and safe communication services to users, various environment.authentication protocols which offer both, authorization and In this paper, we will expand the idea from CA (Certificateauthentication and integrity and secrecy of messages have Authority) and KDC of Kerberos with Mobile agent Systembeen utilized. Authentication protocols are good security (MAS) for doing same (Key exchange for authentication).mechanism whereby each party is assured its identity to one Key distribution is the major function of cryptography; weanother. One of such well known authentication protocol used the concept of Mobile agent for efficient keywhich is commonly used is Kerberos. Kerberos was management. Agents have mobility property that allows andeveloped in the Athena Project at the Massachusetts agent to move and migrate from one host to another on aInstitute of Technology (MIT) [1], is a network network. Mobility is the core concept we are using for keyauthentication protocol, which allow communication over a management. In traditional cryptography the function of keynon-secure network using secure manner. It is based on distribution was handle by certification authority (CA) inclient/server model and it provides mutual authentication asymmetric and in case of symmetric, KDC (Key[34]. Distribution Center) was used. Other methods (like DH Kerberos is the most standard single sign-on protocols. Kerberos) of key distribution requires high computation thatPresently Kerberos is widely used for providing security on slow- downs the CPU performance, as well as there isnetworks, but has several potential security vulnerabilities in chances of comprising.it. One of them its require clock synchronization of In this paper we suggested a new and efficient scheme forauthentication code in network; the attacker breach the wall key management using mobile agent. The key idea behindusing replay attack by amending the host time. Other one is this scheme, we have designed agents that reside on a hostguessing of password through the password dictionary due toweak password used by users. Improved Kerberos [35] has and move to network, when any host wants to send messagebeen improved the shortcomings in the previous Kerberos, then request to CA-Agent that stores public and private keybut replay and password attack still remain. pairs for source and destination. After completing, registration (for a new arrival host), and validation process the CA-Agent issues the secret key to that host and he (host) IV. PROPOSED SOLUTION can able to send data securely.Our proposed solution is to use a distributed SPADE [10] For this task, we will design 3 types of agents, Reg-Agentagent-based application to deal with the process of user for registration of users for issuing private and public key.authentication and supervision of user credentials. The agent Second is Valid-Agent that checks authenticity of a user 47 All Rights Reserved © 2012 IJARCSEE
  4. 4. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 2, April 2012(host) and third agent CA-Agent which issues the session access with high availability due MAS features, ourkey for secure communication like SSL. authentication system has light weight because does notAdvantage of this scheme is that, for all type of require high computation.authentication (Registration, verification and Session), wemake different agent that reduces the computation due to V. CONCLUSIONautonomous and social property of agent, and the In this paper we have proposed a light weightprobability of compromising of an agent (CA-Agent) is less. authentication system especially in peer to peer networkIf an agent is destroy or comprising then other agents can using the concept of multi agent system technology. We willeasily identified. This solution also gives high response due implement our scheme using SPADE2 agent tool. It uses theto mobility of an agent. And security is more because an python and XMPP protocol. Primarily results show theagent is an intelligent system, that cam clone itself. satisfactory results as compared to Kerberos. Our methodFigure 1 show the internal architecture of Certificate offers fast solution with high availability.authority agent using SPADE 2. The entire three agents willbe run on SPADE using XMPP protocol. REFERENCES [1] Hosoon Ku, Gottfried W.R. Luderer and Baranitharan Subbiah “An Intelligent Mobile Agent Framework for Distributed Network Management”, Global Telecommunications Conference, GLOBECOM 97, IEEE, 1997. [2] Jaleh Shoshtarian Malak, Mehran Mohsenzadeh and Mir Ali Seyyedi “Multi Agent Based Web Service QoS Management Architecture”, Proceedings of the 14th International CSI Computer Conference (CSICC09),IEEE,2009. [3] Foundation for Intelligent Physical Agents, http://fipa.org/, 2005. [Online; accessed 12-July-2011. [4] J.D. Case, M. Fedor, M.L. Schoffstall and C. Davin: RFC1157 “Simple Network Management protocol (SNMP)”, 1990. Fig. 1 Proposed Authentication system using SPADE [5] C. Sylvia: “The Future with or without SNMP”, LAN ManagementTo test the validity and performance of our agent based 1996.authentication system, we will compare the performance of [6] K. Meyer, M. Erlinger, J. Betser, and C. Sunshine:“Decentralization Control and Intelligence in Networkour proposed system with Kerberos 5, on ubuntu 11.10 Management”, Proceedings of the 4th International Symposium onmachine. Integrated Network Management, CA May 1995. [7] M. Post, C. Shen and J. Wei “The Manager/Agent Paradigm forB. Management and supervision of Resources using MAS Distributed Network Management” IEEE Network Operations andDeveloping a MAS application means follow the standards. Management Symposium, Japan, April, 1996.The SPADE platform was developed in Python language, is [8] Ghanea-Hercock, R. “An agent-based user-authentication system”, Intelligent Systems, IEEE, 2003.FIPA compliant and offers to developers a simple API [9] Ghanea-Hercock, R “Authentication with P2P Agents”, BTwhich can be used to communicate, create conferences Technology Journal, Springer Netherlands, 2003.between agents and even bring out services on a Directory [10] SPADE tool, http://code.google.com/p/spade2/Facilitator (DF). SPADE agents have behaviors like [11] Chandra Krintz “Security in Agent-based Computing environmentsPeriodic, Time Out, Event, Finite State Machine, One Shot Using Existing Tools: A Survey”, cite seer, 1998.and Cyclic by extending default classes to your needs. [12] Punit Mundra, Shobhit Shukla, Madhavi Sharma, Radhika M Pai andFollowing services and supervision performed by our MAS Sanjay Singh “Modeling and Verification of Kerberos Protocol usingbased system- Symbolic Model Verifier”, IEEE, International Conference on Communication Systems and Network Technologies,2011. [13] Marcel Waldvogel, Germano Caronni, Dan Sun, Nathalie Weiler and a) Request a service Bernhard Plattner “The VersaKey Framework: Versatile Group Key Management”, IEEE Journal on Selected Areas In Communications, b) Calculate response-time Vol. 17, No. 9, August 1999. c) Send messages [14] R. Braden, D. Clark, and S. Shenker, “RSVP: A new resource reservation protocol,” IEEE Network, September 1993. d) Register the information [15] W. Feng, D. Kandlur, D. Saha, and K. Shin, “Adaptive packet e) Communicate with its superiors (managers) marking for providing differentiated services in the internet,” in Proceedings of ICNP-98, October 1998. f) Check the log (being serviced used by users) [16] Steve McCanne, “A distributed whiteboard for networkOur proposed method provides the solution to network conferencing,” http://http.cs.Berkeley.edu/management with maintaining authenticity for peer to peer ˜mccanne/unpublished.html, 1992.and distributed environment using the concept of agent [17] M. Handley and J. Crowcroft, “Network text editor (NTE): A scalable shared text editor for the MBone,” in Proceedings of ACMsystem. Our methods requires less computation and fast SIGCOMM ’97, September 1997, pp. 197–208. 48 All Rights Reserved © 2012 IJARCSEE
  5. 5. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 2, April 2012[18] Khan, A.Basit and Mihhail Matskin “AGORA Framework for Service [27] A.H. Sung S. Mukkamala and A. Abraham “Hybrid multi-agent Discovery and Resource Allocation”, IEEE, Fifth International framework for detection of stealthy probes”, Applied Soft Computing Conference on Internet and Web Applications and Services, 2010. Journal, 7(3):631–641, 2007.[19] S.J. Russell and P. Norvig “Artificial intelligence: a modern [28] XMPP Protocol, http://xmpp.org/xmpp-protocols/protocol- approach”, Prentice-Hall, Inc. Upper Saddle River, NJ, USA, 1995. namespaces/[20] T. Finin, R. Fritzson, D. McKay, and R. McEntire. Kqml as an agent [29] Marcel Waldvogel, Germano Caronni, Dan Sun, Nathalie Weiler and communication language. Proceedings of the third international Bernhard Plattner “The VersaKey Framework: Versatile Group Key conference on Information and knowledge management, pages 456– Management”, IEEE Journal on Selected Areas In Communications, 463, 1994. Vol. 17, No. 9, August 1999.[21] FIPA TC Communication. Fipa acl message structure specification. [30] R. Braden, D. Clark, and S. Shenker, “RSVP: A new resource FOUNDATION FOR INTELLIGENT PHYSICAL AGENTS reservation protocol,” IEEE Network, September 1993. retriever from http://fipa.org/repository/standardspecs.html on 01-12- [31] W. Feng, D. Kandlur, D. Saha, and K. Shin, “Adaptive packet 2009, 2003. marking for providing differentiated services in the internet,” in[22] E. Oliveira and A.P.Rocha “Agents advanced features for negotiation Proceedings of ICNP-98, October 1998. in electronic commerce and virtual organisations formation process”, [32] Steve McCanne, “A distributed whiteboard for network Agent Mediated Electronic Commerce: The European Agentlink conferencing,” http://http.cs.Berkeley.edu/ Perspective, 2001. ˜mccanne/unpublished.html, 1992.[23] Y. Luo D. Davis and K. Liu. “A multi-agent framework for stock [33] M. Handley and J. Crowcroft, “Network text editor (NTE): A scalable trading”,School of Computing, Staffordshire University, Stafford shared text editor for the MBone,” in Proceedings of ACM ST18 0DG, UK, Department of Computer Science, University of SIGCOMM ’97, September 1997, pp. 197–208. Hull, HU6 7RX, UK ,2000. [34] Punit Mundra, Shobhit Shukla, Madhavi Sharma, Radhika M Pai and[24] B. Mobasher J. Collins, M.Tsvetovat and M. Gini. Magnet “A multi- Sanjay Singh “Modeling and Verification of Kerberos Protocol using agent contracting system for plan execution”, In Proc. of SIGMAN, Symbolic Model Verifier”, IEEE, International Conference on pages 63–68, 1998. Communication Systems and Network Technologies,2011.[25] A. Pannu K. Sycara, K. Decker. Distributed intelligent agents. 1996. [35] Ghanea-Hercock, R. “An agent-based user-authentication system”,[26] K. SYCARA S. DECKER “Intelligent adaptive information agents”, Intelligent Systems, IEEE, 2003. Journal of Intelligent Information Systems, Volume 9:239–260, November 1997. 49 All Rights Reserved © 2012 IJARCSEE

×