CN100411361C - Safety structure of all-around protecting mobile proxy network management application - Google Patents
Safety structure of all-around protecting mobile proxy network management application Download PDFInfo
- Publication number
- CN100411361C CN100411361C CNB2006100389636A CN200610038963A CN100411361C CN 100411361 C CN100411361 C CN 100411361C CN B2006100389636 A CNB2006100389636 A CN B2006100389636A CN 200610038963 A CN200610038963 A CN 200610038963A CN 100411361 C CN100411361 C CN 100411361C
- Authority
- CN
- China
- Prior art keywords
- agency
- information
- mobile agent
- behalf
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to a safety structure of all-around protecting mobile proxy network management application, which provides different protecting methods from three different aspects of mobile proxy transmission, the operation host of the mobile proxy and the mobile proxy self. The present invention has an execution flow path that firstly, a user logs in proxy operation environment to create the mobile proxy and allocate rights according to task requirements, then, the proxy migrates according to tasks, the mobile proxy transmission protection is required at this time, and afterwards, the proxy migrates to a destination host to execute the tasks. At this time, a host resource needs to be prevented from being destroyed by malicious proxy, and moreover, the proxy prevents the proxy self from being attacked by a malicious host when the tasks are executed. The method of the present invention carries out protection for the mobile proxy from the whole process of mobile proxy network management operation, thereby, the safety of the mobile proxy network management is guaranteed, the difficulty of the safety protection is reduced, the source use is reduced, the safety flexibility, the configurable performance and the expandability are added, and the safety hidden trouble is reduced greatly.
Description
Technical field
The present invention is the security solution that a kind of distributed computing technology is applied to open network environment.Be mainly used in the safety problem of solution, belong to the interleaving techniques field of computer network, Distributed Calculation and information security based on the network management of mobile agent.
Background technology
Current network management scheme, most network management is calculated and is all finished by Network Management Station.When adopting this mode to carry out network management, management station and caused the significant wastage of the network bandwidth, and this scheme ability of expansion servers side dynamically by information exchanges a large amount of between the management node.Adopt this distributed computing technology of mobile agent can alleviate above deficiency.Mobile agent is a software entity, has certain intelligence and judgement, it can be on the network of isomery according to certain rules migration, seek adequate resources, localization process or use these resources, representative of consumer is finished specific webmaster task.
The mobile agent network management scheme is by the Network Management Station with mobile agent execution environment, formed by management node and three parts of mobile agent of carrying out the webmaster task.Network Management Station generates according to management role and sends mobile agent, handles the result that it returns.Mobile agent by management node migration and collection and treatment information, carries out the webmaster operation at each.Existed mobile agent execution environment, execution environment to accept mobile agent on the management node and assisted its visit local resource.In the mobile agent network management scheme, Network Management Station is sent corresponding mobile to act on behalf of each and is carried out management role by management node; These mobile agents carry relevant information and return management station after each is finished management role by management node, perhaps move to successively and a plurality ofly return management station after being finished corresponding management role respectively by management node, perhaps travel through and all returned management station again by management node.
The mobile agent network management scheme has that offered load is little, strong adaptability, processing real-time advantages of higher.But the fail safe of mobile proxy technology itself and the potential safety hazard that occurs in network management-application have hindered the application and the development of this network management scheme, and current many schemes or framework are only at safety in a certain respect.
The security threat analysis that mobile agent faces in the network management
The safety problem that mobile agent exists can be divided into an aspect: the transmission security problem comprises the safety problem that moves in moving process and the safety problem of control information; Safety problem when the protection problem of host resource, mobile agent are used host resource and Internet resources; Mobile agent is by the safety problem of management node.
1. mobile agent transmission safety problem
When mobile agent moves on the net, its code and data can be subjected to various attack, as eavesdrop, distort, personation etc.The assailant can eavesdrop the sensitive information that mobile agent carries, as the price of rival's newspaper.The assailant can change the information that mobile agent carries, as changing the price of rival's newspaper.Can also change the run time version of mobile agent, make it turn back to subscriber's main station after, do the thing of malice.Because subscriber's main station is believed the mobile agent of oneself, therefore may allow them, directly access resources without access control.If code change, bring very big harm can for mobile agent owner's main frame.
The user who sends mobile agent will control mobile agent, as recalls, kills and provide some information.If the assailant palms off these control informations, all be fatal to mobile agent.
2. by management node host resource protection problem
If a main frame adds mobile proxy system, promptly moved the mobile agent environment.The mobile agent environment will allow the mobile agent program to move on this main frame, make this main frame be subjected to various attack easily like this, as the stealing sensitive information, damage host resource, and take a large amount of resources and make its refusal be other mobile agent services, and anonymous attack etc.The mobile agent of a malice can be stolen security information and data on the main frame, and this information is sent to its owner when mobile agent environment of visit.The mobile agent that has may be deleted system file as virus, or disk format waits and damages host resource.It also can be initiated service-denial and attack---and exhaust system resource disk space, the network port, the inflexible handle of file etc., make this main frame can not serve other mobile agent again.The mobile agent of malice can also be palmed off legal mobile agent, enjoys the right of legal mobile agent.
3. mobile agent is by the safety problem on the management node
When moving to the mobile agent environment of a main frame, it just fully is exposed to this main frame.Although mobile agent moves to this mobile agent environment, itself means has certain trust to this main frame and mobile agent environment.If this main frame is a malice by chance, then mobile agent is with under attack.Malicious host can simply be destroyed mobile agent, makes it can not finish the task that father's application program is given.
Summary of the invention
Technical problem: the security architecture that the objective of the invention is to provide a kind of general protection mobile agent network management application for network management system towards mobile agent; solution is based on safety problem that mobile agent network management occurred; make up a Security Architecture; utilize the transmission of encryption technology to mobile agent; mobile agent operation main frame; and mobile agent self protects, thereby reach the network management process implemented comprehensive safeguard protection.
Technical scheme: method of the present invention is a kind of improvement and comprehensive method; by to based on the improvement of safety precautions that detect, initiatively with comprehensively propose; transmit at mobile agent; mobile agent is to the destruction of host resource; and the safety problem of mobile agent self; propose rational solution, thereby ensured the confidentiality and the reliability of mobile agent and network management information.
This safeguard protection framework comprises that wherein this four-stage is respectively to the four-stage of mobile agent network management system protection and the synchronization mechanism of safety certificate:
A. create mobile agent and distribute authority: login agent running environment, by the function and the authority of subscriber management server distributing user; According to the task creation mobile agent, and generate this agency's role and authority information;
B. protect the transmission of mobile agent: relocation site by relocation site between connect; Whether checking agency's certificate information and decision allow the agency to move into; The holding identifier, connect convenient next time;
C, the protection host resource is not destroyed by malicious agent: obtain agency's resources use right, operating right etc. are acted on behalf of information; Proxy requests is used resource, and deputy environment is according to resources use right limit Resources allocation and forbid and write down wherein the request of crossing the border;
D. the protection agency self is not subjected to malicious host attack: the private information of encryption agents; Verification checks whether proxy information is distorted; Proxy information can be revised or delete to the local agent environment never herein to acting on behalf of interpolation information; The agency continues migration or commits suiside;
It carries out flow process: at first user's login agent running environment is created mobile agent and is distributed authority according to the task needs, act on behalf of then according to task and move the protection that needs at this moment carry out the mobile agent transmission, the agency is moved to destination host and is executed the task then, will protect host resource not destroyed by malicious agent this moment, and the agency will protect the agency self not to be subjected to the attack of malicious host when destination host is executed the task;
The synchronization mechanism of safety certificate: in this security architecture; all coding certificates; all concentrating on security administration server manages; respectively act on behalf of running environment and regularly carry out synchronous certificate information with safe management server; and deposit local certificate repository in; when the agency moved into, the local agent environment can carry out the verification proxy information earlier in the certificate repository of this locality, and this can obtain embodying in the transmission of protection mobile agent.
Create mobile agent and distribute the method for authority to be:
1. be that running environment is acted on behalf of at the user login management station just) with the person, application program provides account number, the password interface that the user logins herein, after application program receives the account number and password that the user inputs, just set up safe socket character with subscriber management server and connect, carry out the affirmation of account number and obtain corresponding role; Subscriber management server returns user's role who is endowed and the functions of modules that is authorized to carry out according to account number and encrypted message;
2.) create mobile agent, when creating this mobile agent, just connect, create user based on this agency with security administration server according to the needs of webmaster, the time, but life cycle and operating resource etc. generate digital certificate; Utilization is the agent allocation authority based on role's mode, but and operating resource information.
The method of the transmission of protection mobile agent is:
1. in the time of) this agency will being migrated to another by pipe node, at first two act on behalf of between the running environment passage of setting up safety at this; Utilize secure socket layer protocol 3.0 to set up this escape way here;
2.) recipient acts on behalf of running environment is verified the agency that moves into earlier with local certificate repository by security control certificate information, local do not have then to connect with security administration server to verify agency's digital signature, if by this agency that then moves into, this acts on behalf of running environment otherwise do not allow to move into, and this failure information is charged to security log;
3.) keep two Session IDs of acting on behalf of between the running environment, when next time, the agency moved into once more, do not need repeated authentication once more, it is just passable only to need to regenerate session key;
In the protection mechanism of mobile agent transmission; adopt secure socket layer protocol 3.0 to carry out safe protection; and utilize secure socket layer protocol 3.0 after communicating pair authenticates mutually; can keep a Session ID; when communicating by letter once more; no longer need verification process, only need regenerate session key and get final product.
The method that the protection host resource is not destroyed by malicious agent is:
1.) after this agency's migration advances to be acted on behalf of in the running environment by management node, be not performed immediately;
2.) connect by security control and security administration server, obtain this agency's main information, comprise resources use right, operating right, and resources use right limit write the resource access list so that when acting on behalf of the demand resource, is controlled;
3.) agency, calls the resource access list by resource control and finishes the resource that the agency can call according to agency's Role Information for carrying out the action request local resource of setting;
4.) the agency actual to the operation of resource in by sandbox security mechanism and resource control in conjunction with the operation of finishing oneself; As visit to thread etc.;
5.) in this process, call resource if there is the agency to cross the border, then stop this behavior, and this is charged to security log.
The protection agency self is not subjected to the method for malicious host attack to be:
1.) some entrained information of agency as resources use right, execution path, do not allow to be revised by other host node, when then this acts on behalf of in establishment, structure is acted on behalf of the running environment node can calculate hashed value with one-way Hash algorithm earlier to these information of this agency, uses private key signature then
Sign=SK(h(I)
Wherein SK is a private key; The signature of Sign for generating; I is for needing the information of protection; H () is an one-way hash function,
2.) move to each node this agency, the back is verified proxy information with the PKI of acting on behalf of running environment earlier, see and whether distorted,
(SK (h (I)) wherein PK is a PKI to h (I)=PK (Sign)=PK
Because malicious host does not have private key, thus can't forge a signature,
3.) local agent running environment with to acting on behalf of interpolation information, is carried next information and cannot change the front node only, and mechanism is:
3.1) be Network Management Station with creating, generate a secret digital N at random, with this PKI of acting on behalf of running environment N is encrypted then, obtain a check value:
CheckNum_1=PK (N) wherein CheckNum_1 is a check value,
3.2) after the local agent running environment, execute the function that the agency sets, collect information I, this information is calculated hashed value h (I) earlier, and with the private key of this locality the hashed value of this information is signed: SK
i(h (I),
3.3) local node acted on behalf of the identity sign S of running environment
i, and the check value CheckNum_1 that several stations, front obtain reaches the signature SK that has just obtained
i(h (I) adds up, and signing with PKI then obtains new check value, CheckNum_2=PK (CheckNum_1+SK
i(h) (I))+S),
3.4) by the private key of our station the information of our station collection is protected, then the information of this website collection is only readable, can not change.If any modification, then can be detected;
4.) agency finishes the function of oneself, by predetermined route migration or suicide;
Utilize traditional passive and method initiatively to combine at this; move into certain when acting on behalf of running environment at mobile agent; can check its state earlier; whether distorted with information or the state of determining this agency; and also adopt guard method initiatively, the agency is limited to host service function, and agency's code section can be divided into read-only part or invisible part; and only allow main frame this to be acted on behalf of additional record, and permit no. out change or deletion.
The method of the synchronization mechanism of safety certificate is:
In this safety system, all coding certificates all concentrate on security administration server and manage, if when every deputy environment need be verified, verify with security administration server again, then expend time in and Internet resources, and also may cause network outage; At this, adopt synchronization mechanism, with the certificate in the security administration server, regularly publish the security control in each deputy environment, and it is write local certificate repository, when verifying agency's certificate information, can verify in this locality earlier like this.
Beneficial effect: the inventive method has proposed comprehensive mobile agent network management method for security protection, and three big main aspects in the mobile agent network management system have been proposed perfect guard method.The complexity of bringing during method for security protection accumulation that the method that the application of the invention proposes can be avoided disperseing, the flexibility that can improve safety method effectively reach the purpose of protection mobile agent network management.
1. protect the transmission of mobile agent effectively
In the protection mechanism of mobile agent transmission, adopt SSL 3.0 to carry out safe protection, and fact proved that SSL 3.0 is agreements of a safety, can effectively prevent to reset network attacks such as personation.
And utilize SSL 3.0 agreements after communicating pair authenticates mutually, can keep a Session ID, when communicating by letter once more, no longer need verification process, only need regenerate session key and get final product.So just saved a large amount of resources.
2. protect host resource effectively
On the basis of traditional Java SandBox Control, Security Control and ResourceControl have been increased.
Security Control can avoid this AE environment of moving into of malicious agent to destroy effectively; and Resource Control can provide safer protection on the basis of sandbox security model; make the operation of agency to host resource and Internet resources; the capital is controlled and monitors; more comprehensive to the protection of main frame like this, effectively.
3. protect mobile agent self effectively
Utilize traditional passive and method initiatively to combine at this.When mobile agent is moved into certain AE, can check its state earlier whether distorted with information or the state of determining this agency.And also adopt guard method initiatively, the agency is limited to host service function, and agency's code section can be divided into read-only part or invisible part, and only allows main frame this to be acted on behalf of additional record, and permits no. out change or deletion.So just protected mobile agent itself not under fire effectively.
4. flexibility
Adopt synchronization mechanism,, regularly publish the Security Control in each deputy environment, and it is write local Authentication DataBase the certificate among the Security Server.When verifying agency's certificate information, can verify in this locality earlier like this.
In agency's transmission, adopt SSL 3.0 to verify and set up communication port, and the preserving sessions identifier, do like this, only need once loaded down with trivial details proof procedure, when communicating again later on, saved proof procedure, it is just passable only need to regenerate session key.
By adopting above mechanism, save Internet resources and reduced the proving time, increased the flexibility of this security architecture.
Description of drawings
Fig. 1 is the structure chart of AE.
Fig. 2 is a mobile agent network management Security Architecture schematic diagram.
Fig. 3 is the detailed flowchart of mobile agent network management security architecture.
Embodiment
For a more detailed description with embodiment with reference to the accompanying drawings below to the present invention.
(1) transmission of protection mobile agent
As AE (Agent Environment, other execution environment) will send to certain mobile agent and arrive before other AE, we wish authentication mutually between these two AE, and set up an escape way, and also can use in the communication afterwards of this escape way, not need to repeat once more verification process.
And wish that thereby two kinds of passages adopt identical security mechanism to be convenient to implement.Therefore adopt the modelling escape way that both sides authenticate in SSL3.0 (Secure Socket Layer, a kind of safety communication agreement) agreement.
The SSL3.0 agreement is to utilize public key certificate to authenticate mutually, and sets up common session key, with symmetric cryptographic algorithm call-information is carried out encipherment protection.Its feature is after communicating pair authenticates mutually, keeps a Session ID, when communicating by letter once more, no longer needs verification process, only need regenerate session key and get final product.As long as the public key certificate that has the third party to sign, and support the SSL3.0 agreement, just can carry out secure communication.And the SSL3.0 agreement is verified to be the agreement of a safety, can prevent personation, network attacks such as anti-replay.And this can mitigation system load.
(2) protection main frame
Mainly protect, provide following three kinds of mechanism to protect the resource of local host and the protection of Internet resources:
1. JAVA (a kind of programming language) sandbox security mechanism (Java SandBox Control): the sandbox model of having inherited JAVA comes the operation of the agency among the AE is controlled.Utilize it to come the access rights (comprise open, read, write, close, deletion etc.) of control agent, also control control simultaneously Socket (safe socket character) and thread to local file system;
2. security control (Security Control): the interface that local AE and security administration server (Security Server) is provided, whenever there being the agency to carry out AE need verify the time, then be connected with Security Server and the authentication of information by this module;
3. resource control (Resource Control): when the agency needs local host or Internet resources, then need to call, as call and print resource etc. by this module.
(3) protection mobile agent self
When mobile agent moves when moving to certain AE, kept the mutual authentication process that often has in other agency's the safety system.And the responsive part that provides some security mechanisms to prevent the mobile agent state is distorted, or can detect at least and distort.
The information that mobile agent carries in transition process is only permitted to read, but can not change as identity resources use right etc.These information are calculated hashed value with one-way Hash algorithm earlier, then with the private key signature of acting on behalf of owner.Every like this AE, whether this can be distorted with owner's public key verifications information, and because malice AE does not have owner's private key, can't forge a signature.
When mobile agent will be from each website acquisition of information of its visit, its information of collecting previously that needs protection was not revised by the website of back.Promptly after leaving this website, the information that certain website is collected to revise again.
(4) synchronization mechanism of safety certificate
In this safety system, all coding certificates all concentrate on Security Server and manage, if when every deputy environment need be verified, verify with Security Server again, then expend time in and Internet resources, and also may cause network outage.
At this, we adopt synchronization mechanism, with the certificate among the Security Server, regularly publish the Security Control in each deputy environment, and it is write local certificate repository (AuthenticationDataBase).When verifying agency's certificate information, can verify in this locality earlier like this.
By adopting this mechanism, save Internet resources and reduced the proving time, increased the flexibility of this security architecture.
One, architecture
In the mobile agent network management scheme, mobile agent is finished management role by management node moving to each.
The mobile agent network management Security Architecture mainly contains two parts to be formed, and a part is in Network Management Station, and another part is by management node, and each part is made up of several parts.
Network Management Station is the center of implementing the network management security protection, is responsible for coordinating the safe operation of whole management; According to different webmaster tasks, generation corresponding mobile agency also sends by management node and carries out concrete management role in this locality.Network Management Station safety is formed and is mainly comprised three parts.
1. mobile agent running environment AE (Agent Environment abbreviates AE later on as)
The main execution environment of mobile agent comprises execution, establishment, reception, destruction, migration of mobile agent etc.Aspect safety management, mainly realize protection to local host resource and Internet resources by following three parts:
1. Java SandBox Control: the sandbox model of having inherited JAVA comes the operation of the agency among the AE is controlled.Utilize it to come the access rights (comprise open, read, write, close, deletion etc.) of control agent, also control control simultaneously Socket (safe socket character) and thread to local file system;
2. Security Control: the interface of local AE and Security Server is provided,, then is connected with Security Server and the authentication of information by this module whenever there being the agency to carry out AE need verify the time;
3. Resource Control: when the agency needs local host or Internet resources, then need to call, as call and print resource etc. by this module.
4. agency's control (Agent Control): the major control node is acted on behalf of the destruction that is not subjected to malicious host to agency's operation in order to protection.
2. subscriber management server (User Server)
Management mobile agent user's number of the account, password, the role who is endowed, and the functions of modules that each role was allowed to carry out.Support each AE to connect up, carry out the affirmation of number of the account and obtaining of Role Information in the mode of SSL.
3. security administration server
The function that Security Server carries out mainly contains: encryption key distribution, and certificate exchange and safety inspection etc., but topmost two big functions are: 1. be the safety certificate of agency's generation about user and agency; 2. the agency who comes for migration carries out safety certification, and the record security daily record.
Two. the main execution flow process of this framework is as follows:
1. the user is user login management station AE.Application program provides ID (account number), the password interface that the user logins herein, after application program receives the ID and password that the user inputs, just sets up SSL with User Server and connects, and carries out the affirmation of account number and obtains corresponding role.User Server returns user's role who is endowed and the functions of modules that is authorized to carry out according to account number and encrypted message;
2. create mobile agent according to the needs of webmaster, when creating this mobile agent, just connect, create user based on this agency with SecurityServer, the time, but life cycle and operating resource etc. generate digital certificate;
3. in the time of this agency will being migrated to another by pipe node, at first between this two AE, set up the passage of safety.Here we utilize SSL 3.0 to set up this escape way;
4. recipient AE verifies the agency's that moves into certificate information earlier with local Authentication DataBase by Security Control, or this locality does not have then to connect with Security Server to verify agency's digital signature, if by this agency that then moves into, otherwise do not allow this AE that moves into, and this failure information is charged to security log;
5. after in this agency's migration is advanced by management node AE, be not performed immediately, but connect with Security Server earlier, obtain this agency's main information, comprise resources use right, operating right etc.;
6. the agency carry out by with AE in Java SandBox Control and Resource Control etc. combine the operation of finishing oneself.
7. by the management host node agency is operated.We adopt the passive method that combines with active to come protecting of acting on behalf of at this, when the agency arrives, judge to act on behalf of whether be modified; And when the agency operated, then only allow acting on behalf of additional record, there is not authority to make amendment to agency's read-only part by management host.
8. the agency finishes the function of oneself, presses predetermined route or suicide or moves go back to management station.
The present invention is a kind of method for security protection towards mobile agent network management of system; from mobile agent Network Management Station, create, in by management node, carrying out the webmaster task; get back to Network Management Station at last and submit information to, whole network management process all is subjected to safe protection.
Protection level according to this framework is used mobile agent network management reaches the concrete application in webmaster, can be divided into four-stage; describe for convenient; we suppose that Network Management Station will manage n node, i the node of moving into now, and the concrete implementation step of protection is as follows:
1. create mobile agent and distribute authority
1. the user is user login management station AE.Application program provides ID (account number), the password interface that the user logins herein, after application program receives the ID and password that the user inputs, just sets up SSL with User Server and connects, and carries out the affirmation of account number and obtains corresponding role.User Server returns user's role who is endowed and the functions of modules that is authorized to carry out according to account number and encrypted message;
2. create mobile agent according to the needs of webmaster, when creating this mobile agent, just connect, create user based on this agency with SecurityServer, the time, but life cycle and operating resource etc. generate digital certificate;
2. the transmission of protection mobile agent
3. in the time of this agency will being migrated to another by pipe node, at first between this two AE, set up the passage of safety.Here we utilize SSL 3.0 to set up this escape way;
4. recipient AE verifies the agency's that moves into certificate information earlier with local Authentication DataBase by Security Control, local do not have then to connect with Security Server to verify agency's digital signature, if by this agency that then moves into, otherwise do not allow this AE that moves into, and this failure information is charged to security log;
5. keep the Session ID between two AE, when next time, the agency moved into once more, do not need repeated authentication once more, it is just passable only to need to regenerate session key;
3. the protection host resource is not destroyed by malicious agent
6. after in this agency's migration is advanced by management node AE, be not performed immediately;
7. connect by Security Control and Security Server, obtain this agency's
8. main information comprises resources use right, and operating right etc., and the resources use right limit write Resource Access List (resource access list) so that when acting on behalf of the demand resource, are controlled;
9. the agency is for carrying out the action request local resource of setting, and the Role Information according to the agency calls Resource Access List by Resource Control and finishes the resource that the agency can call;
10. the agency actual to the operation of resource in by Java SandBox Control and Resource Control in conjunction with the operation of finishing oneself.As visit to thread etc.;
Security Control can avoid this AE environment of moving into of malicious agent to destroy effectively; and Resource Control can provide safer protection on the basis of sandbox security model; make the operation of agency to host resource and Internet resources; the capital is controlled and monitors; more comprehensive to the protection of main frame like this, effectively.
4. the protection agency self is not subjected to malicious host attack
By the management host node agency is operated.We adopt the passive method that combines with active to come protecting of acting on behalf of at this, when the agency arrives, judge to act on behalf of whether be modified; And when the agency operated, then only allow acting on behalf of additional record, there is not authority to make amendment to agency's read-only part by management host.
Sign=SK(h(I)
(SK: private key; Sign: the signature of generation; I: the information that needs protection; H (): one-way hash function)
H (I)=SK (Sign)=SK (PK (h (I)) (PK: PKI)
Because malicious host does not have private key, so can't forge a signature.
◆ the establishment ground the agency is Network Management Station, generates a secret digital N at random, with the PKI of this AE N is encrypted then, obtains a check value:
CheckNum_1=PK (N) (CheckNum_1: check value)
◆ behind the local AE that moves into, execute the function that the agency sets, collect information I, this information is calculated hashed value h (I) earlier, and with the private key of this locality the hashed value of this information is signed: PK
i(h (I).
◆ with the identity sign S of local node AE
i, and the check value CheckNum_1 that several stations, front obtain reaches the signature PK that has just obtained
i(h (I) adds up, and signing with PKI then obtains new check value.
◆CheckNum_2=PK(CheckNum_1+SK
i(h(I))+S),
◆ protect by the information that the private key of our station is collected our station, then the information of this website collection is only readable, can not change.If any modification, then can be detected.
Claims (6)
1. security architecture method of protecting mobile agent network management to use is characterized in that this safeguard protection framework comprises that wherein this four-stage is respectively to the four-stage of mobile agent network management system protection and the synchronization mechanism of safety certificate:
A. create mobile agent and distribute authority: login agent running environment, by the function and the authority of subscriber management server distributing user; According to the task creation mobile agent, and generate this agency's role and authority information;
B. protect the transmission of mobile agent: relocation site by relocation site between connect; Whether checking agency's certificate information and decision allow the agency to move into; The holding identifier directly uses this information when connect next time;
C. protect host resource not destroyed by malicious agent: obtain agency's resources use right, operating right etc. are acted on behalf of information; Proxy requests is used resource, and deputy environment is according to resources use right limit Resources allocation and forbid and write down wherein the request of crossing the border;
D. the protection agency self is not subjected to malicious host attack: the private information of encryption agents; Verification checks whether proxy information is distorted; Proxy information can be revised or delete to the local agent environment never herein to acting on behalf of interpolation information; The agency continues migration or commits suiside;
It carries out flow process: at first user's login agent running environment is created mobile agent and is distributed authority according to the task needs, act on behalf of then according to task and move the protection that needs at this moment carry out the mobile agent transmission, the agency is moved to destination host and is executed the task then, will protect host resource not destroyed by malicious agent this moment, and the agency will protect the agency self not to be subjected to the attack of malicious host when destination host is executed the task;
The synchronization mechanism of safety certificate: in this security architecture; all coding certificates; all concentrating on security administration server manages; respectively act on behalf of running environment and regularly carry out synchronous certificate information with safe management server; and deposit local certificate repository in; when the agency moved into, the local agent environment can carry out the verification proxy information earlier in the certificate repository of this locality, and this can obtain embodying in the transmission of protection mobile agent.
2. a kind of security architecture method of protecting mobile agent network management to use according to claim 1 is characterized in that described establishment mobile agent and distributes the method for authority to be:
1.) user is that running environment is acted on behalf of at the user login management station, application program provides account number, the password interface that the user logins herein, after application program receives the account number and password that the user inputs, just set up safe socket character with subscriber management server and connect, carry out the affirmation of account number and obtain corresponding role; Subscriber management server returns user's role who is endowed and the functions of modules that is authorized to carry out according to account number and encrypted message;
2.) create mobile agent, when creating this mobile agent, just connect, create user based on this agency with security administration server according to the needs of webmaster, the time, but life cycle and operating resource etc. generate digital certificate; Utilization is the agent allocation authority based on role's mode, but and operating resource information.
3. a kind of security architecture method of protecting mobile agent network management to use according to claim 1 is characterized in that the method for the transmission of described protection mobile agent is:
1. in the time of) this agency will being migrated to another by pipe node, at first two act on behalf of between the running environment passage of setting up safety at this; Utilize secure socket layer protocol 3.0 to set up this escape way here;
2.) recipient acts on behalf of running environment is verified the agency that moves into earlier with local certificate repository by security control certificate information, local do not have then to connect with security administration server to verify agency's digital signature, if by this agency that then moves into, this acts on behalf of running environment otherwise do not allow to move into, and this failure information is charged to security log;
3.) keep two Session IDs of acting on behalf of between the running environment, when next time, the agency moved into once more, do not need repeated authentication once more, it is just passable only to need to regenerate session key;
In the protection mechanism of mobile agent transmission; adopt secure socket layer protocol 3.0 to carry out safe protection; and utilize secure socket layer protocol 3.0 after communicating pair authenticates mutually; can keep a Session ID; when communicating by letter once more; no longer need verification process, only need regenerate session key and get final product.
4. a kind of security architecture method of protecting mobile agent network management to use according to claim 1 is characterized in that the method that described protection host resource is not destroyed by malicious agent is:
1.) after this agency's migration advances to be acted on behalf of in the running environment by management node, be not performed immediately;
2.) connect by security control and security administration server, obtain this agency's main information, comprise resources use right, operating right, and resources use right limit write the resource access list so that when acting on behalf of the demand resource, is controlled;
3.) agency, calls the resource access list by resource control and finishes the resource that the agency can call according to agency's Role Information for carrying out the action request local resource of setting;
4.) the agency actual to the operation of resource in by sandbox security mechanism and resource control in conjunction with the operation of finishing oneself;
5.) in this process, call resource if there is the agency to cross the border, then stop this behavior, and this is charged to security log.
5. a kind of security architecture method of protecting mobile agent network management to use according to claim 1 is characterized in that described protection agency self is not subjected to the method for malicious host attack to be:
1.) some entrained information of agency do not allow to be revised by other host node, and when then this acted on behalf of in establishment, structure was acted on behalf of the running environment node and can be calculated hashed value with one-way Hash algorithm earlier to these information of this agency, uses private key signature then,
Sign=SK(h(I))
Wherein SK is a private key; The signature of Sign for generating; I is for needing the information of protection; H () is an one-way hash function,
2.) move to each node this agency, the back is verified proxy information with the PKI of acting on behalf of running environment earlier, see and whether distorted,
H (I)=PK (Sign)=PK (SK (h (I))) wherein PK is that PKI does not have private key owing to malicious host, thus can't forge a signature,
3.) local agent running environment with to acting on behalf of interpolation information, is carried next information and cannot change the front node only, and mechanism is:
3.1) be Network Management Station with creating, generate a secret digital N at random, with this PKI of acting on behalf of running environment N is encrypted then, obtain a check value:
CheckNum_1=PK (N) wherein CheckNum_1 is a check value,
3.2) after the local agent running environment, execute the function that the agency sets, collect information I, this information is calculated hashed value h (I) earlier, and with the private key of this locality the hashed value of this information is signed: SK
i(h (I)),
3.3) local node acted on behalf of the identity sign S of running environment
i, and the check value CheckNum_1 that several stations, front obtain reaches the signature SK that has just obtained
i(h (I)) adds up, and signing with PKI then obtains new check value, CheckNum_2=PK (CheckNum_1+SK
i(h (I))+S
2),
3.4) by the private key of our station the information of our station collection is protected, then the information of this website collection is only readable, can not change.If any modification, then can be detected;
4.) agency finishes the function of oneself, by predetermined route migration or suicide;
Utilize traditional passive and method initiatively to combine at this; move into certain when acting on behalf of running environment at mobile agent; can check its state earlier; whether distorted with information or the state of determining this agency; and also adopt guard method initiatively, the agency is limited to host service function, and agency's code section can be divided into read-only part or invisible part; and only allow main frame this to be acted on behalf of additional record, and permit no. out change or deletion.
6. a kind of security architecture method of protecting mobile agent network management to use according to claim 1; the method that it is characterized in that the synchronization mechanism of described safety certificate is: in this safety system; all coding certificates; all concentrating on security administration server manages; at this; adopt synchronization mechanism; with the certificate in the security administration server; regularly publish the security control in each deputy environment; and it is write local certificate repository; when verifying agency's certificate information, can verify in this locality earlier like this.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100389636A CN100411361C (en) | 2006-03-21 | 2006-03-21 | Safety structure of all-around protecting mobile proxy network management application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100389636A CN100411361C (en) | 2006-03-21 | 2006-03-21 | Safety structure of all-around protecting mobile proxy network management application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1845508A CN1845508A (en) | 2006-10-11 |
| CN100411361C true CN100411361C (en) | 2008-08-13 |
Family
ID=37064423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100389636A Expired - Fee Related CN100411361C (en) | 2006-03-21 | 2006-03-21 | Safety structure of all-around protecting mobile proxy network management application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100411361C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101335618B (en) * | 2008-07-09 | 2010-09-15 | 南京邮电大学 | Method for evaluating and authorizing peer-to-peer network node by certificate |
| CN101394418B (en) * | 2008-10-22 | 2011-09-07 | 南京邮电大学 | General computation data processing control method based on mobile proxy |
| CN107124429B (en) * | 2017-06-05 | 2021-04-20 | 华北电力大学 | Network service safety protection method and system based on double data table design |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040088347A1 (en) * | 2002-10-31 | 2004-05-06 | Yeager William J. | Mobile agents in peer-to-peer networks |
| CN1697365A (en) * | 2005-03-04 | 2005-11-16 | 南京邮电学院 | Secure transmission method oriented to mobile agent |
| CN1744523A (en) * | 2005-08-26 | 2006-03-08 | 南京邮电大学 | Safety protection method facing to mobile agent network management |
-
2006
- 2006-03-21 CN CNB2006100389636A patent/CN100411361C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040088347A1 (en) * | 2002-10-31 | 2004-05-06 | Yeager William J. | Mobile agents in peer-to-peer networks |
| CN1697365A (en) * | 2005-03-04 | 2005-11-16 | 南京邮电学院 | Secure transmission method oriented to mobile agent |
| CN1744523A (en) * | 2005-08-26 | 2006-03-08 | 南京邮电大学 | Safety protection method facing to mobile agent network management |
Non-Patent Citations (2)
| Title |
|---|
| 移动代理安全机制模型的研究. 王汝传,徐小龙,郑晓燕,孙知信.计算机学报,第25卷第12期. 2002 |
| 移动代理安全机制模型的研究. 王汝传,徐小龙,郑晓燕,孙知信.计算机学报,第25卷第12期. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1845508A (en) | 2006-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bao et al. | When blockchain meets SGX: An overview, challenges, and open issues | |
| Kaaniche et al. | A blockchain-based data usage auditing architecture with enhanced privacy and availability | |
| Singh et al. | Cloud security issues and challenges: A survey | |
| Zhong et al. | Distributed blockchain‐based authentication and authorization protocol for smart grid | |
| Jeong et al. | An efficient authentication system of smart device using multi factors in mobile cloud service architecture | |
| Vegesna | Methodologies for Enhancing Data Integrity and Security in Distributed Cloud Computing with Techniques to Implement Security Solutions | |
| CN105700945A (en) | Clean room environment-based safe virtual machine migration method | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| Kolokotronis et al. | Secured by blockchain: Safeguarding internet of things devices | |
| CN113922957B (en) | Virtual cloud wallet system based on privacy protection calculation | |
| Munir et al. | Framework for secure cloud computing | |
| Uddin et al. | Mobile agent based multi-layer security framework for cloud data centers | |
| Aung et al. | Ethereum-based emergency service for smart home system: Smart contract implementation | |
| Gupta | Security and privacy issues of blockchain technology | |
| Goswami et al. | Investigation on storage level data integrity strategies in cloud computing: classification, security obstructions, challenges and vulnerability | |
| CN111769956A (en) | Service processing method, device, equipment and medium | |
| CN100411361C (en) | Safety structure of all-around protecting mobile proxy network management application | |
| Maroufi et al. | Lightweight blockchain-based architecture for 5g enabled iot | |
| Cheng et al. | A Lightweight Authentication-Driven Trusted Management Framework for IoT Collaboration | |
| CN100369421C (en) | Safety protection method facing to mobile agent network management | |
| Balusamy et al. | Collective advancements on access control scheme for multi-authority cloud storage system | |
| Saha et al. | Distributed computing security: issues and challenges | |
| Waqas et al. | Fault tolerant cloud auditing | |
| Brooks et al. | Conceptualizing a secure wireless cloud | |
| Annane et al. | SecNetworkCloudSim: An extensible simulation tool for secure distributed mobile applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080813 Termination date: 20130321 |