A Novel Protocol for Security of Location Based Services in Multi-agent Systems
- 127 Downloads
Multi-agent systems are automated form of software technology to enhance many applications in our life. However, this technology does not come along with embedded security features which hindering its widespread usage in commercial systems such as those that depend on location-based services. This paper aims to design, develop, test and evaluate an efficient security protocol for the multi-agent system to support the secrecy of user location. At first, we have developed a new architectural approach, inspired by the well-known Kerberos protocol, that can provide a secure service for the end users. It offers the most important security requirements in this field, namely; mutual authentication, confidentiality, integrity, and authorization. The proposed security protocol so-called Multi-Agent Security using Enhanced Kerberos has been verified and validated using a formal verification tool called ProVerif. Also, we provide a comparison with the original Kerberos protocol in terms of efficiency, which tilts the balance to our protocol.
KeywordsMulti-agent system Communication system security Formal verification
- 4.Martínez, D., Clotet, E., Moreno, J., Tresanchez, M., & Palacín, J. (2016). A proposal of a multi-agent system implementation for the control of an assistant personal robot (pp. 171–179). Cham: Springer.Google Scholar
- 10.Muñoz, A. (2019). A review of security mechanisms for multi-agent systems: Security challenges in multi-agent systems. In Artificial intelligence and security challenges in emerging networks (pp. 38–62). IGI Global.Google Scholar
- 11.Al-Hamadi, H. M. N., Yeun, C. Y., Zemerly, M. J., & Al-Qutayri, M. (2011). Distributed lightweight Kerberos protocol for mobile agent systems. In IEEE GCC conference and exhibition (pp. 233–236).Google Scholar
- 12.Al-Hamadi, H. M. N., Yeun, C. Y., Zemerly, M. J., Al-Qutayri, M. A., & Gawanmeh, A. (2011). Formal modeling and verification of DLK protocol. In 2011 International conference for internet technology and secured transactions (pp. 578–583).Google Scholar
- 14.Subburaj, V. H., & Urban, J. E. (2019). Specifying security requirements in multi-agent systems using the descartes-agent specification language and AUML. In E. Ziemba (Ed.), Information technology for management: Emerging research and applications (pp. 93–111). Cham: Springer.CrossRefGoogle Scholar
- 15.Subburaj, V. H., & Urban, J. E. (2018). Applying formal methods to specify security requirements in multi-agent systems. In 2018 Federated conference on computer science and information systems (FedCSIS) (pp. 707–714). IEEE.Google Scholar
- 16.Board, F. (2018). The current set of standard FIPA specifications. http://www.fipa.org/repository/standardspecs.html. Accessed 1 Aug 2018.
- 17.Bellifemine, F., Trucco, T., Giovanni, C., & Rimassa, G. (2010). JADE programmer’s guide. http://jade.tilab.com/doc/programmersguide.pdf. Accessed 1 Aug 2018.
- 19.Winikoff, M. (2005). Jack™ intelligent agents: An industrial strength platform (pp. 175–193). Boston, MA: Springer.Google Scholar
- 24.Blanchet, B., Cheval, V., Smyth, B. & Sylvestre, M. (2017). ProVerif 1.97: Automatic cryptographic protocol verifier, user manual and tutorial. http://www.proverif.ens.fr/manual.pdf. Accessed 1 Aug 2018.
- 25.Backes, M., Maffei, M., & Unruh, D. (2008). Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In 2008 IEEE symposium on security and privacy (sp 2008) (pp. 202–215).Google Scholar
- 31.Bansal, C., Bhargavan, K., & Maffeis, S. (2012). Discovering concrete attacks on website authorization by formal analysis. In 2012 IEEE 25th computer security foundations symposium (pp. 247–262).Google Scholar
- 33.Abadi, M., & Needham, R. (1994). Prudent engineering practice for cryptographic protocols. In IEEE computer society symposium on research in security and privacy (pp. 122–136).Google Scholar
- 34.Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE computer society symposium on research in security and privacy (pp. 72–84).Google Scholar
- 35.Bellovin, S. M., & Merritt, M. (1993). Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM conference on computer and communications security, ser. CCS ’93 (pp. 244–250). New York, NY: ACM.Google Scholar
- 38.Calvaresi, D., Appoggetti, K., Lustrissimi, L., Marinoni, M., Sernani, P., Dragoni, A. F., & Schumacher, M. (2018). Multi-agent systems’ negotiation protocols for cyber-physical systems: Results from a systematic literature review. In ICAART (1) (pp. 224–235).Google Scholar
- 43.Albelaihy, A., & Cazalas, J. (2017). A survey of the current trends of privacy techniques employed in protecting the location privacy of users in LBSs. In 2017 2nd international conference on anti-cyber crimes (ICACC) (pp. 19–24).Google Scholar
- 44.Niu, B., Li, Q., Zhu, X., & Li, H. (2014). A fine-grained spatial cloaking scheme for privacy-aware users in location-based services. In 2014 23rd international conference on computer Communication and networks (ICCCN) (pp. 1–8).Google Scholar
- 49.Sulaiman, R., Huang, X., & Sharma, D. (2009). E-health services with secure mobile agent. In 2009 seventh annual communication networks and services research conference (pp. 270–277).Google Scholar