Efficient and Secure Web Services by using Multi Agents

Abstract

Mobile agents are an excellent technology for implementing Web services. Within a set of federated Web services, mobile agents can reduce bandwidth requirements and mitigate the effects of high-latency network connections. This paper presents a model for implementing Web services with mobile agents where agents are free to move between cooperating Web servers to implement the service functionality. Also for increasing security of web services, we illustrate a novel distributed protocol for multi agent environments. In this approach, the encrypted private key and the message are broken into different parts carrying by different agents, which make it difficult for malicious entities to mine the private key for message encryption, while the private key for the encrypted key is allocated on the predetermined destination nodes. On the other hand, all of the previously proposed encryption algorithms can be applied in the proposed approach that deteriorates the key discovery process. To improve the overall security, the paper makes use of Advanced Encryption Standard (AES) as the encryption base for message encryption. Our mobile agent Web services present typical WSDL interfaces, so mobile agent functionality can be consumed from legacy clients, and federated services can be gradually migrated to a mobile agent implementation.

References

• Abolfazl Esfandi, Ali Movaghar Rahimabadi, "Mobile Agent Security in Multi agent Environments Using a Multi agent-Multi key Approach", in Proc. 2nd IEEE International Conference on Computer Science and Information Technology, Vol. 4, August 2009, pp. 438-442.
• National Institute of Standards and Technology, "Announcing the ADVANCED ENCRYPTION STANDARD (AES)," Federal Information Processing Standards Publication, no. 197, Nov. 2001.
• Rosenthal Joachim, "A Polynomial Description of the Rijndael Advanced Encryption Standard", Journal of Algebra and Its Applications, Vol. 2(2), 2003, pp. 223-236.
• Xu Ke, "Mobile Agent Security Through Multi-Agent Cryptographic Protocols", PhD Thesis, Department of Computer Science and Engineering, University of North Texas, May 2004.
• Java Remote Method Invocation (RMI) Specification. 2001,Sun Microsystems, Inc.
• T. Erl, "SOA: Principles of Service Design, " Prentice Hall/Pearson PTR, 2007.
• E Nagy, B. , "Deployment Descriptors" in Apache SOAP User's Guide . 2001.
• A. Singhal, T. Winograd and K. Scarfone, "Guide to Secure Web Services, " National Institute of Standards and Technology Special Publication, 2007.
• Common Language Infrastructure (CLI), Partition I: Architecture. 2002, ECMA International, Geneva.
• S. Chollet and P. Lalanda, "An Extensible Abstract Service Orchestration Framework," IEEE International Conference on Web Services (ICWS), 2009.
• J. G. R. Sathiaseelan, S. A. Rabara and J. R. Martin, "Multi-Level Secure Framework for Composite Web Services," ACM International Conference Proceedings (ICIS), pp. 580–585, 2009.
• A. Ginige and S. Murugesan, "The Essence of Web Engineering – Managing the Diversity and Complexity of Web Application Development," IEEE Multimedia, vol. 8, no. 2, pp. 22-25, Apr. –Jun. 2001.
• G. H. Hwang, Y. H. Chang and T. K. Chang,"An Operational Model and Language Support for Securing Web Services," IEEE International Conference on Web Services (ICWS), 2007
• Yildiz, B. , Fox G. , and S. Pallickara, "An Orchestration for Distributed Web Service Handlers" International Conference on Internet and Web Applications and Services ICIW 2008, June 8-13, 2008 - Athens, Greece
• A. Menezes, P. Van. Oorschot and S. Vanstone, "Handbook of Applied Cryptography," CRC Press, October 1996 – 5th reprinting, Aug. 2001, ch 12.
• Jana, D. , Chaudhuri, A. and Bhaumik, B. 2009 Privacy and Anonymity Protection in Computational Grid Services. International Journal of Computer Science and Applications, Vol, 6, No, 1, pp. 98-107.

Index Terms

Keywords