Mobile agents raise security issues such as the protection of platform/host that runs the mobile agent against attacks which can harm or use its resources without permission, and another is the need for protection to guard mobile agents and their supporting systems against the malicious attacks from a variety of intervening sources that might alter information it carries and processes when it visits the hosts in its transactions itineraries. In this article, the authors propose a framework which includes safe, secure, trusted and auditable services, as well as forensic mechanisms to provide audit trails for digital evidence of transactions and protection against illegal activities. The proposed framework and protocols provide a secure communication for mobile agents when they move to different security environments to deal with e-marketplace activities such as search information, negotiation and payments. This article is concluded by highlighting and discussing further research work to build viable systems.
TopIntroduction
E-marketplace is a flexible and efficient approach to assist companies or corporations to extend their businesses to reach larger markets without regional boundaries via ad hoc networks. This must be performed in a safe, secure, trusted and auditable manner to ensure customer (buyer) and supplier (seller) confidence against all kinds of attacks and masquerades. It requires a new paradigm, improved integration architectures and services to bring this to fruition. Such e-marketplace is typically a cooperative distributed system composed of economically motivated software agents that interact cooperatively and/or competitively, find and process information, and disseminate it to humans and to other agents. In addition, it must provide supports for common economic services and transactions, such as dynamic pricing, negotiation, automated supply chains, as well as other e-marketplace service infrastructure to ensure secure, trusted and reliable transactions. Therefore, the mobile agent-based e-marketplaces are becoming more important in e-commerce applications. The mobility characteristic of mobile agent permits all the required operations to be performed locally in the e-marketplace without maintaining reliable connections with remote hosts and without bandwidth engagement. However, in e-marketplace environment, strong mobility will cause the high risk security threats; in contrary, low mobility causes low security threats. Although much have been dedicated to the design of agent-based marketplaces, the lack of standards for agent-based e-marketplace framework incorporating safe, secure, trusted and auditable services reflects that there are still many issues that need to be resolved before a standard could be defined for such an all encompassing unified framework.
Security of mobile agents, the most important technique in the e-marketplace applications is still in its infancy and research topic. There are different security approaches for mobile agents that have been proposed to protect the platform, host, agents and route. The security protocols such as Secure Socket Layer (SSL) (Freier, Karlton & Kocher, 1996) and Secure Electronic Transaction (SET) (Drew, 1999) are used for confidentiality and integrity to secure the communication between agents on different hosts. The SSL channel may be not secure for mobile agent since a mobile agent may move to an insecure platform or host to communicate with other agents. Also, it is dangerous for mobile agent to exchange sensitive information without the use of cryptography techniques because the information can be stolen or corrupted by malicious attacking agents. SET on the other hand offers better security than SSL since it uses Public Key Infrastructure (PKI) for privacy and X.509 digital certificates to authenticate participants in e-marketplace (Liu, 2003). More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant’s server to ensure buyer confidentiality, privacy and safety.
Furthermore, the e-marketplace should meet the requirements of mobile users whose expectation of e-marketplace services to be available in mobile computing devices and mobile networks that incur high communication cost and/or low bandwidth within bounded target security conditions to establish fully-fledged goal driven agent based e-marketplace (Jailani et al., 2008).
The goal of this article is, therefore, to define a framework together with all the safe, secure, trusted and auditable services, including forensic mechanisms for replying and proofing against illegal activities. The proposed protocols for the security issues are also defined and explained in this article.
The article is organized as follows. Section 2 represents the related works on secure framework for mobile agent-based e-marketplace. Section 3 illustrates the architecture of proposed framework mobile agent-based e-marketplace, followed by the description of major components and the working flow of the proposed framework. Section 4 gives the detailed explanation of the digital forensic for the proposed framework. The security protocols are defined, specified and proved in Section 5. Finally, we propose, discuss and conclude further research and development work to be done to in this subject area.