Security in Multi-Agent Systems: JADE-S goes Distributed ABSTRACT - SECURITY IS AN IMPORTANT FACTOR FOR ANY SYSTEM USED IN COMMERCIAL

SECURITY IS AN IMPORTANT FACTOR FOR ANY SYSTEM USED IN COMMERCIAL APPLICATIONS. DISTRIBUTED AND DYNAMIC SYSTEMS RAISE NEW ISSUES CONCERNING PERFORMANCE, SCALABILITY AND SECURITY MANAGEMENT. DISTRIBUTED MULTI-AGENT SYSTEMS, LEVERAGING AGENT’S AUTONOMY AND MOBILITY, REQUIRE EVEN GREATER ATTENTION TO SECURITY ISSUES. THEREFORE AGENT PLATFORMS MUST PROVIDE POWERFUL AND FLEXIBLE SECURITY MECHANISMS THAT RELY ON SOLID TECHNOLOGIES. THIS PAPER FIRST ANALYZES SOME SECURITY THREATS IN DISTRIBUTED MULTI-AGENT SYSTEMS, AND THEN DESCRIBES SOME INNOVATIVE PRINCIPLES AND TECHNOLOGIES CURRENTLY CONSIDERED FOR THE EVOLUTION OF JADE-S. IN PARTICULAR IT FOCUSES ON SIMPLE PUBLIC KEY INFRASTRUCTURE AND TRUST MANAGEMENT PRINCIPLES, AND HOW THEY CAN BE APPLIED TO A DISTRIBUTED MULTI-AGENT SYSTEM IN ORDER TO ACHIEVE MORE DISTRIBUTION AND FLEXIBILITY. FURTHERMORE, TECHNIQUES FOR COMMUNICATION CONFIDENTIALITY AND INTEGRITY, AS WELL AS MECHANISMS FOR DIGITAL SIGNATURE AND NON-REPUDIATION ARE DESCRIBED. SPKI: The Simple Public Key Infrastructure is a security architecture, in which certificates directly bind permissions to public-keys and therefore does not require a Certification Authority. i n s e a r c h o f i n n o v a t i o n exp Volume 3 n. 3 September 2003 43 Traditional security frameworks base their decisions about authorizations on access control lists (ACLs) and identity certificates issued by globally trusted authorities. But weak and transient trust relationships, and corresponding delegations of permissions among trusted components, cannot be easily managed with access control lists only. Moreover, relying on trusted third parties invariably weakens security of distributed systems. These concerns are becoming more and more important, as relations among components providing on-line services can easily disappear, and new ones rise, along with social or economical changes. Peer-to-peer and ubiquitous computing trends may only exacerbate fickleness of relations among distributed components. JADE [4] is a rich-featured FIPA [5] compliant agent framework. In order to face the security requirements, a JADE add-on was developed named: JADE-S (i.e. Secure JADE), which can be plugged to normal JADE platforms in order to provide it with security mechanisms. Using security implies adding some overhead (which some applications might not like to pay) at run-time and at configurationtime. Therefore, having implemented JADE-S as an add-on brings the advantage that security can be used as an option, accordingly to the modular nature of JADE. JADE-S makes the platform a multi-user environment, similarly to modern operating systems, where all components, such as agents and containers, are owned by users who are responsible for their actions. Also, a policy can be enforced in order to allow actions only to a restricted subset of users or agents. In the first implementation of JADE-S, a unique Platform Authority, associated with the agent managNicolas Lhuillier is a research engineer in the field of distributed artificial intelligence and multi-agent systems. He holds an engineer diploma from the Ecole Nationale Supérieure des Mines de Nancy, France. He first worked at Alcatel research center in Marcoussis (France) to apply intelligent mobile agents to telecommunication network management for GSG. He then joined Motorola Labs in 2000, where he participated to the development of the internal FIPA-compliant Motorola Agent Platform and was the technical co-ordinator of the LEAP European project (IST-1999-10211) from June 2001 till its completion in June 2002. He is still working on agent middleware, focusing on wireless and constrained devices, and he is one of the founding members of the JADE-Board. Nicolas Lhuillier [email protected] er, is present in each platform with a single private/public key-pair. Since a single authority is present on the platform, this authority is obviously the ultimate source of authorization for accessing resources. While this could be acceptable in certain contexts, this could pose limitations in large systems. Moreover, JADE-S does not address security for mobile devices, such as mobile phones and PDAs. More information about the first version of JADE-S can be found in [1] [2] and [3]. This paper aims at describing some innovative concepts and how they could be integrated into the next versions of JADE-S in order to achieve more distribution and flexibility. Section “Definitions, threats and objectives” analyzes security issues in distributed agent-based systems, and focuses the main security requirements for an agent platform. Section “Distributed authorities and policies: towards JADE-S 2.0” discusses a new approach to distributed management of trust and delegation; in particular it describes concepts derived from SPKI Theory and Trust Management principles. Furthermore, techniques for communication confidentiality and integrity, as well as mechanisms for digital signature and non-repudiation are described. Finally, Section “Conclusion” summarizes the main concepts and advantages of this new approach. DEFINITIONS, THREATS AND OBJECTIVES Abstracting from other details and highlighting the components that can take reciprocal malicious actions, a distributed multi-agent system can be modeled through two different components:ing from other details and highlighting the components that can take reciprocal malicious actions, a distributed multi-agent system can be modeled through two different components: