This document discusses a proposed light-weight authentication system and resource monitoring using a multi-agent system (MAS). It proposes using mobile agents for key distribution and management to authenticate users, which would provide benefits over existing methods like Kerberos that require high computation. The system would use three types of agents: registration agents to issue public/private key pairs, validation agents to authenticate users, and certificate authority agents to issue session keys for secure communication. This distributed MAS approach aims to provide faster authentication with high availability compared to existing centralized approaches. The proposed solution is implemented using the SPADE MAS framework and XMPP protocol.

1. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 2, April 2012
Light wieght Authentication System and resource Monitoirng using MAS
Abhilasha Sharma Rajdeep Singh Jitendra S Rathore
RKDF Institute of Science Tech. RKDF Institute of Science Tech. Technocrats Institute of Tech
Bhopal, India Bhopal, India Bhopal, India
Abstract— Application, resource and Network supervision and Management of network and other resources is a
trust management is a significant issue due to today’s speedily distributed activity by nature follows the widely used client-
development of computer and communication environment server model [1]. The well known developed application
specially in Local Area Network (LAN).Client-server based protocol is Simple Network Management Protocol (SNMP)
network management approach suffer from problems such [4]. Most of the essential functions of network and other
as insufficient scalability, interoperability, reliability, and resources management are well realized in this client-
flexibility, as networks become more geographically server model, and the network entities with limited
distributed [1]. Another big issue is trust management. RSA, computation power follow SNMP’s philosophy of simple
DES and Kerberos is another good methods to achieve
and passive agent structures. However, this approach has
authentication but require but high computation is a big deal
for LAN, another issue is availability. In this paper, we have
several technical confines like scalability, reliability,
proposed a new (novel) light weight approach for resource and performance degradation, and more complicated as well as
trust management using the concept of Multi agent system. networks are expanding and more distributed [5].
Proposed method used the concept of certificate authority (AS Distributed management with authorization is another
of Kerberos) for authenticating the users in LAN or peer to alternate to centralized management. In distributed
peer network. Availability and minimum delay are the key management system there must be authenticate applications
factor of any authentication scheme, in this paper we proposed that concurrently worked as managing as well as managed
a fresh new concept for authenticity and supervision of agents (or hosts to agents). The distributed management
resources. Our Mobile agent based solution will work same as architecture was developed to trim down the centralized
Kerberos with better throughput and with high availability management system computation yoke at the managing
due to distributed and roaming features of MAS system. entity, to reduce and localize the network traffic by
Proposed method provides good solution for trust management decreasing overhead due to polling[6].
as well as supervision for network resource and application. Efficient distributed management architecture must deal
We have used SPADE for development of MAS. with the reliability, flexibility, consistency, and scalability
[7].Managing of public and private keys in a large
Keywords-Authentication, kerberos ,MAS ,Resource organization is a big challenge. Software agents can be an
management, SPADE
adaptive and reactive method for administration and
authenticate users trying to connect to network resources.
I. INTRODUCTION The advantages are that the agents can query multiple
Application, resource and Network supervision is a information sources to select the level of trust to entrust to a
significant issue due to today’s speedily development of user [8].The task of validating legitimate users over
computer and communication environment. Client-server distributed network and services remains a tricky practice
based network management approach suffer from [9].
problems such as insufficient scalability, interoperability, Due to recent advances in web services, Quality of
reliability, and flexibility as networks become more Service (QoS) becomes a key factor [2] to distinguish service
geographically distributed [1]. A framework for an providers. Since current web service and technologies
intelligent Multi Agents System (MAS) architecture is standards are ill with of QoS. Software agents have been
proposed using agents to achieve distributed management. recognized as a promising technology for organizing
The policies that govern the mobile agents’ operation are network and web services. Using FIPA [3] compliant Multi
specified by the management entity. The MAS Agents we were able to propose a Multi Agents based web
architecture diminish the complexity of management service QoS Management Architecture.
(application, resource or network) at the managing entity In this paper we have give the solution of two problems
by entrusting part of the management responsibility to first one is authentication of the users to use network services
the managed network entities. Adding mobility and and second is the supervision and management of network
intelligence to an agent provides many advantages such resources. Our proposed scheme used the core concept of
as extensibility and portability. The intelligence of mobile Multi Agent System (MAS). For developing of agents we
agents helped to make dynamic decisions. have used the Smart Python Based Agent Development
45
All Rights Reserved © 2012 IJARCSEE

2. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 2, April 2012
Environment (SPADE) [10] version 2 on UBUNTU 11.10  Tickets come from the TGS (except the ticket for
environment. the TGS!).
Rest of the paper organized as follow, section 2 give the  Workstations cannot understand tickets; they are
brief overview of basic terminology and background to encrypted using the server key.
understands idea clearly , section 3 insight on related work of  Every ticket has an associated session key.
authentication and resource supervision in distributed
environment, section 4 discuss the proposed method and  Tickets are reusable.
finally section 5 conclude the paper.  Tickets have a finite lifetime.
 Authenticators are only used once (new connection
II. BASIC TERMINOLOGY AND BACKGROUND to a server).
 Authenticators expire fast.
A. Authentication  Server maintains list of authenticators (prevent
Authentication ensures that the identity of particular cannot stolen authenticators).
be ambiguated or misrepresented. In addition, interactions b) Ticket Contents:
between entities maybe anonymous and still require that the
 Client name (user login name)
participants be authenticated; some information about the
 Server name
entity is known and is adequate for interaction [11].
Authentication is the method allows users (sender or  Client Host network address
receiver) of in sequence to validation. If the  Session Key for Client/Server
communications party has not validated each other, there is  Ticket lifetime
no faith in the activities supplied by either party. Lots of  Creation timestamp
research based on Authentication have been used some of Primer designer of Kerberos was Steve Miller and Clifford
them are highly complex and secure methods or a simplest Neuman.
one. The simplest form of authentication is the transmission C. Multi Agent System (MAS)
of a shared password between entities wishing to
authenticate each other. Agent-based computing permits proficient utilization of
Following factor affect the authentication- resources and amortizes communication delay in a
1. What you know – password. distributed environment. In a dynamically and
2. What you have – Smart card or token. heterogeneous environment like the Internet, no
3. What you are – Fingerprint, handprint, retina assumptions can be made about execution environments of
pattern, voice and keystroke pattern etc. agents [11].
Network authentication used authentication protocol like, Agents have many characteristics like [18]; they are social,
digital signature, username/password and smart card. Some mobility and migration. Interested readers will refer Russell
well known authentication protocols are Kerberos, CHAP and Norvig [19] for agent characteristics. Agents
and Microsoft CHAP. communicate with other agents through message passing
Authentication is one of the major concerns of information KQML [20] and FIPA-ACL [21] is two well known
security especially in distributed environments [12]. languages used agents for communication. Agents also
Marcel Waldvogel [13], address the necessity of additional negotiate with other agents this process called”searching for
features for distributed environment: Quality of Service and an agreement” [22]. The function that maps input to an
resource reservation issues [14] [15]. Reliable transmission agent act is called Agent Function or Behavior Agent
of data and concurrency oath is usually measured to be Architecture [19]. Many different multi-agent frameworks
application-specific, if overhead is to be minimal [16], [17]. have been proposed [23], [24], [25], [26], [27].
But currently the prerequisite of confidentiality and D. SPADE
authenticity for group members is still missing. Existing Simply put, SPADE[10] is an agent platform based on the
methods often necessitate human intervention (manual XMPP/Jabber technology. This technology offers by itself
keying is common), or limit the dynamics provided by many features and facilities that ease the construction of
multicasting and required by many applications. MAS, such as an existing communication channel, the
B. Kerberos concepts of users (agents) and servers (platforms) and an
Kerberos is used as an authentication protocol, allows extensible communication protocol based on XML, just like
communication between hosts over non-secure networks. It FIPA-ACL. Many other agent platforms exist, but SPADE
used client-server model. Kerberos used mutual is the first to base its roots on the XMPP [28] technology.
authentication. Client and server identify each other. The SPADE Agent Platform does not require (but strongly
recommends) the operation of agents made with the SPADE
a) Kerberos method perform following steps for Agent Library (see next section). The platform itself uses
authentication- the library to empower its internals, but aside from that, you
 Every service request needs a ticket. can develop your own agents in the programming language
46
All Rights Reserved © 2012 IJARCSEE

3. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 2, April 2012
of your choice and use them with SPADE. The only architecture provides a number of security services with the
requirement those agents must fulfill is to be able to goal of automating the process of user authentication and
communicate through the XMPP protocol [28]. The FIPA- trust management. In particular, the agents handle all
ACL messages will be embedded in XMPP messages. Be password, encryption keys and certificate management [9].
warned, however, that some features of the whole SPADE Our proposed prototype agent architecture offer two
experience may not be available if you do not use the function first one is Light weight solution to the
SPADE Agent Library to build your agents. authentication problem and second objective is monitoring
SPADE is written in the Python programming language. In and supervision of network resource and applications.
order to fully understand and use SPADE, a bit of We are using SPADE [10] as our multi-agent framework, a
knowledge about Python is required. XMPP [28] server is the foundation for our communication
and provide interface to agents. Each area of monitoring
III. RELATED WORK should have one or more agent which will decide what to do
Marcel Waldvogel [29], address the necessity of with the information receive like: communicate to the
additional features for distributed environment: Quality of customer, negotiate with others and check which
Service and resource reservation issues [30] [31]. Reliable information is valid and correct.
transmission of data and concurrency oath is usually The SPADE framework acts as a XMPP server and where
measured to be application-specific, if overhead is to be all agents connect to and are responsible to manage
minimal [32], [33]. But currently the prerequisite of communication through XMPP protocol.
confidentiality and authenticity for group members is still Our proposed method has divided into two sections, first is
missing. Existing methods often necessitate human Authentication of users using MAS and second is
intervention (manual keying is common), or limit the supervision and management of resources.
dynamics provided by multicasting and required by many
applications. A. Authentication
With the rapid growth and development of Computer Our main key agenda for proposed work is its simplicity.
Networks, avail services located from remote places is easy. This is very new concept we are going to proposed in the
Sometimes these services use the personal data of users like field of cryptography. Our first work is, to test on PEER TO
on-line account passwords while doing on-line transactions,
PEER network, then for Internet afterward in wireless
thus need of security become prime importance. To provide
quicker and safe communication services to users, various environment.
authentication protocols which offer both, authorization and In this paper, we will expand the idea from CA (Certificate
authentication and integrity and secrecy of messages have Authority) and KDC of Kerberos with Mobile agent System
been utilized. Authentication protocols are good security (MAS) for doing same (Key exchange for authentication).
mechanism whereby each party is assured its identity to one Key distribution is the major function of cryptography; we
another. One of such well known authentication protocol used the concept of Mobile agent for efficient key
which is commonly used is Kerberos. Kerberos was management. Agents have mobility property that allows an
developed in the Athena Project at the Massachusetts agent to move and migrate from one host to another on a
Institute of Technology (MIT) [1], is a network network. Mobility is the core concept we are using for key
authentication protocol, which allow communication over a management. In traditional cryptography the function of key
non-secure network using secure manner. It is based on distribution was handle by certification authority (CA) in
client/server model and it provides mutual authentication asymmetric and in case of symmetric, KDC (Key
[34]. Distribution Center) was used. Other methods (like DH
Kerberos is the most standard single sign-on protocols. Kerberos) of key distribution requires high computation that
Presently Kerberos is widely used for providing security on slow- downs the CPU performance, as well as there is
networks, but has several potential security vulnerabilities in chances of comprising.
it. One of them its require clock synchronization of In this paper we suggested a new and efficient scheme for
authentication code in network; the attacker breach the wall key management using mobile agent. The key idea behind
using replay attack by amending the host time. Other one is
this scheme, we have designed agents that reside on a host
guessing of password through the password dictionary due to
weak password used by users. Improved Kerberos [35] has and move to network, when any host wants to send message
been improved the shortcomings in the previous Kerberos, then request to CA-Agent that stores public and private key
but replay and password attack still remain. pairs for source and destination. After completing,
registration (for a new arrival host), and validation process
the CA-Agent issues the secret key to that host and he (host)
IV. PROPOSED SOLUTION can able to send data securely.
Our proposed solution is to use a distributed SPADE [10] For this task, we will design 3 types of agents, Reg-Agent
agent-based application to deal with the process of user for registration of users for issuing private and public key.
authentication and supervision of user credentials. The agent Second is Valid-Agent that checks authenticity of a user
47
All Rights Reserved © 2012 IJARCSEE

4. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 2, April 2012
(host) and third agent CA-Agent which issues the session access with high availability due MAS features, our
key for secure communication like SSL. authentication system has light weight because does not
Advantage of this scheme is that, for all type of require high computation.
authentication (Registration, verification and Session), we
make different agent that reduces the computation due to V. CONCLUSION
autonomous and social property of agent, and the In this paper we have proposed a light weight
probability of compromising of an agent (CA-Agent) is less. authentication system especially in peer to peer network
If an agent is destroy or comprising then other agents can using the concept of multi agent system technology. We will
easily identified. This solution also gives high response due implement our scheme using SPADE2 agent tool. It uses the
to mobility of an agent. And security is more because an python and XMPP protocol. Primarily results show the
agent is an intelligent system, that cam clone itself. satisfactory results as compared to Kerberos. Our method
Figure 1 show the internal architecture of Certificate offers fast solution with high availability.
authority agent using SPADE 2. The entire three agents will
be run on SPADE using XMPP protocol. REFERENCES
[1] Hosoon Ku, Gottfried W.R. Luderer and Baranitharan Subbiah “An
Intelligent Mobile Agent Framework for Distributed Network
Management”, Global Telecommunications Conference,
GLOBECOM '97, IEEE, 1997.
[2] Jaleh Shoshtarian Malak, Mehran Mohsenzadeh and Mir Ali Seyyedi
“Multi Agent Based Web Service QoS Management Architecture”,
Proceedings of the 14th International CSI Computer Conference
(CSICC'09),IEEE,2009.
[3] Foundation for Intelligent Physical Agents, http://fipa.org/, 2005.
[Online; accessed 12-July-2011.
[4] J.D. Case, M. Fedor, M.L. Schoffstall and C. Davin: RFC1157
“Simple Network Management protocol (SNMP)”, 1990.
Fig. 1 Proposed Authentication system using SPADE [5] C. Sylvia: “The Future with or without SNMP”, LAN Management
To test the validity and performance of our agent based 1996.
authentication system, we will compare the performance of [6] K. Meyer, M. Erlinger, J. Betser, and C.
Sunshine:“Decentralization Control and Intelligence in Network
our proposed system with Kerberos 5, on ubuntu 11.10 Management”, Proceedings of the 4th International Symposium on
machine. Integrated Network Management, CA May 1995.
[7] M. Post, C. Shen and J. Wei “The Manager/Agent Paradigm for
B. Management and supervision of Resources using MAS Distributed Network Management” IEEE Network Operations and
Developing a MAS application means follow the standards. Management Symposium, Japan, April, 1996.
The SPADE platform was developed in Python language, is [8] Ghanea-Hercock, R. “An agent-based user-authentication system”,
Intelligent Systems, IEEE, 2003.
FIPA compliant and offers to developers a simple API
[9] Ghanea-Hercock, R “Authentication with P2P Agents”, BT
which can be used to communicate, create conferences Technology Journal, Springer Netherlands, 2003.
between agents and even bring out services on a Directory [10] SPADE tool, http://code.google.com/p/spade2/
Facilitator (DF). SPADE agents have behaviors like [11] Chandra Krintz “Security in Agent-based Computing environments
Periodic, Time Out, Event, Finite State Machine, One Shot Using Existing Tools: A Survey”, cite seer, 1998.
and Cyclic by extending default classes to your needs. [12] Punit Mundra, Shobhit Shukla, Madhavi Sharma, Radhika M Pai and
Following services and supervision performed by our MAS Sanjay Singh “Modeling and Verification of Kerberos Protocol using
based system- Symbolic Model Verifier”, IEEE, International Conference on
Communication Systems and Network Technologies,2011.
[13] Marcel Waldvogel, Germano Caronni, Dan Sun, Nathalie Weiler and
a) Request a service Bernhard Plattner “The VersaKey Framework: Versatile Group Key
Management”, IEEE Journal on Selected Areas In Communications,
b) Calculate response-time Vol. 17, No. 9, August 1999.
c) Send messages [14] R. Braden, D. Clark, and S. Shenker, “RSVP: A new resource
reservation protocol,” IEEE Network, September 1993.
d) Register the information
[15] W. Feng, D. Kandlur, D. Saha, and K. Shin, “Adaptive packet
e) Communicate with its superiors (managers) marking for providing differentiated services in the internet,” in
Proceedings of ICNP-98, October 1998.
f) Check the log (being serviced used by users) [16] Steve McCanne, “A distributed whiteboard for network
Our proposed method provides the solution to network conferencing,” http://http.cs.Berkeley.edu/
management with maintaining authenticity for peer to peer ˜mccanne/unpublished.html, 1992.
and distributed environment using the concept of agent [17] M. Handley and J. Crowcroft, “Network text editor (NTE): A scalable
shared text editor for the MBone,” in Proceedings of ACM
system. Our methods requires less computation and fast SIGCOMM ’97, September 1997, pp. 197–208.
48
All Rights Reserved © 2012 IJARCSEE

5. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 2, April 2012
[18] Khan, A.Basit and Mihhail Matskin “AGORA Framework for Service [27] A.H. Sung S. Mukkamala and A. Abraham “Hybrid multi-agent
Discovery and Resource Allocation”, IEEE, Fifth International framework for detection of stealthy probes”, Applied Soft Computing
Conference on Internet and Web Applications and Services, 2010. Journal, 7(3):631–641, 2007.
[19] S.J. Russell and P. Norvig “Artificial intelligence: a modern [28] XMPP Protocol, http://xmpp.org/xmpp-protocols/protocol-
approach”, Prentice-Hall, Inc. Upper Saddle River, NJ, USA, 1995. namespaces/
[20] T. Finin, R. Fritzson, D. McKay, and R. McEntire. Kqml as an agent [29] Marcel Waldvogel, Germano Caronni, Dan Sun, Nathalie Weiler and
communication language. Proceedings of the third international Bernhard Plattner “The VersaKey Framework: Versatile Group Key
conference on Information and knowledge management, pages 456– Management”, IEEE Journal on Selected Areas In Communications,
463, 1994. Vol. 17, No. 9, August 1999.
[21] FIPA TC Communication. Fipa acl message structure specification. [30] R. Braden, D. Clark, and S. Shenker, “RSVP: A new resource
FOUNDATION FOR INTELLIGENT PHYSICAL AGENTS reservation protocol,” IEEE Network, September 1993.
retriever from http://fipa.org/repository/standardspecs.html on 01-12- [31] W. Feng, D. Kandlur, D. Saha, and K. Shin, “Adaptive packet
2009, 2003. marking for providing differentiated services in the internet,” in
[22] E. Oliveira and A.P.Rocha “Agents advanced features for negotiation Proceedings of ICNP-98, October 1998.
in electronic commerce and virtual organisations formation process”, [32] Steve McCanne, “A distributed whiteboard for network
Agent Mediated Electronic Commerce: The European Agentlink conferencing,” http://http.cs.Berkeley.edu/
Perspective, 2001. ˜mccanne/unpublished.html, 1992.
[23] Y. Luo D. Davis and K. Liu. “A multi-agent framework for stock [33] M. Handley and J. Crowcroft, “Network text editor (NTE): A scalable
trading”,School of Computing, Staffordshire University, Stafford shared text editor for the MBone,” in Proceedings of ACM
ST18 0DG, UK, Department of Computer Science, University of SIGCOMM ’97, September 1997, pp. 197–208.
Hull, HU6 7RX, UK ,2000.
[34] Punit Mundra, Shobhit Shukla, Madhavi Sharma, Radhika M Pai and
[24] B. Mobasher J. Collins, M.Tsvetovat and M. Gini. Magnet “A multi- Sanjay Singh “Modeling and Verification of Kerberos Protocol using
agent contracting system for plan execution”, In Proc. of SIGMAN, Symbolic Model Verifier”, IEEE, International Conference on
pages 63–68, 1998. Communication Systems and Network Technologies,2011.
[25] A. Pannu K. Sycara, K. Decker. Distributed intelligent agents. 1996. [35] Ghanea-Hercock, R. “An agent-based user-authentication system”,
[26] K. SYCARA S. DECKER “Intelligent adaptive information agents”, Intelligent Systems, IEEE, 2003.
Journal of Intelligent Information Systems, Volume 9:239–260,
November 1997.
49
All Rights Reserved © 2012 IJARCSEE