Multitiered Dynamic Threshold-Based Mobile Agents Secure Migration Using Lagrange Polynomial and Chinese Remainder Theorem

Abstract

A mobile agent is a software process that works repeatedly on the behalf of its owner. Mobile agents are an emerging computing area that replaces client–server computing model. Mobile agent processes different types of activities during its life cycle and executes code on another non-trusted host computer in a malicious heterogeneous environment. Because of the intelligence of mobile agents, they are being used in many applications like E-commerce, parallel computing, network management, etc. Providing protection for mobile agents is one of the prime issues in the broadening of mobile agent computing. Mobile agent technology faces security issues from mobile agents and platform sides. This article proposed a multilevel secure key management among mobile agents and platforms with a changeable threshold for different levels. The proposed approach is based on the Shamir secret share and Chinese remainder theorem. The novelty of this work is dynamical changing threshold value ‘t’ provides higher security as compared to the traditional approach.

1 Introduction

Mobile Agents are the composition of small programs and may keep on migrating as a unique independent unit from one platform to another. Mobile agents can execute on a remote platform and suspend its execution, migrate to another platform, and continue its execution on another platform. Because of the self-driven mobility of mobile agents through the distributed network, mobile agents may face malicious agents and platforms. Figure 1 shows the execution of mobile agents on other mobile hosts.

Fig. 1

Agent system model NIST

There are many applications in which distrusted information retrieval require mobile agent are using frequently. Mobile agent technology is useful in distributing computing because mobile agent takes less bandwidth and low latency and works automatically as compared to traditional computing.

Mobile agents migrate in a non-trusted heterogeneous environment from one hop to another hop automatically to perform the job assigned to them. Vulnerability to security can access important information by an unauthorized entity. Attacks on mobile agents are categorized into four main parts; the first Agent against platform, the second Platform against agent, the third Agent against agent, and the fourth other to both agent and platform.

The complete structure of the article is as follows. Sections 2 and 3 have been describing mainly about the agent-based frameworks and problem statement. In Sect. 4, the proposed approach has been given along with preliminaries. The performance evaluation of our approach along with implementation has been discussed in Sect. 5, and in Sect. 6, conclusions have been highlighted with future work.

2 Related Works

The major types of security risks include information disclosure, denial of service, and information corruption. These types of threats can be examined in greater depth as they pertain to the agent architecture in a variety of ways. Mobile agents simply provide more opportunities for exploitation and misuse, dramatically expanding the scope of threats.

Meng et al. [1] designed a tightly coupled multi-group secret sharing scheme to provide flexibility at the time of regeneration of secret keys. If sufficient number of participants collaborates recover the confidential key. Jia et al. [2] based on the Chinese remainder theorem proposed a novel threshold changeable secret share (TCSS) model (CRT). The TCSS technique uses a small share size and best time complexity as compared to other techniques. Yan et al. [3] designed using the Chinese remainder theorem, and the author created a lossless generic access structure for private picture sharing.

Li et al. [4] designed a multi-secret sharing decentralized technique based on multi-target MSP. Muhil et al. [5] presented a cloud security mechanism based on the Shamir secret sharing. Liu et al. [6] presented a model, for the security of packet and session key. Using quantum key distribution and otp algorithm provide unconditional data security. Takahashi et al. [7] The ramp technique was used to create a revolutionary secret sharing scheme. In this scheme, many participants can independently regenerate secret. Narad et al. [8] built a Shamir and artificial Neural Network with backpropagation-based group authentication secret sharing scheme. Many-to-many authentication is established by a given approach. Abdallah et al. [9] analyze the sharing techniques Shamir’s sharing scheme, Rabin's IDA, and hybrid sharing. Basit et al. [10] Using polynomials and a one-way function, a Hierarchical Multi-stage Key Sharing Scheme was devised. Strong security is provided by a one-way function, a threshold value, and a hierarchical structure. Yuan et al. [11] On the basis of a one-way function, a variable threshold secret sharing technique was presented.

Phiri et al. [12] Based on Shamir's scheme, the Elgamal algorithm proposed a new (t, n) threshold secret key sharing mechanism called the Polynomial Based Linear Scheme (PBLS). Shehada et al. [13] For real-time applications, a new broadcast-based Secure Mobile Agent Protocol was proposed. Higher security is provided by the proposed mobile agent architecture, which employs a combination of private and public cryptography schemes. Fragkakis et al. [14] produced a comparison of mobile agent security among different protocols. On the basis of comparison, mobile agent security faces a lack of security trust and models. Adri et al. [15] proposed a trust score-based itinerary planning algorithm for decision-making for authentication of mobile agents and platforms. Trust ability is based on the coefficient of variance. Trust score is calculated by five parameters; persistence, competence, reputation, credibility, and integrity. Srivastava et al. [16] proposed an algorithm to provide self-protection of the mobile agent in such a way it can assure confidentiality and authentication at the time of execution in a malicious environment. Raji et al. [17] proposed a new algorithm to provide anonymity of both mobile agent owner and the itinerary. The proposed algorithm is more advantageous compared to the previous algorithm.

Chen et al. [18] Using Euler's theorem and modular arithmetic, we proposed a secret sharing mechanism for n users with a threshold value. The proposed secret sharing scheme has a linear time complexity.

3 Problem Statement

According to the research on protecting migrating agents, there are a variety of ways for providing security for migrating agents, but none of them currently provide an overall framework that incorporates compatible techniques into an effective security model. The old host security mindset prevails, and protection mechanisms inside the mobile agent paradigm continue to prioritize safeguarding the agent platform. However, the focus is gradually shifting toward developing solutions aimed at migrating (mobile) agent security, which is a considerably more complex problem.

Mobile agent-based framework uses the recourses of different hosts for the execution of code. Because mobile agents freely move in a heterogeneous environment, this is the main reason mobile agent opens for attack. So, there is a requirement to design such a framework that solves the security problem of the mobile agent as well as the platform.

The problem to design a mechanism is a challenging task because of the autonomy and mobility of mobile agent. A new scheme is proposed here for the security of mobile agent and platform based on multilevel key management and dynamic threshold value. The mobile agent and platform require a dynamic threshold value for different levels of authentication. A strategy based on the Lagrange polynomial and the Chinese remainder theorem is proposed for secure mobile agent migration. Multilevel secret keys for the execution and authentication of mobile agent migration have been generated. At the first level, the Secret is divided into ‘n’ partial shares based on the Lagrange interpolation, and at the second level, each partial share generated at the first level is further divided into m parts using CRT. Dynamic threshold value is also used at each level.

4 Proposed Solution

In a mobile agent system, a multitier dynamic threshold offers the core security requirements against many types of threats. The proposed multilevel architecture based on the Shamir secret share and Chinese remainder theorem provides the security at multilevel with a dynamic threshold value.

4.1 Preliminaries

4.1.1 Shamir’s Secret Sharing

In 1979, Shamir presented a secret share method based on a threshold. Secret keys are splits into ‘n’ partial shares with threshold ‘t’. At the time of regeneration, if ‘t’ number of authentic participants is involved then generate a secret key. According to the Shamir share, consider ‘t’ real number \(\beta 0, \, \beta {1}, \, \beta {2}, \ldots \beta {\text{k}} - {1} \in {\text{GF }}\left( {\text{p}} \right)\)

$${\text{F}}\left( {\text{x}} \right) = \left( {\beta 0 + \sum\limits_{i = 1}^{k - 1} {\beta_{{\text{i}}} {\text{x}}^{{\text{i}}} } } \right)\bmod {\text{p}}$$

(1)

\({\text{F}}\left( 0 \right) = \, \beta 0 =\) session key and ‘p’ is a large prime number and \(\beta {1}, \, \beta {2} \ldots ,{\text{ and }}\beta {\text{k}} - {1}\) are randomly chosen real numbers from Z/PZ. At the receiver side, select ‘t’ randomly share out of ‘n’ partial share and generate the Lagrange polynomial.

$${\text{F}}\left( {\text{x}} \right) = \sum\limits_{{{\text{i}} = 1}}^{{\text{k}}} {\Upsilon_{{\text{i}}} \prod\limits_{1 \le j \le k,j \ne 1} {\frac{{\chi - \chi_{{\text{i}}} }}{{\chi_{{\text{i}}} - \chi_{{\text{j}}} }}} }$$

(2)

Since \({\text{f }}\left( 0 \right) \, = \, \beta 0 \, = {\text{ S}}\), the secret key evaluates using

$${\text{Secret}}\,{\text{key}}\left( {\text{S}} \right) = \sum\limits_{i = 1}^{k} {P_{i} \Upsilon_{i} }$$

(3)

where

$$P_{i} = \prod\limits_{1 \le j \le k,j \ne i} {\frac{{\chi_{j} }}{{\chi_{j} - \chi_{i} }}}$$

(4)

Secret share is generated by using ‘t’ partial share by using \({\text{F }}\left( 0 \right) \, = \, \beta 0{\text{modp}}\).

4.1.2 Chinese Remainder Theorem

Consider the co-prime integer \({\text{p1}},{\text{ p2}},{\text{ p3 }}, \, \ldots {\text{pn}}\) and \(\alpha { 1}, \, \alpha { 2}, \, \alpha { 3 } \ldots \alpha {\text{n}}\) random integer ‘x’ system of a simultaneous congruence relation

$$\begin{array}{*{20}c} {{\text{x}} \equiv \alpha 1\left( {\bmod {\text{p}}1} \right)} \\ {{\text{x}} \equiv \alpha 2\left( {\bmod {\text{p}}2} \right)} \\ \ldots \\ {{\text{x}} \equiv \alpha n\left( {\bmod {\text{pn}}} \right)} \\ \end{array}$$

(5)

has a unique solution modulo.

\({\text{p1}},{\text{p2}}, \, \ldots {\text{ pn}}\), for any given integers \(\alpha { 1}, \, \alpha { 2 }, \ldots \alpha {\text{n}}\).

$$\begin{gathered} {\text{P}} = {\text{p}} * {\text{p}}2 * \ldots * {\text{pn}} \hfill \\ {\text{x}} \equiv \alpha 1{\text{P}}1{\text{c}}1 + \alpha 2{\text{P}}2{\text{c}}2 + \cdots + \alpha {\text{nPncn}}\left( {\bmod {\text{p}}} \right) \hfill \\ \end{gathered}$$

(6)

where \({\text{Pi}} = {{\text{P}} \mathord{\left/ {\vphantom {{\text{P}} {{\text{ni}}}}} \right. \kern-\nulldelimiterspace} {{\text{ni}}}}\) and \({\text{ci}} \equiv {\text{Pi}} - 1\left( {\bmod {\text{pi}}} \right)\).

4.1.3 Mignotte's Sequence

Let us consider ‘n’ positive integer, be \({\text{n }} \ge { 2}\), and \({2 } \le {\text{ t }} \le {\text{ n}}\). The consecutive numbers are pairwise co-prime such that it satisfies the condition on n integers

$$\prod\limits_{i = 0}^{t - 2} {Pn - i} < \prod\limits_{i = 1}^{t} {Pi}$$

(7)

4.2 Proposed Model

Here, a multilevel dynamic variance threshold technique for mobile agent is proposed to provide the security of secret share among participants. This model shown in Fig. 2 works as a two-level hierarchy; in the first level of hierarchy, the platform breaks the secret key among the n mobile agents using the Lagrange interpolation with modular arithmetic with a dynamic threshold value. At the second level, each mobile agent has a partial share generated by first level; further, this partial share is split into ‘m’ shares using the Chinese remainder theorem dynamic threshold value. This model provides a higher level of security against the attacker by confusion and diffusion.

Fig. 2

Multitier dynamic threshold-based mobile agents secure migration

Now considering the following example.

Level 1: At level 1, using the Shamir secret sharing based on the Lagrange interpolation, now user considers secret key 25 which is randomly selected by a random number generator.

After applying the Lagrange interpolation number of user n = 3 and threshold at level 1 is t = 3. Generate 3 partial shares (3, 43), (9, 79), and (2, 37).

Level 2: At level 2, each partial share generated by the Shamir secret further divide into m parts here m = 6 for (3,43) and t₁ = 3 at each level applying Chinese remainder theorem with variable threshold for each transition.

m = 6 for (3, 43) and t_1 =3 (y₁: 102, m₁: 149), (y₂: 22, m₂: 151), (y₃: 127, m₃: 157), (y₄: 116, m₄: 163), (y₅: 103, m₅: 167), and (y₆: 160, m₆: 173).

m₀: 47, m₌6 for (9, 79) and t_2 =2 (y₁: 89, m₁: 251), (y₂: 135, m₂: 257), (y₃: 205, m₃: 263), (y₄: 30, m₄: 269), (y₅: 155, m₅: 271), and (y₆: 0, m₆: 277).

m0: 83, m = 6 for (2, 37) and t_3 =4, (y₁: 33, m₁: 127), (y₂: 122, m₂: 131), (y₃: 44, m₃: 137), (y₄: 114, m₄: 139), (y₅: 141, m₅: 149), and (y₆: 32, m₆: 151).

m0: 41.

Mobile agent migrating automatically in a malicious environment when mobile agent reaches another platform generates partial secret keys by applying inverse Chinese remainder theorem with a respective threshold value. If the sufficient number of shares is not available at the time of the regeneration phase, it cannot generate partial secret keys.

Xi = y_{i *}mod*p_i t ≤ i.

t₁ = 3 for generate secret share required 3 authenticate share out of 6 shares.

s = 102mod 149, s = 22mod151, and s = 127mod157, m₀ = 47.

Applying CRT s mod m₀ = 43.

t₂ = 2 for generate secret share required 2 authenticate share out of 6 shares.

s = 89mod 251 and s = 135 mod257 m0 = 83.

Applying CRT s mod m₀ = 79.

t₃ = 4 for generate secret share required 4 authenticate share out of 6 shares.

s = 33mod 127, s = 122mod131, s = 44mod137, and s = 141mod151 m₀ = 41.

Applying CRT s mod m₀ = 37.

After getting these partial shares, applying the Shamir secret share to generate a secret key, we require 2 shares out of 3 shares because the threshold value in the Shamir secret share initially considered t = 2. Generated secret share is 25.

5 Implementation and Results

Based on Shamir's secret share and the Chinese remainder theorem, a framework is proposed with two levels of security; at level one generates ‘n’ partial share using the Shamir secret share, and each partial share generated at level two is further divided into ‘m’ parts. Table 1 presents response time of security/authentication of Reputation-based Model, Trust Scoring System, Trust Ranking System, and Multilevel security. From the results, it has been observed that the response time of the multilevel model is far better than among the Reputation-based Model and Trust Scoring System, but has a slightly high response time as compared to Trust Ranking System. In this framework, at the first level secret, if divided into ‘n’ share, and each ‘n’ share is further divided into ‘m’ share for security point of view. In the proposed model at level 1, ‘n’ number of shares are created on the basis of the Lagrange interpolation, out of n secret required ‘t1’ share to regenerate the secret share at level 1. We are using different thresholds at different levels. If less than ‘t1’ share wants to construct secret shareholder can’t generate. At the second level, we are using different thresholds for each share. Security of this mechanism is based on the Lagrange interpolation and Chinese remainder theorem. Experimental results are shown in Table 1 and graph Fig. 3. It was observed that the response time of the proposed model is much better than the other two models.

Table 1 Comparison of response time among Reputation-Based Model (TBM), Trust Scoring System (TSS), Trust Ranking System (TRS), and Multilevel security model

Fig. 3

Number of mobile agents versus response time

6 Conclusion and Future Scope

Security of mobile agent during migration in a non-trusted environment is still a major issue. In this article, design a multilayer framework by fusion of the Shamir secret share and Chinese remainder theorem to authenticate mobile agent at different levels. The dynamic threshold value, a combination of the Shamir and CRT, provides high-level security. This model helps to identify the unauthorized group of shareholders at a double level with a dynamic threshold value. Agent authentication is an important aspect in terms of security. The proposed model for agent migration increases the security of key as well as optimized key scheme. It focused on improving secure mobile agent migration in an open environment. In future work, such types of models will be designed that identify malicious agents from the set of agents. This would help to avoid the unwanted computation for authentication.