International Journal of

Security (IJS)

Volume 3, Issue 6, 2010

Edited By
Computer Science Journals
www.cscjournals.org
Editor in Chief Dr. Wei Wang

International Journal of Security (IJS)

Book: 2010 Volume 3, Issue 6
Publishing Date: 31-01-2010
Proceedings
ISSN (Online): 1985-2320

This work is subjected to copyright. All rights are reserved whether the whole or
part of the material is concerned, specifically the rights of translation, reprinting,
re-use of illusions, recitation, broadcasting, reproduction on microfilms or in any
other way, and storage in data banks. Duplication of this publication of parts
thereof is permitted only under the provision of the copyright law 1965, in its
current version, and permission of use must always be obtained from CSC
Publishers. Violations are liable to prosecution under the copyright law.

IJS Journal is a part of CSC Publishers

http://www.cscjournals.org

©IJS Journal
Published in Malaysia

Typesetting: Camera-ready by author, data conversation by CSC Publishing

Services – CSC Journals, Malaysia

CSC Publishers
 Editorial Preface

This is the sixth issue of volume three of The International Journal of Security
(IJS). The Journal is published bi-monthly, with papers being peer reviewed
to high international standards. The International Journal of Security is not
limited to a specific aspect of Security Science but it is devoted to the
publication of high quality papers on all division of computer security in
general. IJS intends to disseminate knowledge in the various disciplines of
the computer security field from theoretical, practical and analytical research
to physical implications and theoretical or quantitative discussion intended
for academic and industrial progress. In order to position IJS as one of the
good journal on Security Science, a group of highly valuable scholars are
serving on the editorial board. The International Editorial Board ensures that
significant developments in computer security from around the world are
reflected in the Journal. Some important topics covers by journal are Access
control and audit, Anonymity and pseudonym, Computer forensics, Denial of
service, Network forensics etc.

The coverage of the journal includes all new theoretical and experimental
findings in the fields of computer security which enhance the knowledge of
scientist, industrials, researchers and all those persons who are coupled with
computer security field. IJS objective is to publish articles that are not only
technically proficient but also contains information and ideas of fresh interest
for International readership. IJS aims to handle submissions courteously and
promptly. IJS objectives are to promote and extend the use of all methods in
the principal disciplines of computer security.

IJS editors understand that how much it is important for authors and
researchers to have their work published with a minimum delay after
submission of their papers. They also strongly believe that the direct
communication between the editors and authors are important for the
welfare, quality and wellbeing of the Journal and its readers. Therefore, all
activities from paper submission to paper publication are controlled through
electronic systems that include electronic submission, editorial panel and
review system that ensures rapid decision with least delays in the publication
processes.

To build its international reputation, we are disseminating the publication

information through Google Books, Google Scholar, Directory of Open Access
Journals (DOAJ), Open J Gate, ScientificCommons, Docstoc and many more.
Our International Editors are working on establishing ISI listing and a good
impact factor for IJS. We would like to remind you that the success of our
journal depends directly on the number of quality articles submitted for
review. Accordingly, we would like to request your participation by
submitting quality manuscripts for review and encouraging your colleagues to
submit quality manuscripts for review. One of the great benefits we can
provide to our prospective authors is the mentoring nature of our review
process. IJS provides authors with high quality, helpful reviews that are
shaped to assist authors in improving their manuscripts.

Editorial Board Members

International Journal of Security (IJS)
 Editorial Board

Editor-in-Chief (EiC)
Dr. Wei Wang
Norwegian University of Science and Technology (NTNU)(Norway)

Associate Editors (AEiCs)

Dr.Elena Irina Neaga
Loughborough University (United Kindom)

Editorial Board Members (EBMs)

Dr. Jianguo Ding
University of Science and Technology (Norway)
Dr.Lei Chen
Sam Houston State University (United States America)
Dr. Zhen Zhu
Johnson Controls, Inc (United State of America)
 Table of Contents

Volume 3, Issue 6, January 2010.

Pages
1 - 10 A Secure Communication Model for Voting Application Using
Multiple Mobile Agents
Dattatraya Adane, Shailesh Sathe

International Journal of Security (IJS) , Volume (3) : Issue (6 )

D.S.Adane & S.R.Sathe

A Secure Communication Model for Voting Application Using

Multiple Mobile Agents
D.S.Adane dattaadane@yahoo.com
Department of Information Technology,
Shri Ramdeobaba Kamla Nehru Engineering College,
Nagpur, INDIA.

S.R.Sathe srsathe@yahoo.com
Computer Science and Engineering Department,
Visvesvaraya National Institute of Technology,
Nagpur, INDIA.

Abstract

Communicating with confidential data requires special attention in a Mobile

Agents environment, especially when the other hosts must be prevented from
eavesdropping the communication. We propose a communication model for
secured communication between the agents belonging to different entities for a
web based application like voting involving multiple agents. We have used
BRAHMS agent modeling, simulation and execution environment for the
purpose. Data confidentiality is ensured using our on the fly Encryption-
Decryption sequence using ElGamal system. We also explain how the
homomorphic property of ElGamal scheme can be integrated with our model.
Our minimal simulation results using BRAHMS give a faithful picture of the state
of the agents as they move around the different servers and exchange data with
other agents.

Keywords: Mobile Agents, ElGamal, Confidentiality.

1. INTRODUCTION

Mobile agents are programs that can migrate from host to host in a network, at times and
to places of their own choice. The state of the running program is saved, transported to the new
host, and re- stored, allowing the program to continue where it left off. Mobile-agent systems
differ from process migration systems in that the agents move when they choose, typically
through a “jump” or “go” statement, whereas in a process-migration system the system decides
when and where to move the running process (typically to balance CPU load). Mobile agents
differ from “applets”, which are programs downloaded as the result of a user action and executed
from beginning to end on one host. Mobile agents are an effective choice for many applications,
for several reasons [1], including improvements in latency and bandwidth of client-server
applications and reducing vulnerability to network disconnection.

Mobile agents can travel to different hosts and it is often not known beforehand where the
agent will migrate to. When located at an agent platform, the agent may need to communicate
with other agents. The problem of confidential communication between agents is addressed in
this paper with respect to a typical agent model of working. In this model, confidential
communication is especially difficult to achieve as the agent platform cannot be considered as
trustworthy. Privacy during communication can be seen as preventing a third party from being

International Journal of Security (IJS), volume (3): Issue (6) 1

D.S.Adane & S.R.Sathe

able to eavesdrop on the communication. In the agent model, this includes the agent platform.
Many solutions have been proposed on protecting mobile software agents against untrustworthy
hosts by providing confidentiality. The proposed solutions can be divided into two categories,
either they protect the data the agent owns or collects, or they provide a solution towards the
protection of the agent’s code. Data protection is, for example, necessary when the agent collects
data during the execution of its task, as this data should only be accessible to authorized entities.
In [2], Karjoth et al. define a number of security properties that define the protection of data
collected by an agent against an attacker. The collected data exists of a chain of encapsulated
small pieces of data and these security properties can be among others: data confidentiality,
forward privacy, forward integrity, or non-repudiability. A number of solutions have been proposed
that offer (a subset of) these properties, see [2], [3], [4], [5]. These solutions are based on public
key encryption, digital signatures, and hash chaining. In [6], flaws in some of these protocols are
identified. The second part of protection of mobile agents against untrustworthy hosts is
protection of the code itself. Protection of the code means providing the code with security
properties such as integrity and confidentiality. When an agent’s code is executed, there should
be a guarantee that the code is executed correctly. Tools like cryptographic traces [10] and proofs
of correctness [4], [11] have been proposed. These solutions are generalized in [12] by using the
concept of reference states. Confidentiality of code can be achieved by using tools as code
obfuscation [13]. Although in theory this is impossible [14], it may provide an adequate level of
protection for a limited amount of time. Furthermore, function hiding provides a cryptographic way
to achieve confidentiality for agent’s code [15], [16], [17].

These solutions provide various levels of protection to an agent against a malicious host,
but the subject of secure communication is not addressed. Tools like protection of computation
results or function hiding can be used to prevent the malicious host from accessing the agent’s
content or actions. However, when the communication between agents is not protected against
the host, the host may still be capable of obtaining relevant information about the agent.

1.1 Problem Statement

Within the context of the agent privacy model, the problem is defined as providing a
confidential communication between agents, where the confidential data to be communicated is
stored securely in the agent. Beforehand it is not known with whom the agent will communicate.
Confidential communication means that at all time, no third parties can eavesdrop successfully on
the communication, not even the agent platform. The condition that confidential data is stored
securely in the agent is added, because if that is not the case, the agent platform is capable of
reading data even before communication starts and securing the communication would then be
an empty gesture. The condition is added explicitly to the problem statement as it is the starting
position of the problem and will be of great importance to the validity of proposed solutions.
Confidential data that is stored in a software agent is usually protected by means of encryption.
Taking the untrustworthy host into account requires ensuring that at no point in time the data is
available to the host in clear text. Note that within the agent privacy model, it is assumed that
hosts do not conspire. Two solutions are given here that demonstrate the complexity of the
problem.

A first naive approach is having the agent send the stored encrypted data directly to the
communicating partner, and having it transfer in some way the key. The advantage is that at no
time during communication the data appears in clear text. However, each piece of data must be
encrypted separately to avoid one communicating partner from having access to more data than
he is entitled to. Encrypting each block of data separately is very inefficient and impractical, as it
is necessary to transmit a key for each piece of data. The key must be transmitted in a secure
manner, which means that the problem has shifted from protecting the data to a key exchange
problem where many keys (one for each type of data) must be transmitted confidentially. A
simpler solution would be encrypting the data during the setup of the agent using the
communicating partner’s key. However, as in advance it is not known with whom the agent will

International Journal of Security (IJS), volume (3): Issue (6) 2

D.S.Adane & S.R.Sathe

communicate, this is not possible. Obviously, this approach to provide confidentiality during
communication is not practical.

In the second approach, each piece of data is encrypted only once to keep the agent as
small as possible in terms of stored data, and at the moment of communication the data is to be
transformed such that only the receiving party is able to decrypt the message. Here, we describe
this approach for the case where all encryptions are done using a public key algorithm. A similar
solution can be described for a symmetric algorithm. The public key of the agent is used to
encrypt the information, and its private key is used to decrypt it. Figure 1 shows the procedure for
encrypting information for storage in the agent and making the data ready to be sent to the
communicating partner. The first step is to encrypt the data that must be kept confidential using
the agent’s public key pk1: Epk1(data). This operation can be performed at the user’s computer
and the result can then be stored in the agent. The moment the agent needs to send this
confidential data to another party, it decrypts the data using its private key sk1. The result of this
operation is plaintext data. Then the data is again encrypted, but this time using the
communicating partner’s public key pk2: Epk2(data). This may also be a session key. At this point
the data is ready to be sent to the communicating partner and this entity can decrypt the data,
because he has access to his private key (this last step is not shown in Figure 1).

FIGURE 1: Conventional way of providing confidentiality in communication

The advantage of this second approach is that it is very simple and efficient. All the data
to be stored is encrypted with the same key, and only when needed it is transformed into an
encryption with the appropriate key. It is also an advantage that beforehand it is not known to
whom the agent will talk, because the encryption for the communicating partner occurs at the
time of communication. A third advantage is that no complex key management scheme needs to
be used, because at the moment the data is encrypted to be stored in the agent, only the agent’s
public key is used. Only the moment of data exchange with other parties it is necessary to obtain
the communicating partner’s key. This solution would be sufficient and adequate in a scenario
where the agent is in a trusted environment and where confidentiality is not a priority, but this is
not the case in the agent model. During the transformation from encryption with the agent’s key to
encryption with the communicating partner’s key, the plaintext data is available to the host.
Obviously, this situation should not occur. A second problem is that not only the data is readable
to the host and possibly to other parties at a certain moment, but also the private key of the agent
is accessible to the host during the decryption process. Consequently, the host has access to all
encrypted data stored in the agent. Concluding, this is only an adequate solution to provide
confidential communication in a fully trusted environment.

Our goal is to propose a communication model using mobile agents, with basic data
confidentiality within the model being implemented using one of the existing security solutions, so
as to provide a foundation for secure application development. BRAHMS [7] provides an ideal
way to model and simulate agent behavior. BRAHMS is centered on the concept of “agents.”
Agents’ behaviors are organized into activities, inherited from groups to which agents belong.
Most importantly, activities locate behaviors of people and their tools in time and space, such that
resource availability and informal human participation can be taken into account. A model of
activities doesn’t necessarily describe the intricate details of reasoning or calculation, but instead
captures aspects of the social-physical context in which reasoning occurs. Thus Brahms differs
from other multi-agent systems by incorporating chronological activities of multiple agents,

International Journal of Security (IJS), volume (3): Issue (6) 3

D.S.Adane & S.R.Sathe

conversations, as well as descriptions of how information is represented, transformed,

reinterpreted in various physical modalities [8].

The paper is organized as different sections. In section 2 we first briefly introduce the
BRAHMS agent simulation and modeling environment. Then we discuss our security scheme for
providing data confidentiality in section 3. Thereafter, we describe our communication model and
show our simulation results using BRAHMS in section 4 which is followed by conclusion.

2. THE BRAHMS ENVIRONMENT

Brahms [8] can model and simulate work practices. Brahms models are written in the
agent-oriented language. The run-time component - the simulation engine - can execute a
Brahms model, also referred to as a simulation run. A Brahms model can be used to simulate
human-machine systems for what-if experiments, for training, for “user models,” or for driving
intelligent assistants and robots. Brahms is different from task and functional analysis. A
traditional task or functional analysis of work leaves out the logistics, especially how
environmental conditions come to be detected and how problems are resolved. Without
consideration of these factors, it is not possible to accurately model how work and information
actually flows, or to properly design software agents that help automate human tasks or interact
with people as their collaborators. What is wanted is, a model that includes aspects of reasoning
found in an information-processing model, plus aspects of geography, agent movement, and
physical changes to the environment found in a multi-agent simulation. A model of “work practice”
focuses on informal, circumstantial, and located behaviors by which synchronization occurs, such
that the task contributions of humans and machines flow together to accomplish goals. Brahms
makes this kind of models possible. Brahms relates knowledge-based models of cognition (e.g.,
task models) with discrete simulations and the behavior-based subsumption architecture.

Brahms models are written in an agent-oriented language that has a well-defined syntax
and semantics. The Brahms language is a “parsed” language: you write the code and then the
parser generates an internal object representation for the “run-time” component. Using this
language, a Brahms modeler can create Brahms models. The run-time component - the
simulation engine - can execute a Brahms model, also referred to as a simulation.
The Brahms language is structured around the following concepts:
• Agents and Groups
• Objects and Classes
• Beliefs and Facts
• Workframes
• Activities
• Thoughtframes
• Geography
The concepts can be related to one another in the following way:
Groups contain agents which are located and have beliefs that lead them to engage in activities
that are specified by workframes which consists of preconditions of beliefs that lead to actions,
consisting of communication actions, movement actions, primitive actions, other composite
activities, consequences of new beliefs and world facts thoughtframes that consist of
preconditions and consequences.

3. DATA CONFIDENTIALITY USING ELGAMAL SCHEME

In this section we briefly describe our encryption scheme [9] based on ElGamal system,
to be used in the communication model. The typical problems in communicating confidential data
through agents are:
a) It is not known beforehand who the agent will communicate with, thus the data cannot be
encrypted with the proper key of communicating partner.

International Journal of Security (IJS), volume (3): Issue (6) 4

D.S.Adane & S.R.Sathe

b) The environment in which the agent is working may be untrustworthy. Thus, the data agent
carries, must be kept confidential all the time.

In conventional Client-Server systems the data is usually encrypted with the data owner’s
public key to keep it confidential and when the data is needed in communication it is first
decrypted and then again encrypted using the public key of communication partner or the session
key used during the communication. In an agent environment this is not an acceptable solution as
the data is at one moment unencrypted and accessible by the host (untrusted host on which the
agent resides). In our scheme, the data is first encrypted using the encryption key of the agent. At
the moment data must be exchanged with another party, the data is again encrypted, but this
time with the encryption key of the communicating partner. A decryption process then follows
where the decryption key of the agent is used, such that the overall result is encrypted data,
which can only be deciphered by the communicating party. The process is depicted in Figure 2
below:

Epk1 (data) Epk2 (Epk1 (data))

data Epk2 (data)
ENCRYPTION ENCRYPTION DECRYPTION

Pk1 Pk2 Sk1

FIGURE 2: Successive encryption followed by decryption

The necessary condition for an encryption algorithm to be used in above operation is:

DSK1 (EPK2 (EPK1 (M))) = EPK2 (M) (1)

where, PK1 and PK2 are the public keys of the agent and communicating party respectively. SK1
and SK2 are their corresponding private keys. It is assumed that there are more than one secret
keys generated by the agent corresponding to different types of data. Initially the data to be
encrypted is stored at the users computer and in order to encrypt it, the user first generates a key
pair for the agent according to the ElGamal system depending on type of data. The user
*
generates a large random prime p and a generator α of the multiplicative group Z p of the
integers modulo p. The user selects a random integer a1, 1<=a1<= p - 2, and computes :

a1
y1 = α mod p (2)

The agent’s public key is (p, α, y1) and its private key is a1.
The user encrypts the data (represented by parameter m) as follows. He first selects a random
integer k1, 1<= k1 <= p – 2 and computes:
k1 k1
γ1 = α mod p; δ1 = my1 mod p (3)

The cipher text is c1 = (γ1, δ1). This is stored in the agent and can be run on any platform at any
host. At the moment that the agent needs to give the personal data to another entity in the
system, the following process is started. The agent collects the communicating partner’s (from
here on called Bob) public key y2, which is formed in the same way as the user’s public key (y2 =
a2
α mod n). Bob’s private key is a2. It must be noted here that in order to fulfill equation (1), Bob
must use the same generator and prime number for generating its key pair as the user. The agent
encrypts the cipher text c1 using Bob’s public key y2, by the following computations:

k2 k2
γ2 = α mod p; δ2 = δ1y2 mod p (4)

International Journal of Security (IJS), volume (3): Issue (6) 5

D.S.Adane & S.R.Sathe

Where, k2, 1 <= k2 <= p - 2, is an integer chosen at random by Bob. The second cipher text c2 is
then formed by the pair (δ2, γ1).
It is now possible to decrypt it once using the agent’s private key:
-a1 k2
m’=( γ1 ) δ2 mod p = my2 mod p (5)

The result is an encryption of m based on PK2, e.g. y2.

This is sent to Bob, who can decrypt according to the normal ElGamal decryption:
-a2
m= ( γ2 ) m’ mod p (6)

Decryption of m’ (6) should occur at different place than the one where E-E-D operation took
place as decryption of m’ results in the plain text.

3.1 Using Homomorphic Properties of ElGamal Encryption

An additional property of the above composite encryption / decryption scheme is the

ability to add two different but similarly encrypted messages while preserving confidentiality.
When it is possible to compute E(m1 + m2) from E(m1) and E(m2) without decrypting any of
these values, the encryption algorithm is said to be homomorphic in addition. This is possible in
ElGamal given that the security parameter k is equal for E(m1) and E(m2). In that case, if two
messages m1 and m2 are encrypted using an equal k, the ciphertexts will look as follows:
k k
γ1 = α mod p ; δ1 = m1y mod p
k k
γ2 = α mod p ; δ2 = m2y mod p
where y is the public key. Note that here δ2 is computed using the original ElGamal encryption
k
scheme [3] and not by the E-E-D scheme. Adding δ1 and δ2 gives δ1 + δ2 = (m1 +m2)y mod p,
which is equal to the direct encryption of m3 where m3 = m1 + m2, hence it is possible to add two
numbers without having to decrypt one of the messages.

4. THE COMMUNICATION MODEL

Our communication model consists of two Publisher (Voter) agents (PUB1 and PUB2),
one Consumer (vote collector) agent (C2) and a set of servers which are visited by the agents.
We assume a simple scenario with a single voter and single vote collector. The simulation can
however be extended for any number of voters and collectors. The servers are named as THP,
THC, UH1, UH2, UH3 and UH4 respectively. TH indicates trusted host and UH indicates
untrusted host. It is assumed that the platform on which the agents are created and activated are
trusted host and all others are untrusted hosts. Accordingly for agents PUB1 and PUB2
generated on THP server, THP is trusted host. Similarly, for agent C2 generated on THC server,
THC is trusted host. As for this model it assumed that all the servers are part of Nagpur University
and that they are located in the university campus. The complete description about the location of
servers, their physical placement in different buildings of university and their distances is
specified in the BRAHMS geography description file, nm1Geography.b. We then create
appropriate instances of agents from the different servers in the university campus. Agent PUB1
and PUB2 are the voter agents created from THP server and sent on the servers UH1 and UH2
respectively. They wait for the consumer agent on these servers to exchange data. They
continuously sense the environment for the arrival of consumer agent (vote collector) and
exchange their data belief with it when one arrives, with the help of communicate activity of
BRAHMS. Figure 3 gives our general model as implemented in BRAHMS.

International Journal of Security (IJS), volume (3): Issue (6) 6

D.S.Adane & S.R.Sathe

UH3

PUB1 UH1
UH4
Path of C2
THP C2
creates
Pub1 and UH2
Pub2 THC
PUB2 creates
C2

FIGURE 3: General Communication Model

The two voter agents are required as one (PUB1) stores the voting preference 0 or 1.
Voting preference 1 indicates voting in favor and 0 indicates otherwise. As per our encryption
scheme, agent PUB1 carries the preference encrypted using public key of voter and PUB2
contains its secret key. The Consumer agent is first supposed to collect information from PUB1
and go to the server where agent PUB2 is stationed. We have simplified this task by ensuring that
C2 visits UH1 first and then it goes to UH2. This ensures correct sequencing of operations of our
composite encryption scheme. The agent C2 first collects encrypted data from PUB1, encrypts it
again using its own public key and goes to UH2 where it sends this doubly encrypted message to
PUB2 for decryption once using the secret key of voter or Publisher, held by it. The message is
the sent back to C2. Thus, what C2 receives is the message which is encrypted in the public key
of consumer (vote collector) which can be easily decrypted at THC once C2 returns back. If
multiple voters are present, then the Collector agent collects multiple encrypted votes from the
voters and go on adding them at untrusted hosts using the homomorphic property of ElGamal as
discussed in section 3. It can also perform addition on its trusted host THC when it returns back
at a latter date if the results of voting are not to be disclosed immediately. As can be seen, the
composite scheme discussed in section 2 is applied successfully and it ensures that the data
possessed by the agents is never in clear. Though the encryption and decryption operations are
performed on untrusted hosts, they are never on clear data. Thus, data confidentiality is ensured.
The ElGamal encryption and decryption operation can be easily implemented as an external Java
activity in BRAHMS. The simulation results using BRAHMS are shown in Figure 4 and Figure 5
respectively. To keep the simulation simple we only show how the different agent movements are
performed over the period of time and how the data exchange between the agents takes place. In
this simple model, C2 has an initial data value 0. First time it encounters PUB1 on UH1, it
receives data value of PUB1 (1) and adds it to its own to get new data value which is 0+1=1. Next
when it encounters PUB2 on UH2, it again receives data value of PUB2 (2) and add it to its own.
Hence the final value at C2 becomes 1+2=3. In BRAHMS it is possible to check the beliefs held
by the agent at different points of time during execution. Figure 5 show the beliefs held by agent
C2 at servers UH1 and UH2 after collecting data from agents PUB1 and PUB2 respectively.

International Journal of Security (IJS), volume (3): Issue (6) 7

D.S.Adane & S.R.Sathe

FIGURE 4: Agent movements: Agents PUB1 and PUB2 are launched on UH1 and UH2. Agent C2 roams
around the servers UH4, UH3, UH1, UH2 and returns to THC

Second data
change in C2 at
UH2

First data
change in C2 at
UH1

FIGURE 5: Data Beliefs of agent C2 changes as it visits servers UH1 and UH2

In order to perform the encryption-encryption-decryption operation on data it is necessary

to have a JAR file containing the ElGamal encryption / decryption classes. Since it is required to
perform encryption/decryption sequence using different keys we have used a function getKeys()

International Journal of Security (IJS), volume (3): Issue (6) 8

D.S.Adane & S.R.Sathe

which returns the required keys first. Thus we have three activities getKeys, sayEncrypt and
sayDecrypt. After retrieving the keys, we call the functions from the classes, in the Brahms file
through Java Activity. A typical java activity for calling the encrypt function from the class is as
follows:

agent JAgent {

attributes:
public string nextJavaActivity;
public string performedActivity;
public string text1; // message to be encrypted
public int p;// Set through getKey Activity
public int y; // Set through getKey Activity
public int skey;
public int result;

initial_beliefs:
// the java activity to be executed by the agent for encryption
//complete path where activity files are located
(current.nextJavaActivity = "a.b.nm2.jact.doEncryptionActivity" );
activities:
java sayEncrypt(int d, int p, int result) {
max_duration: 0;
class: "a.b.nm2.jact.doEncryptionActivity" ;
when: start;
} // javacls is the class name to be executed
// In Brahms workframes initiate the activities
workframes:
// Executes the Encrypt java activity provided the nextJavaActivity
// value is known. It is known since we specified it as an initial belief
workframe wf_encrypt {
variables:
forone (int) m;
forone (int) pri;
when(knownval(current.data=m) and knownval(current.p=pri))
// It is assumed that private key pri is obtained using getKeys activity
do {
sayEncrypt (m,pri,out);
// m is data, pri is private key and result is obtained in out
conclude((current.data = out), bc:100, fc:0);
// encrypted data is now current data held by the agent and this belief is
// confirmed 100%
} // end do
} // wf_encrypt

} // JAgent

5. CONCLUSION
It is a major challenge to provide secured Mobile Agent communication. The basic problems of
code mobility restrict the use of conventional security measures to be adopted directly in the
context of mobile agents. The existing solutions are either theoretical or practically infeasible.
There is an urgent need for new, effective and efficient solutions in this area. We have proposed
a basic model for secured communication for voting application, targeting the data security of the
agents using convention security technique. The model uses ElGamal encryption / decryption and

International Journal of Security (IJS), volume (3): Issue (6) 9

D.S.Adane & S.R.Sathe

exploits its homomorphic property for the purpose. The composite encryption scheme is
mathematically proven and it can be easily implemented. The BRAHMS environment used by us
provides a realistic view of agents thought processes as they move from host to host. Though we
considered a simple scenario with one voter and only one vote collector, we feel that the idea
could be extended to any number and lay the foundation for a more realistic voting application.

6. REFERENCES

[1] Danny B. Lange and Mitsuru Oshima. “Seven good reasons for mobile agents”.
Communications of the ACM, 42(3):88–89, March 1999.
[2] G. Karjoth, N. Asokan, and G. Glc. “Protecting the computation results of freeroaming agents”.
Mobile agents ’98, Lecture Notes in Computer Science, pages 195–207, 1998.
[3] S. Loureiro, R. Molva, and A. Pannetrat. “Secure data collection with updates”. Proceedings of
the workshop on agents in electronic commerce, pages 121–130, 1999.
[4] B. Yee. “A sanctuary for mobile agents”. Secure Internet Programming, Lecture notes in
computer science, 1603:pages 261–73, 1999.
[5] A. Young and M. Yung. “Sliding encryption: a cryptographic tool for mobile agents”.
Proceedings of Fast Software Encryption Workshop 1997, Springer-Verlag, Lecture Notes in
Computer Science, pages 230–241, 1997.
[6] V. Roth. “On the robustness of some cryptographic protocols for mobile agent protection”.
Mobile Agents 2001, Lecture Notes in Computer Science, pages 1–14, 2001.
[7] http://agentisolutions.com/
[8] http://agentisolutions.com/ Brahms Tutorial (TM01-0002-V1.1)
[9] D.S. Adane and S.R.Sathe, “A Security Model for Data Storing and Data Collecting Agents”.
International Journal of Computer Science and Network Security, IJCSNS, Vol (9), No.4, April
2009.
[10] G. Vigna. “Cryptographic traces for mobile agents. Mobile agents and Security”. Lecture
Notes in Computer Science, pages 137–153, 1998.
[11] I. Biehl, B. Meyer, and S. Wetzel. “Ensuring the integrity of agent-based computations by
short proofs”. Mobile agents, Lecture Notes in Computer Science 1477, pages 183–94, 1998.
[12] F. Hohl. “A framework to protect mobile agents by using reference states”. Proceedings of
the 20th International Conference on Distributed Computing Systems CICDS2000, 2000.
[13] F. Hohl. “Time limited blackbox security: Protecting mobile agents from malicious hosts”.
Mobile agents and security, Lecture notes in computer science, pages 92–113, 1998.
[14] B. Barak and O. Goldreich. “On the (im)possibility of obfuscating programs”. Crypto 2001,
Lecture Notes in Computer Science, pages 1–18, 2001.
[15] C. Cachin, J. Camenisch, J. Kilian, and J. M¨uller. “One-round secure computation and
secure autonomous mobile agents”. Proceedings of the 27th International Colloquium on
Automata, Languages and Programming (ICALP), Lecture notes in Computer Science,
1853:512–23, 2000.
[16] T. Sander and C.F. Tschudin. “Towards mobile cryptography”. Proceedings 1998 IEEE
symposium on security and privacy, pages 215–224, 1998.
[17] S. Loureiro and R. Molva. “Function hiding based on error correcting codes”. In Proceedings
of the CryptTEC’99 International Workshop on Cryptographic Techniques and Electronic
Commerce, pages 92–98, 1999.

International Journal of Security (IJS), volume (3): Issue (6) 10

 CALL FOR PAPERS

Journal: International Journal of Security (IJS)

Volume: 3 Issue: 6
ISSN: 1985-2320
URL: http://www.cscjournals.org/csc/description.php?JCode=IJS

About IJS
Information Security is an important aspect of protecting the information
society from a wide variety of threats. The International Journal of Security
(IJS) presents publications and research that builds on computer security and
cryptography and also reaches out to other branches of the information
sciences. Our aim is to provide research and development results of lasting
significance in the theory, design, implementation, analysis, and application
of secure computer systems.

IJS provides a platform to computer security experts, practitioners,

executives, information security managers, academics, security consultants
and graduate students to publish original, innovative and time-critical articles
and other information describing research and good practices of important
technical work in information security, whether theoretical, applicable, or
related to implementation. It is also a platform for the sharing of ideas about
the meaning and implications of security and privacy, particularly those with
important consequences for the technical community. We welcome
contributions towards the precise understanding of security policies through
modeling, as well as the design and analysis of mechanisms for enforcing
them, and the architectural principles of software and hardware system
implementing them.

To build its International reputation, we are disseminating the publication

information through Google Books, Google Scholar, Directory of Open Access
Journals (DOAJ), Open J Gate, ScientificCommons, Docstoc and many more.
Our International Editors are working on establishing ISI listing and a good
impact factor for IJS.

IJS List of Topics

The realm of International Journal of Security (IJS) extends, but not limited,
to the following:
 Anonymity  Anonymity and pseudonymity
 Attacks, security mechanisms, and  Code security, including mobile
security service code security
 Authorisation  Biometrics
 Cellular/wireless/mobile/satellite networks  Authentication
securi
 Public key cryptography and key  Confidentiality, privacy, integrity,
management authenticatio
 Cryptography and cryptanalysis  Data confidentiality issues
 Data integrity issues  Data recovery
 Database security  Denial of service
 Denial of service attacks and  Dependability and reliability
countermeasures
 Design or analysis of security protocols  Distributed access control
 Distributed and parallel systems security  Electronic commerce
 Formal security analyses  Fraudulent usage
 Information flow  Information hiding and
watermarking
 Intellectual property protection  Intrusion detection
 Key management  Multicast security
 Network and Internet security  Network forensics
 Network security performance evaluation  Non-repudiation
 Peer-to-peer security  Prevention of traffic analysis
 Privacy protection  Computer forensics
 Revocation of malicious parties  Risk assessment and
management
 Secure location determination  Secure PHY/MAC/routing
protocols
 Secure routing protocols  Security group communications
 Security in ad hoc networks  Security in cellular networks (2G,
2.5G, 3G, B3G,
 Security in communications  Security in content-delivery
networks
 Security in distributed systems  Security in domain name service
 Security in e-mail  Security in high-speed networks
 Security in integrated networks  Security in integrated wireless
networks
 Security in internet and WWW  Security in IP networks
 Security in mobile IP  Security in optical systems and
networks
 Security in peer-to-peer networks  Security in satellite networks
 Security in sensor networks  Security in VoIP
 Security in wired and wireless integrated  Security in Wired Networks
networks
 Security in wireless communications  Security in wireless internet
 Security in wireless LANs (IEEE 802.11  Security in wireless MANs (IEEE
WLAN, WiFi, 802.16 and WiMAX)
 Security in wireless PANs (Bluetooth and  Security policies
 IEEE 802.
 Security specification techniques
 Tradeoff analysis between performance
and security
 Viruses worms and other malicious code
 Security standards
 Trust establishment
 WLAN and Bluetooth security
CFP SCHEDULE

Volume: 4
Issue: 1
Paper Submission: January 31 2010
Author Notification: February 28 2010
Issue Publication: March 2010
 CALL FOR EDITORS/REVIEWERS

CSC Journals is in process of appointing Editorial Board Members for

International Journal of Computer Security (IJS). CSC Journals
would like to invite interested candidates to join IJS network of
professionals/researchers for the positions of Editor-in-Chief, Associate
Editor-in-Chief, Editorial Board Members and Reviewers.

The invitation encourages interested professionals to contribute into

CSC research network by joining as a part of editorial board members
and reviewers for scientific peer-reviewed journals. All journals use an
online, electronic submission process. The Editor is responsible for the
timely and substantive output of the journal, including the solicitation
of manuscripts, supervision of the peer review process and the final
selection of articles for publication. Responsibilities also include
implementing the journal’s editorial policies, maintaining high
professional standards for published content, ensuring the integrity of
the journal, guiding manuscripts through the review process,
overseeing revisions, and planning special issues along with the
editorial team.

A complete list of journals can be found at

http://www.cscjournals.org/csc/byjournal.php. Interested candidates
may apply for the following positions through
http://www.cscjournals.org/csc/login.php.

Please remember that it is through the effort of volunteers such as

yourself that CSC Journals continues to grow and flourish. Your help
with reviewing the issues written by prospective authors would be very
much appreciated.

Feel free to contact us at coordinator@cscjournals.org if you have any

queries.
 Contact Information

Computer Science Journals Sdn BhD

M-3-19, Plaza Damas Sri Hartamas
50480, Kuala Lumpur MALAYSIA

Phone: +603 6207 1607

+603 2782 6991
Fax: +603 6207 1697

BRANCH OFFICE 1
Suite 5.04 Level 5, 365 Little Collins Street,
MELBOURNE 3000, Victoria, AUSTRALIA

Fax: +613 8677 1132

BRANCH OFFICE 2
Office no. 8, Saad Arcad, DHA Main Bulevard
Lahore, PAKISTAN

EMAIL SUPPORT
Head CSC Press: coordinator@cscjournals.org
CSC Press: cscpress@cscjournals.org
Info: info@cscjournals.org