Saturday, August 14, 2010

My Agent Security Scenario: The Code-Decrypt Class


/*
Receive the message from encrypt Aglet 
and do decryption operation 
*/
//examples is the name of the folder where the all ASDK(Agent
//software development kit) Java mobile agents resides
//Sec is the sub folder at the examples folder , contains the 
//java classes of my project
package examples.Sec;
//The package of com.ibm.aglet reused from the ASDK  
//to have * after package name means to be able to 
//reuse all the package classes in your project
import com.ibm.aglet.*;
//The Decrypt Aglet inherited from the subclass (remember 
//base class concept if you are C\C++ programmer) Aglet
public class Decrypt extends Aglet
{
 public String userName;
 public String Password;
 public boolean handleMessage(Message secretInfo)
 {
     if(secretInfo.sameKind("secretInformation"))
  {
    
    userName=new String((String)secretInfo.getArg("User Name"));
    Global.array_char=userName.toCharArray();
    Decrypt();
    userName="";
    userName=Global.array_in_string();
    System.out.println("User Name after Decryption : "+userName);
    /////////////////////////////////////////
    Password=new String((String)secretInfo.getArg("Password"));
    Global.array_char=Password.toCharArray();
    Decrypt();
    Password="";
    Password=Global.array_in_string();
    System.out.println("Password after Decryption : "+Password);
    System.out.println();
    dispose();
    return true;
  }
  return false;
 }
 public void Decrypt()
 {
  Global.array_int=new int[10];
     for(int h1=0;h1<Global.array_char.length;h1++)
  {
   
   Global.array_int[h1]=(int)Global.array_char[h1];
   if(Global.array_int[h1]>=65&&Global.array_int[h1]<=90)
   {
    if((Global.array_int[h1]-3)<65)
    {
     Global.array_int[h1]=Global.array_int[h1]-3;
     Global.array_int[h1]=65-Global.array_int[h1];
     Global.array_int[h1]=91-Global.array_int[h1];
     Global.array_char[h1]=(char)Global.array_int[h1];
    }
    else
    {
     Global.array_int[h1]=Global.array_int[h1]-3;
     Global.array_char[h1]=(char)Global.array_int[h1];
    }    
   }
   else if(Global.array_int[h1]>=97&&Global.array_int[h1]<=122)
   {
    if((Global.array_int[h1]-3)<97)
    {
     Global.array_int[h1]=Global.array_int[h1]-3;
     Global.array_int[h1]=97-Global.array_int[h1];
     Global.array_int[h1]=123-Global.array_int[h1];
     Global.array_char[h1]=(char)Global.array_int[h1];
    }else
    {
     Global.array_int[h1]=Global.array_int[h1]-3;
     Global.array_char[h1]=(char)Global.array_int[h1];
    }    
   }
   else Global.array_char[h1]=(char)Global.array_int[h1];
  }
 }
}

My Agent Security Scenario: The Code-Encrypt Class

/*
This Aglet do the dispatching ,loading Sec information from the file 
and encryption and return back to home to send values to Decrypt message
*/
//the folder examples contained in ASDK folders
//and considered by ASDK as default folder where
//to find all agent projects
//the folder Sec is sub folder at examples folder
//I created to place my java classes in
package examples.Sec;
//com.ibm.aglet is an aglet package has
//set of classes have to with aglet contained again
//in ASDK folders , the star (*) means to the ability
//to reuse all the classes at the package
import com.ibm.aglet.*;
//Interface MobilityListener support the methods
//have to do with aglet transfering for example 
//onDispatching() called before the aglet dispatch
//since calling disaptch(URL) method
import com.ibm.aglet.event.*;
//package needed for networking applications,I import it
//since I need to use th URL java class to point for 
//the host on the WWW , that contains the user name and password 
import java.net.*;
//package at JDK contains the Scanner class and others
import java.util.*;
//Package contained into JDK contains the classes to handle 
//I/O from data storage ,for example contains the File class 
//to read or write from or to a simple file
import java.io.*;
public class Encrypt extends Aglet
{ 
 //Declare the variables to handle the secret information
    //from the remote host at the WWW 
    public String userName=new String();
    public String password=new String(); 
 
 //Declare and initialiation the indicators to 
 //determine the aglet location
 //_At_Home status means the aglet newly created and 
    //did not transfere and read the secret information 
    //from the remote host and the dispatch method shall be called 
 public int _AT_HOME=0;
 //_At_REMOTE means the aglet reached successfully to the 
 //remote host over the WWW containing the user name and the password
 //and so the loading and encryption shall take place
 public int _At_REMOTE=1;
 //_Back_AT_HOME means the aglet read the secret information
 //and encrypt them and return back to the home and the time is
 //suitable to fill in tabular message and send them to the decrypt aglet
 public int _Back_AT_HOME=2;
 //_STATE can be _AT_HOME,_At_REMOTE,_Back_AT_HOME
    public int _STATE=0; 
 //create interface to handle the file open,close,read 
 //or write
 public static File infile=new File("C:/Secret.txt");;
 public static Scanner input;
 //help to store the secret infoemation in hash table with two 
 //columns one for keys and other for value , to reach val1 you 
 //need to know Key1
 Message secretInformation=new Message("secretInformation");
 //method executed when the aglet created,dispatched,reverted
 //main operations of the aglet can take place here
 public void run()
 {
  if(_STATE==_AT_HOME)
  {
      
   try
   {
    //the _STATE changed since next time the run() 
    //executed the aglet will be at remote host    
    _STATE=_At_REMOTE;
    //the method will dispatch (say push !) 
    //to the URL specified staticall by the value :
    //"atp://OMAR-PC:1024" at the object of type 
    //URL 
    dispatch(new URL("atp://OMAR-PC:1024"));
   }//end try block
   catch(Exception e)
   {
       //reaching to this block the failure 
       //to dispatch takes place 
       System.out.println("Error -- "+e);
   }//end catch block
  }//end if statement
  else if(_STATE==_At_REMOTE)
  {
      //array will help the Encrypt() method
   //to store each character in the user name and the
   //password and value of ASCII code of each character
   //at the user name and password
      Global.array_char=new char[10];
            Global.array_int=new int[10];
   try
   {
    //Scanner class can hanbdle the read operation from
    //text file contains the secret information
    input=new Scanner(infile);
    //read the user name from the file and store at the 
    //username variable using next() methos that will read entire
    //line
    userName=input.next();
    //convert the user name from string to array of 
    //characters for  issues have to with the methodology
    //how encrypt method encrypt data
    Global.array_char=userName.toCharArray();
    //print the user name as clear text on the console
    System.out.println("user name as clear text  : "+userName);
    encrypt();//call the encrypt method
    userName="";
    //convert the array of characters ,contains the characters 
    //of the username in encrypted manner,to string
    userName=Global.array_in_string();
    //read the password from the file and store at the 
    //password variable using next() methos that will read entire
    //line
          password=input.next();
    //print the Password as clear text on the console
    System.out.println("Password as clear text  : "+password);
       //convert the array of characters ,contains the characters 
    //of the username in clear text manner,to string
    Global.array_char=password.toCharArray();
    encrypt();//call the encrypt method
    password="";
    //convert the array of characters ,contains the characters 
    //of the password in encrypted manner,to string
    password=Global.array_in_string();
    System.out.println();
    //print the username and the password in encrypted manner
    System.out.println("user name after encryption : "+userName);
    System.out.println("password  after encryption : "+password);
       System.out.println();
   
   }//end try block
   catch(Exception n)
   {
       //catch block can catch any type of exception , which
                //may be fail to find the file to open    
    System.out.println("to open the file : "+n);
   }//end catch block
   
   try
   {
       //the _STATE changed since next time the run() 
    //executed the aglet will be at remote host 
    _STATE=_Back_AT_HOME;
    //the method will dispatch (say push !) 
    //to the URL specified staticall by the value :
    //"atp://OMAR-PC:4434" at the object of type 
    //URL that defines the aglet Home URL
    //over WWW
    dispatch(new URL("atp://OMAR-PC:4434"));
   }//end try block
   catch(Exception e)
   {
      //reach to this block means an exception
      //takes place that may be failure to dispatch
      System.out.println("Fail to return home ");
   }//end catch block
   
   
   }//end if statement
   else if(_STATE==_Back_AT_HOME)
   {
    
    //filll the hash table at the object of type message 
    //that will contain two pairs one for the password and its keyword
    //and the other the user name and the paired keyword
    //setArg is a method at Message class takes two parameters 
    //to fill hash table one the key and the other is the value matched
    //by the Key 
    secretInformation.setArg("User Name",userName);
    secretInformation.setArg("Password",password);
    
    try
    {
    //Father Aglet contains the decryptProxy that object
    //of type AgletProxy that help to handle Decrypt Aglet 
    //and will be used here to send message to Decrypt Aglet
    //I defined the decryptProxy as static variable at Father Aglet
    //And so I can use it here at the current aglet
     Father.decryptProxy.sendMessage(secretInformation);
     dispose();//the current aglet killed here
    }//end try block
    catch(InvalidAgletException e)
    {
    //Signals that the aglet proxy
                //is not valid any longer. 
     System.out.println("InvalidAgletException is thrown");
    }//end catch block
    catch(NotHandledException e)
    {
     //the message not handled by the 
     //destined to Aglet
     System.out.println("NoHandledException is thrown");
    }//end try block
    catch(MessageException e)
    {
     //Signals that the exception occured 
     //while processsing the message. 
     System.out.println("MessageException thrown");
    }//end catch block
    catch(Exception e)
    {
       //The class Exception and its subclasses are 
       //a form of Throwable that indicates conditions 
       //that a reasonable application might want to catch
     System.out.println("fail to send due to : "+e);
    }//end catch block
  
         }//end nested if have to do with aglet location 
  
        }//end the run() method
  public void encrypt()
  {
      //for lop on the characters of the array of characters
   //represents the clear text usename and password
   for(int h1=0;
   h1 < Global.array_char.length;h1++)
   {
    
    Global.array_int[h1]=(int)Global.array_char[h1];
    
    if(Global.array_int[h1]>=97&&Global.array_int[h1]<=122)
    {
        //handle the lower case letters
     if((Global.array_int[h1]+3)> 122)
     {
         //for example we have z we need to encrypt to 
      //c lower case letter and the below formula do that and then 
      //convert the ASCII code into letter again and store into array 
      //of characters
      Global.array_int[h1]=Global.array_int[h1]+3;
      Global.array_int[h1]=124-Global.array_int[h1];
      Global.array_int[h1]+=96;
            Global.array_char[h1]=(char)Global.array_int[h1];
     }
     else
     {
         //the process that you need to encrypt Only to 
      //move three forwarding steps in the alphabetical order 
      Global.array_int[h1]=Global.array_int[h1]+3;
      Global.array_char[h1]=(char)Global.array_int[h1];
     }  
    }
    else if(Global.array_int[h1]>=65&&Global.array_int[h1]<=90)
    {
        //handle the upper case letters
     if((Global.array_int[h1]+3)>90)
     {
      //for example we have Y we need to encrypt to 
      //B lower case letter and the below formula do that and then 
      //convert the ASCII code into letter again and store into array 
      //of characters
      Global.array_int[h1]=Global.array_int[h1]+3;
      Global.array_int[h1]=Global.array_int[h1]%90;
      Global.array_int[h1]+=64;
         Global.array_char[h1]=(char)Global.array_int[h1];
     }
     else 
     {
         //the process that you need to encrypt Only to 
      //move three forwarding steps in the alphabetical order
      Global.array_int[h1]=Global.array_int[h1]+3;
      Global.array_char[h1]=(char)Global.array_int[h1];
        }
    }
    //handle the case that the current item
    //not english alphabetical letter
    else Global.array_char[h1]=(char)Global.array_int[h1];
  }//end for loop that check the characters of the array of characters 
  //contains the user name and password characters
 }//end encrypt() method
}//end Encrypt Aglet

My Agent Security Scenario: The Code -Father & Global Class

//the folder Sec is sub folder at examples folder
//I created to place my java classes in
package examples.Sec;
//java class its memebers can be used by the Encrypt
//and Decrypt Aglets
public class Global
{
    //arrray of characters to save the username and password in it 
 //before calling the ncrypt or decrypt method
 public static char array_char[];
 //at encrypt or decrypt method the character at
 //array of characters need to be casted into ASCII 
 //value and stored at array of integers to encounter
 //an arithmetic operation then the resulted value represent 
 //an ASCII code ,which will be casted to char and stored into
 //the array of characters 
 public static int array_int[];
 public static String array_in_string()
 {
     //this method store the content 
  //of the array of characters into
  //string
  String theString=new String();
  for(int d=0;d < Global.array_char.length;d++)
  {
      //concatenation between the string content and 
   //the current char
   theString=theString+Global.array_char[d];
  }
  //theString may be the username in encrypted or clear text manner
  //thestring may be the password in encrypted or clear text manner
  return theString;
 }

}
/*
/*
This class represents the first trigger in the system 
,that instatiating  "Encrypt" aglet providing input for "Decrypt"
aglet
*/
package examples.Sec;
import com.ibm.aglet.*;
public class Father extends Aglet
{
 //AgletProxy help to handle the Aglet 
 //that will be created by the Father Aglet
 //I defined as static and public data members since 
 //I need to use  decryptProxy to at the Encrypt Aglet 
 //to send Messge to Decrypt Aglet
 public static AgletProxy encryptProxy;
 public static AgletProxy decryptProxy;
 public void onCreation(Object init)
 {
  try
  {
      //create the Encrypt and Decrypt Aglet
      encryptProxy=getAgletContext().createAglet(getCodeBase(),
                               "examples.Sec.Encrypt",null);
      decryptProxy=getAgletContext().createAglet(getCodeBase(),
                                   "examples.Sec.Decrypt",null);
   dispose();//kill the current Aglet
  }//end try block
  catch(Exception e)
  {
   System.out.println(e);
  }//end catch block
 }//end on Creation method that called only when 
 //the aglet created 
 
}

My Agent Security Scenario : The Discussion

Implementation of Caesar algorithm using Java programming language based on Mobile agent approach
Designed and Implemented by Omar Adnan Butros Isaid with ID 200530158
This system implemented as homework during the course in special topics in faculty computer networks system, semester 20091

1.Preface

The following papers represent the analysis of my implementation of ceaser cipher algorithm using Java language and Agent-oriented approach, after this analysis I enclosed the code of the system

This system consists of four classes :

  • Father Aglet
  • Encrypt Aglet
  • Decrypt Aglet
  • Global class

This four classes represents a system implements Caesar cipher algorithm . Caesar cipher is the first recorded substitution encryption algorithm. Caesar cipher is categorized under symmetric cryptography.

Requirements of Symmetric cryptography algorithm are:

  • encryption algorithm
  • Decryption algorithm
  • Secure key











3. System Analysis and Design

3.1 The System Static Structure

I implemented the encryption algorithm in the method encrypt() in the Aglet Encrypt, and decryption algorithm in the method Decrypt() in aglet Decrypt
This Encrypt and Decrypt aglets are supported by the members of the Global class , that all their members can be seen and shared by all aglets in the package .The class Global has an array of characters helps to token clear user name and password into tokens each token is a character. The algorithms of the system (encryption/decryption) algorithms based on conversion the characters to its ASCII code and vice versa. This system is the implementation of Caesar cipher algorithm that has to do with upper case and lower case characters only. The Integer variables (_AT_HOME,_At_REMOTE , _Back_AT_HOME, _STATEs ) control the action of aglet in its method run()

3.2 The System Dynamic Process

The class Father instantiates Encrypt and Decrypt aglets. Encrypt aglet dispatches to the host atp://OMAR-PC:1024 from the home atp://OMAR-PC:4434 .At remote host the aglet can read secret values from the file c:\Secret.txtas clear text.

I mean by the secret information is the user name and the password .each one of them loaded from the file to a separate string. The user name stored in the variable userName and password in password. The string stores in array of characters using java predefined methods that act as preparing step before calling encrypt() method. The method encrypt() move each character three forwarding steps in alphabetical order .Calling the method encrypt() , the elements of the array of characters stored in a string using the global method array_in_string().

Aglet Encrypt Now dispatches back to the home carrying encrypted strings (username, password).The Encrypt passes a message that is tabular synchronous message to the Decrypt aglets.The aglet named Decrypt handle the message using public boolen handleMessage(Messagge) method.
The Aglet Encrypt handling the message successfully get the secret information (username, password) using the method getArg (String value), that called twice. One time to get the user name and store in a usernamedata member and the second to store the password in password data member .each string stored in array of characters for decryption and after decryption the array of characters stored back into the string

Let us summarize the encryption/Decryption steps:

  1. user name and password stored in the strings userName and Password
  2. The class Encrypt load the values from the file c:\Secret.txt

  3. The class Decrypt fetish the value from the tabular message sent by the class Encrypt aglet, when return back to the home
  4. The userName and Password each one passes in the following steps each in turn
  5. Store userName/Password in the global array of characters array_char[]
  6. Each character forward/backward according to the method encrypt or Decrypt three steps in alphabetical order
  7. After calling encrypt() or Decrypt() the array of characters character by character grouped back into the string “userName” or “Password”

3.3 Relationship Model

  1. The Aglets Encrypt/Decrypt instantiated from the same Aglet Father
  2. Decrypt AgletDecrypt Aglet remains nearly doing nothing till the Message passes from the “Encrypt” aglet
  3. both aglets use the same instances of the arrays: int array_int [] and char array_char []

4. Role of Aglets

The Aglet Father

  1. instantiates the aglets Encrypt and Decrypt
  2. Provides the public objects named “encryptProxy” and “decryptProxy” of type AgletProxy Class .And so, the Aglet named Encrypt can send the message from Encrypt Aglet to Decrypt aglet


The Aglet Encrypt

  1. Pass over the network to the host atp://OMAR-PC1024
  2. At remote host loads the secret information as clear text
  3. Encrypt the secret information
  4. Return back to the home atp: //OMAR-PC:4434 with encrypted data. At home passes the encrypted information to the aglet “Decrypt”


The Aglet Decrypt

  1. Handle the Message from the aglet Decrypt and before only do nothing waits for this message at the home atp://OMAR-PC:4434
  2. Decryption of the secret information
  3. The below screen shot represents the arrival of aglet Encrypt to the host atp://OMAR-PC:1024 .where load secret information and encrypt them then return back to home atp://OMAR-PC:4434















The below shot represents the “Encrypt”,returning to home and pass to “Decrypt” that decrypt and display the secret information



My Experience With Mobile Agent

I took the Mobile agent course under advanced topic in Jami'at Al-Ulum Al-Tatbiqiya,with the Dr. Faiz Al-Shroof .This course based on the text book "PROGRAMMING AND DEBLOYING JAVA MOBILE AGENTS" by Danny B.Lang/Misturu Oshima and on the slides prepared by Dr. Faiz Al-Shroof.
I developed my own agents using ASDK (agent software development kit), I installed on my Windows Vista laptop , the instruction to install this framework is given to me by my Schoolmate Othman Adarbh , my developed agents developed on classes and libraries at JSDK (java software development kit) and ASDK (agent software kit), that ASDK added a new classes and libraries based on the Java CLI (command language infrastructure).Being a professional Java SE developer , I did well with this course and I got 88% as a final mark at this course , and I developed an interesting agents scenario all prodded to develop especially the security agent scenario I will discuss later in this blog

About Mobile Agent

The below in this post is my choose from (world wide web) about Aglet and Java mobile Agent to help the reader to understand the further posts and the reference is in the tail of the current post

What is the Mobile Agent

In computer science, a mobile agent is a composition of computer software and data which is able to migrate (move) from one computer to another autonomously and continue its execution on the destination computer.

Definition and overview

A Mobile Agent, namely, is a type of software agent, with the feature of autonomy, social ability, learning, and most importantly, mobility.
More specifically, a mobile agent is a process that can transport its state from one environment to another, with its data intact, and be capable of performing appropriately in the new environment. Mobile agents decide when and where to move. Movement is often evolved from RPC methods. Just as a user directs an Internet browser to "visit" a website (the browser merely downloads a copy of the site or one version of it in the case of dynamic web sites), similarly, a mobile agent accomplishes a move through data duplication. When a mobile agent decides to move, it saves its own state, transports this saved state to the new host, and resumes execution from the saved state.
A mobile agent is a specific form of mobile code. However, in contrast to the Remote evaluation and Code on demand programming paradigms, mobile agents are active in that they can choose to migrate between computers at any time during their execution. This makes them a powerful tool for implementing distributed applications in a computer network.
An open multi-agent systems (MAS) is a system in which agents, that are owned by a variety of stakeholders, continuously enter and leave the system.

Reputation and Trust

The following are general concerns about Trust and Reputation in Mobile Agent research:
  1. Source of trust information
    • Direct experience
    • Witness information
    • Role-based rules
    • Third-party references
  2. How trust value is calculated
  3. Overall trust value

What are the differences between trust and reputation systems?

Trust systems produce a score that reflects the relying party’s subjective view of an entity’s trustworthiness, whereas reputation systems produce an entity’s (public) reputation score as seen by the whole community.

Advantages

Some advantages which mobile agents have over conventional agents:
* Computation bundles - converts computational client/server round trips to relocatable data bundles, reducing network load.
* Parallel processing -asynchronous execution on multiple heterogeneous network hosts
* Dynamic adaptation - actions are dependent on the state of the host environment
* Tolerant to network faults - able to operate without an active connection between client and server
* Flexible maintenance - to change an agent's actions, only the source (rather than the computation hosts) must be updated
One particular advantage for remote deployment of software includes increased portability thereby making system requirements less influential.

What is Aglet

Aglets is a Java based mobile agent platform and library for building mobile agents based applications. An aglet is a Java agent which can autonomously and spontaneously move from one host to another carrying a piece of code with it. It can be programmed to execute at a remote host and show different behaviours at different hosts. Java based security implementations take care of authorised access to local resources at the remote hosts.
Aglets was originally developed by Mitsuru Oshima ("大島 満") and Danny Lange at the IBM Tokyo Research Laboratory. The original name of the project was AWB (Aglets WorkBench) and IBM was responsible for most of the 1.x release. However the project is now hosted at SourceForge.net as an open source project, where it is distributed under the IBM Public License. In the beginning, the SourceForge releases had been only bug-fix ones, but 2.x series(most of which came from open source community only) had better security and thread management. It now includes a log4j based logging system and a few bug-fixes of the older versions.
Aglets is completely written in Java, thus allowing a high portability of both the agents and the platform. Aglets includes both a complete Java mobile agent platform, with a stand-alone server called Tahiti, and a library that allows developers to build mobile agents and to embed the Aglets technology in their applications.
No new releases of Aglets have been made since 2001, although an updated users manual was released in 2004. The future of the project is unclear.
The Aglets Software Development Kit (ASDK) is a framework and environment for developing and running mobile agents. Mobile Agents are a type of software agents that have the unique ability to transport themselves from one system to another. Doing so, an

Tools to develop Mobile Agent

The Aglets Software Development Kit (ASDK) is a framework and environment for developing and running mobile agents. Mobile Agents are a type of software agents that have the unique ability to transport themselves from one system to another. Doing so, an
References :
http://en.wikipedia.org/wiki/Aglets

http://en.wikipedia.org/wiki/Mobile_agent

http://sourceforge.net/projects/aglets/