CN1744523A - A security protection method for mobile agent network management - Google Patents

Abstract

In hardware, smart cart is adopted as reliable execution environment of mobile agent; and in software, encryption techniques are adopted to ensure confidentiality and security of mobile agent and information of administer of network. Under management of validity and verification, executing task of managing network, the mobile agent is divided into public and private codes and data, which are protected by conventional encryption / decryption algorithm and encryption / decryption algorithm in published cryptographic key / secret code system. Kernel portion of mobile agent is executed in smart cart. From hardware and software synthetically, the method guarantees security of network management of mobile agent, lowers difficulty of security and protection, increases flexibility, configurability and expandability.

Description

A security protection method for mobile agent network management

technical field

The invention is a security solution for applying distributed computing technology to an open network environment. It is mainly used to solve the security problems of network management based on mobile agents, and belongs to the cross-technical field of computer network, distributed computing and information security.

Background technique

In the current network management solution, most of the network management calculations are completed by the network management station. When using this method for network management, a large amount of information exchange between the management station and the managed nodes will cause a great waste of network bandwidth, and this solution cannot dynamically expand the server's ability. The above shortcomings can be alleviated by adopting the distributed computing technology of mobile agent. A mobile agent is a software entity with certain intelligence and judgment capabilities. It can migrate on a heterogeneous network according to certain procedures, find suitable resources, process or use these resources locally, and complete specific network management tasks on behalf of users.

The mobile agent network management solution consists of three parts: a network management station with a mobile agent execution environment, a managed node, and a mobile agent performing network management tasks. The network management station generates and dispatches mobile agents according to management tasks, and processes the results it returns. The mobile agent migrates at each managed node, collects and processes information, and performs network management operations. There is a mobile agent execution environment on the managed node, which accepts the mobile agent and assists it in accessing local resources. In the mobile agent network management solution, the network management station dispatches corresponding mobile agents to each managed node to perform management tasks; these mobile agents carry relevant information back to the management station after each managed node completes the management task, or migrate to multiple nodes in turn. Each managed node returns to the management station after completing the corresponding management tasks, or traverses all the managed nodes and then returns to the management station.

The mobile agent network management solution has the advantages of small network load, strong adaptability, and high real-time processing. But the security of the mobile agent technology itself and the potential safety hazards in the application of network management hinder the practical application and development of this network management solution.

Analysis of Security Threats Faced by Mobile Agents in Network Management

In the process of network management, the possible security threats of mobile agents that are constantly migrating mainly include:

(1) Passive attack: The malicious attack node does not interfere with the mobile agent in transmission, but ① intercepts (eavesdrops) its code and data, and ② conducts traffic analysis (such as analyzing the transmission frequency and length of the mobile agent), so as to obtain the required sensitive information.

(2) Active attack: ① Interruption: Destroy the resources of the managed network or make them unavailable. ② Tampering and retransmission: If the mobile agent is intercepted by a malicious node before it reaches the destination, the node may modify the code or data of the mobile agent and then send it to the destination node, which may lead to illegal changes to network configuration and management parameters. In addition, the malicious node may only resend the mobile agent at an appropriate time (such as including the operation of restarting a certain device, etc.), which may also cause damage to the network management and the managed network. ③Counterfeiting: Malicious nodes pretend to be legitimate nodes and use fake mobile agents to conduct unauthorized network management activities.

Analysis of security threats faced by managed nodes

In the process of network management, the managed node allows mobile agents that perform different network management tasks to run on it, which makes it face possible attacks from various malicious mobile agents (eg, tampered, disguised and retransmitted mobile agents). Malicious mobile agents can carry illegal codes to destroy the service provided by the managed node, destroy the operation of the managed node, and even terminate the node completely. It can also launch a denial of service attack by consuming a large number of managed node resources (such as hard disk space, memory, network ports, etc.) so that it cannot complete normal business. If a mobile agent that has visited the managed node has not authorized its service, it will harm other mobile agents and the managed node itself. Therefore, the managed node must ensure that each mobile agent will not read and write data beyond its authorization, and for legal mobile agents, the managed node should also give sufficient resource access rights.

Analysis of Security Threats Faced by Network Management Station

The network management station is the creator and initial transmitter of the mobile agent that performs network management tasks. It also needs to accept the mobile agent returned after completing the task, extract information, check the execution of the management task, monitor and maintain the operating status of the entire managed network . In the process of network management, the security problems faced by the management station are ① the malicious code contained in the returned mobile agent, and ② the data brought back by the mobile agent is tampered or forged. Of course, the security protection of the management station must depend on the resolution of the security protection issues of the mobile agent during transmission and on the managed node to a large extent.

Contents of the invention

Technical problem: the purpose of this invention is to provide a kind of safety protection method facing mobile agent network management, solve the safety problem that occurs based on mobile agent network management, build a security system structure, utilize smart card technology and encryption technology to network management station, managed Nodes, mobile agents, and network management processes implement hardware and software security protection.

Technical solution: the method of the present invention is an improved and comprehensive method, which is proposed by improving and synthesizing the detection-based, hardware-based, active safety protection measures. The smart card running the Java program, which complies with all smart card standards) is used as a reliable execution environment for the mobile agent, and encryption technology is used at the software level to ensure the confidentiality and reliability of the mobile agent and network management information.

1. Architecture

In the mobile agent network management solution, when the mobile agent migrates to each managed node to complete the management task, the code and data it executes (here, the data specifically refers to the information other than the execution code) may be the same (we call it public code and data); it may also be different (let's call it private code and data). Among them, the public data also includes the list of nodes to be visited by the mobile agent, routing information and data related to security, etc.

The mobile agent network management security architecture consists of two parts, one part is in the network management station, and the other part is in the managed node.

1. The security composition of the network management station

The network management station is the center for implementing network management security protection, and is responsible for coordinating the safe operation of the entire management; according to different network management tasks, corresponding mobile agents are generated and dispatched to the managed nodes to perform specific management tasks locally. The security composition of the network management station mainly includes four parts.

(1) Java Card Manager

The Java Card Manager loads various necessary functions and data for the Java Cards of each node, and provides corresponding Java Card certificates. The Java Card certificate contains the following information: the manufacturer of the Java Card, the type of the Java Card, the security policy provided by the Java Card, and related keys. When a Java Card is assigned to a managed node, its Java Card certificate is provided to the directory manager.

(2) Directory Manager

Directory Manager provides a directory service. The network management station and each managed node need to register the following reference information at the directory manager: the identifier of the node (such as machine name or other unique identifier) and physical network address, and what security policy is provided. The Java Card Manager provides Java Card certificates for each node to the Directory Manager. These information are used for locating the managed node for the network management station, and performing encrypted services for the mobile agent.

(3) Mobile Agent Execution Environment (hereinafter referred to as MAEE)

In the network management process, the mobile agent completes management tasks and returns management results by interacting with each managed node. MAEE provides various functional support for mobile agents. In terms of security management, it uses Java cards to manage and encrypt the validity of mobile agents on the one hand. On the other hand, it decrypts mobile agents returned to the management station and extracts management result information, mainly including Four parts: mobile agent receiving interface, management information processing module, password control module, mobile agent sending interface.

The mobile agent receiving interface is responsible for inputting the mobile agent to the Java card of the network management station.

The management information processing module counts, filters and synthesizes the management result information extracted by the Java card of the network management station.

Described password control module interacts with directory manager, provides necessary password for Java card (in the management station, mobile agent encryption and decryption involve a lot of passwords, considering the storage capacity limitation of Java card and the security reliability of management station , these passwords are provided to the Java card of the management station by the directory manager through the mobile agent execution environment; and in the managed node, the encrypted and decrypted passwords are stored in the Java card of the node).

The mobile agent sending interface is responsible for sending the encrypted mobile agent obtained from the Java card of the network management station.

(4) Java Card

In the network management station, the Java card interacts with the mobile agent execution environment through a clear interface. On the one hand, it manages the validity of the mobile agent that is about to perform network management tasks (plus unique identifiers, valid time stamps) and various Encryption processing and setting the transmission path of the agent; on the other hand, the Java card also decrypts the mobile agent returning to the management station, and then checks its validity (checking whether it is resent by a unique identifier, checking whether it is expired by a valid time stamp) , and finally the Java card extracts the management result information for the network management station.

Java Card provides a platform where encryption, decryption, validity management, and information extraction activities can all run securely. The bottom code in the Java Card ROM is the device driver for accessing memory (including RAM, ROM and EEPROM) and I/O, and may also include the driver for accessing the encryption processor as needed. The Java Card virtual machine on top of this is responsible for controlling the access of upper-layer applications to the Java Card hardware driver. On top of the Java Card virtual machine is the Java intermediate bytecode that implements various APIs (basic Java Card APIs and dedicated APIs for network management). Finally, the application programs that implement the Java Card-specific functions are located on the top layer. In the method of the present invention, these application programs include decryptor, validity management module, information extraction module, encryption and transmission processing module.

The decryptor decrypts the public data of the mobile agent with a conventional decryption algorithm, and decrypts the private data of all nodes with a decryption algorithm of a public key cryptosystem.

The validity management module assigns a unique identifier to the mobile agent and each private code respectively, puts a time stamp in the public data of the mobile agent, or checks the unique identifier in the mobile agent to ensure that the information is not repeated, and checks the time Stamp to ensure that the information has not expired.

The information extracting module extracts public data and private data of each managed node from mobile agents verified legal by validity management.

The encryption and transmission processing module encrypts the public code and data of the mobile agent with a conventional encryption algorithm, encrypts the private code and data of each node with the encryption algorithm of the public key cryptosystem, and sets the mobile agent when performing network management tasks. The transmission path to be traversed.

2. Security composition of managed nodes

(1) MAEE

In the managed node, MAEE provides a foothold for the mobile agent performing network management tasks, but it does not need to process management result information, nor does it need a password control module (the passwords involved in the managed node are all encapsulated in the Java card of the node) . In terms of security management, it includes three parts: mobile agent receiving interface, mobile agent sending interface, and local resource control module.

The mobile agent receiving interface is responsible for inputting the mobile agent to the Java card of the local managed node.

The mobile agent sending interface is responsible for sending the mobile agent submitted by the Java card of the local managed node.

The local resource control module controls the Java card's access to local managed node resources, reading and writing of managed objects, assists the Java card in completing management tasks, and protects resources of the local managed node.

(2) Java Card

In the managed node, the functions implemented by the Java card are different from those of the management station, and it mainly implements local network management. The Java Card application program of the managed node includes decryptor, validity verification module, function extraction module, task executor, encryption and transmission processing module.

The decryptor decrypts the public code and data of the mobile agent with a conventional decryption algorithm, and decrypts the private code and data of the local managed node with a decryption algorithm of the public key cryptosystem.

The validity verification module verifies whether it is legal by checking the unique identifier of the mobile agent and the private code in the local node, and verifies whether it is expired by checking the time stamp. If the verification is passed, record the unique identifier of the agent and the unique identifier of the code and data executed by the local managed node and submit the agent to the function extraction module for processing, otherwise report an error message to MAEE.

The function extracting module extracts the code and data executed on the local managed node from the verified mobile agent.

The task executor performs network management tasks with the assistance of MAEE.

The encryption and transmission processing module: dismantling obsolete codes and data (codes that are only executed on this node, some public codes and data that are no longer used), recombining the mobile agent, re-encrypting the changed parts and execution results, And provide information for MAEE to transmit this agent.

2. Security Mechanism

1. Hardware protection mechanism

The method of the invention adopts a hardware protection mechanism, and an additional piece of hardware is equipped for the mobile agent. The hardware is not controlled by the node and the execution environment of the mobile agent, but can execute the mobile agent, and complete management tasks by interacting with the untrustworthy environment through messages. This mechanism provides a safe operating environment for mobile agents and protects the resources of nodes.

The hardware that the inventive method adopts is Java card, and it has realized a Java virtual machine in smart card ROM, and this virtual machine will carry out a subset of Java byte code, provides the function that can be accessed outside, is responsible for controlling the access to smart card resource (such as memory and I/O).

The functions completed by the Java Card are

(1) encrypt and decrypt the mobile agent,

(2) Verify the legal identity, uniqueness and time validity of the mobile agent,

(3) Execute network management tasks,

(4) Extract management result information (in the network management station).

No matter in the network management station or in the managed node, the Java card is not controlled by the local node, and completes the network management task through the interaction with MAEE; the managed node cannot change the code and data of the mobile agent, and the mobile agent can only authority, obtain node resources, and perform legal network management.

2. Encryption and digital signature mechanism

The method of the invention adopts the encryption and decryption algorithm of the conventional key encryption system and the encryption and decryption algorithm of the public key encryption system to encrypt different codes and data parts of the mobile agent, and realize digital signature.

(1) The public code and data shall be executed by all managed nodes, and only the encryption and decryption algorithm of the conventional key cryptosystem is used for encryption and decryption;

(2) The private data and codes belong to each managed node, which is encrypted and decrypted using the encryption and decryption algorithm of the public key cryptography system. After the private code and data of the managed nodes are encrypted with the encryption key, they can only be encrypted by The legitimate managed node (or network management station, when the management station needs to extract the private management result information of the managed node) decrypts with the decryption key. When the managed node, private code and data and some public code and data are no longer used, it is unloaded from the mobile agent, and the generated private data is encrypted with the encryption key of the node;

(3) The newly generated public management result data and the remaining public code and digital combination are re-encrypted with the key of the conventional encryption and decryption algorithm.

Both the key of the conventional encryption and decryption algorithm and the two keys involved in the encryption and decryption algorithm of the public key cryptosystem are protected. These keys are automatically generated and loaded by the network management station and its Java card manager (stored in the Java card certificate or saved to the Java card), rather than artificially assigned; in addition, these keys can only be read by the function module , the key stored in the Java card of the managed node can only be accessed by Java card-specific function modules (decryptor, encryption and transmission processing modules).

The method of the invention also realizes the digital signature mechanism of the mobile agent information. The public code and data of the mobile agent can only be encrypted and decrypted by the network management station and the Java cards of each managed node, while the private code and data can only be encrypted and decrypted by the legal managed node or network management station to which it belongs. In the network management process, the Java card is not controlled by the managed node, and its input is the encrypted mobile agent. The managed node cannot encrypt the mobile agent because it does not know the mobile agent code and data encryption key, that is to say, execute the network management Mobile agents for tasks can only be first issued by the network management station. The method of the invention mainly utilizes the digital signature mechanism of the mobile agent to allow the network management station and the managed node to verify the legal identity of the mobile agent and prevent forgery.

3. Validity Mechanism

An effective security protection mechanism adopted by the method of the present invention is to put a time stamp in the public data of the mobile agent, and the network management station and each managed node will verify whether the mobile agent is expired or not, and determine whether the mobile agent may be reset. retransmission or tampering (because both retransmission and tampering take time).

Another effective security protection mechanism adopted by the method of the present invention is to assign a unique identifier to each mobile agent performing network management tasks and each private code, the former identifier is put into public data, and the latter identifier is put into public data. into private data. Assigning a unique identifier to the mobile agent and its private code will prevent the mobile agent from being resent or tampered with. In the managed node, the Java card records the unique identifier of the visited mobile agent and the unique identifier of the executed private code, and the legitimacy and validity of the mobile agent and its private code are determined by verifying these two identifiers.

The steps included in the safety protection method for mobile agent network management of the present invention are:

Step 1). The mobile agent execution environment of the network management station creates a mobile agent according to the network management task, divides the agent into public code and data, private code and data of each managed node according to the managed nodes to be traversed, and submits them to the network management Station Java Card;

Step 2). The Java card of the network management station first carries out validity management to the mobile agent, adds the unique identifier and the time stamp of the mobile agent to the public data of the mobile agent, and adds each private data to the private data of the mobile agent respectively. The unique identifier of the code, and then encrypt the public code and data of the mobile agent with a conventional encryption algorithm, and then encrypt the private code and data of each node with the encryption algorithm of the public key cryptosystem, and finally hand it over to the mobile agent execution environment. sent to the managed node;

Step 3). After the mobile agent arrives at the managed node, the mobile agent execution environment uploads it to the Java card of the node;

Step 4). The Java card of the managed node first decrypts the public code and data of the mobile agent with a conventional decryption algorithm, then decrypts the private code and data of the local node with the decryption algorithm of the public key cryptosystem, and finally extracts the The unique identifier of the mobile agent, the timestamp and the unique identifier of the private code, verify the validity of the mobile agent, check the unique identifier of the mobile agent and the private code in the local node to verify whether it is legal, and verify its validity by checking the timestamp expired;

Step 5). The function extraction module of the Java card of the managed node extracts the public code and data and the private code and data to be executed at this node from the mobile agent through validity verification, and gives it to the Java card task executor, and the task is executed The server completes network management tasks by interacting with the local resource control module of the mobile agent execution environment;

Step 6). After the network management task of the managed node is completed, the Java card first unloads the private code and data and some public code and data that are no longer needed in the mobile agent, then reassembles the mobile agent, and uses the conventional code and data for the public code and data. The encryption algorithm is re-encrypted, and the new private data is re-encrypted with the encryption algorithm of the public key cryptography system. Finally, the Java card sends the recombined mobile agent and the transmission information of the next node to the mobile agent of the managed node for execution environment, the mobile agent execution environment transmits the mobile agent to the next node, and the mobile agent continues network management in the remaining managed nodes;

Step 7). After the mobile agent completes all network management tasks, it returns to the management station, and the mobile agent execution environment of the network management station gives it to the Java card of the management station;

Step 8). The Java card of the network management station first decrypts the public data of the mobile agent with a conventional decryption algorithm, and then decrypts the private data of all nodes with the decryption algorithm of the public key cryptosystem, and then performs a validity check on the decrypted mobile agent. Verification, verify whether it is legal by checking the unique identifier of the mobile agent, verify whether it is expired by checking the time stamp, and finally, the information extraction module of the Java card extracts the management result information from the decrypted data and submits it to the management station mobile agent The execution environment is used for statistical analysis and processing.

The mobile agent receiving interface module is responsible for inputting the mobile agent into the mobile agent execution environment of the network management station to the Java card of the network management station, processing the management result information submitted by the Java card of the network management station through the management information processing module, and passing the password control module Provide, change or abolish the password used by the Java card of the network management station, and send the mobile agent submitted by the Java card of the network management station through the mobile agent sending interface module.

The Java card of the network management station assigns a unique identifier to the mobile agent and each private code through the validity management module, puts a time stamp in the public data of the mobile agent, or checks the unique identifier in the mobile agent to ensure that the information is not Repeat and check the timestamp to ensure that the information has not expired, encrypt the code and data of the mobile agent through the encryption and transmission processing module, set the transmission path of the agent, decrypt the code and data of the mobile agent through the decryptor, and extract the public information of the mobile agent through the information extraction module data and private data.

The mobile agent execution environment of the managed node is responsible for inputting the mobile agent to the Java card of the managed node through the mobile agent receiving interface module, and ensuring that the Java card legally accesses the system resources of the managed node and reads and writes managed objects through the local resource control module. The mobile agent sending interface module sends the mobile agent submitted by the Java card of the managed node.

The Java card of the managed node decrypts the code and data of the mobile agent through the decryptor, checks the unique identifier of the mobile agent through the validity verification module to ensure that the information is not repeated, checks the time stamp to ensure that the information is not expired, and passes the verification through the function extraction module. In the mobile agent, the code and data executed on the node are extracted, and the network management task is executed through the interaction between the task executor and the local resource control module in the mobile agent execution environment of the managed node, and the encrypted data of the mobile agent is encrypted by the encryption and transmission processing module. Code and data, set the transmission path of the agent.

Beneficial effect

The method of the invention proposes a comprehensive mobile agent network management safety protection method. By using the method proposed by the invention, the complexity caused by the accumulation of scattered security protection methods can be avoided, the flexibility of the security method can be improved, and the purpose of protecting the mobile agent network management can be effectively achieved. A specific description is given below.

1. Security protection combined with hardware and software

In the method of the invention, the mobile agent execution environment is combined with the highly reliable hardware such as the Java card, which helps the mobile agent to avoid the attack of potential malicious nodes in the network management. In the specific network management process, the mobile agent completes the network management task by interacting with the untrustworthy environment through messages. When the hardware cannot control the node, the resource of the node is protected. On this basis, the use of cryptographic technology will further ensure the security of mobile agent and network management information at the software level. The method of the invention ensures the safety of the mobile agent network management from the perspective of hardware and software integration, reduces the difficulty of safety protection, increases the configurability of safety, and makes the system easy to expand.

2. Flexibility

In the method of the present invention, the mobile agent flexibly implements security protection according to specific network management tasks. In this process, distinguishing the mobile agent into public codes and data and private codes and data helps to implement security protection for different objects differently. Security protection, thus improving the flexibility of the system in terms of protection strength.

3. Effectively protect the security of mobile agents in network management transmission

If the attacker intercepts the mobile agent in the managed network transmission, he may tamper with, forge and resend the mobile agent. In the method of the present invention, the difficulty faced by the assailant is that he must obtain the encryption key and the decryption key of the encryption and decryption algorithm of the encryption and decryption algorithm of the conventional encryption and decryption algorithm or the public key cryptosystem, so as to be able to tamper with and forge the mobile agent . These keys are all automatically generated and loaded by the network management station and its Java Card manager (stored in the Java Card certificate or stored in the Java Card), and are kept confidential to anyone (including the administrator); None of the Java Cards piped to the node is controlled by the local node, so it is generally impossible for an attacker to obtain these keys. After the attacker intercepts the mobile agent in transmission, the

Another attack on network management is retransmission. But in the inventive method, by the validity verification of Java card (the validity management of management station Java card), check the unique identifier of mobile agent, time stamp and the unique identifier of private code in the managed section in mobile agent , can verify whether the agent has visited the current node, whether the private code of the managed node in the agent has ever been executed, and whether the agent has expired. It can be seen that the method of the present invention can resist tampering and forgery of the mobile agent during transmission to a certain extent, and can also effectively resist retransmission attacks.

4. Minimize potential safety hazards

The attacker obtained the encryption key and (or) decryption key of the encryption and decryption algorithm of the public key cryptosystem. In the method of the present invention, because the encryption and decryption algorithm of the public key cryptosystem is used to encrypt or decrypt the private codes and data of each managed node of the mobile agent, so when the attacker only obtains a certain managed node public key cryptosystem When the decryption key of the encryption and decryption algorithm is obtained, he can decrypt the private code or data belonging to the node in the mobile agent, but when he does not obtain the encryption key, he cannot tamper with and forge the private code or data, because the Java card input It must be encrypted private code and data, and the attacker cannot encrypt the tampered and forged private code or data without knowing the encryption key, so the tampering and forgery of the private code or data by the attacker is for the Java card to perform management Invalid for the task. Therefore, when the attacker knows the encryption key and the decryption key at the same time, he can decrypt the private code or data belonging to the node before MAEE enters the mobile agent into the Java card, and then tamper and forge it. After re-encrypting, put return to the mobile agent and input it into the Java card, thereby deceiving the Java card of the local node to perform illegal network management tasks; in addition, after the mobile agent completes the task and inputs it to the MAEE, the attacker can decrypt the private data of the node to tamper with and Forged, then re-encrypted, put back into the mobile agent, thereby deceiving the network management station. However, the disclosure of the encryption key and decryption key of the encryption and decryption algorithm of the public key cryptosystem only affects the secure network management of local nodes, and does not affect the secure network management of other parts. It can be seen that the method of the present invention separately encrypts and protects the private code and data of each managed node, which can limit the safety hazards of the network management process to local nodes and reduce the spread of the influence of safety threats in the entire managed network.

Description of drawings

Figure 1 is a schematic diagram of the mobile agent network management security architecture.

Figure 2 is a schematic diagram of the structure and interaction of Java Card and mobile agent execution environment, where Figure 2a is the part of the network management station, and Figure 2b is the part of the managed node.

Fig. 3 is a flow diagram of a security method for mobile agent network management.

Detailed ways

The present invention will be described in more detail according to the drawings and embodiments below.

According to Fig. 1 and Fig. 2, the present invention is a security protection method oriented to mobile agent network management of a kind of system, from the creation of mobile agent in the network management station, to the execution of network management tasks in the managed node, and finally returning to the network management station to submit Information, the entire network management process is protected by security.

For the convenience of description, we assume that the mobile agent performing network management tasks needs to visit n managed nodes, and the Java card of each managed node stores the key of the conventional encryption and decryption algorithm and the two involved in the encryption and decryption algorithm of the public key cryptosystem. A key, let the key of the conventional encryption and decryption algorithm be K, the encryption key of the encryption and decryption algorithm of the public key cryptosystem saved by the Java card of the i (1≤i≤n) managed node is PK _i , and the decryption The key is SK _i ; the Java card of the network management station can obtain K, PK ₁ ~PK _n , SK ₁ ~SK _n from the mobile agent execution environment. In the management process, the mobile execution environment of the network management station creates mobile agents (equipped with public codes and data, private codes and data of each managed node being accessed), and the management station and the mobile agent execution environment of each managed node are responsible for Transmission and reception of mobile agents. The specific implementation method (Fig. 3) is:

(1) The MAEE of the network management station creates a mobile agent according to the network management task, divides the agent into public codes and data, private codes and data of each managed node according to the managed nodes to be traversed, and submits them to the Java card of the network management station

(2) The Java card of the network management station firstly manages the validity of the mobile agent, adds the unique identifier and time stamp of the mobile agent to the public data of the mobile agent, and adds each private code to each private data of the mobile agent The unique identifier of the mobile agent; then use the conventional encryption algorithm to encrypt the public code and data of the mobile agent, and then use the encryption algorithm of the public key cryptosystem to encrypt the private code and data of each node, and finally hand it over to MAEE and send it to the first managed node.

(3) After the mobile agent reaches the i-th (1≤i≤n) managed node, MAEE uploads it to the Java card of the node.

The Java card of the i-th managed node decrypts the public code and data of the mobile agent with a conventional decryption algorithm, and then uses the decryption algorithm of the public key cryptosystem to decrypt the private code and data of the node, and extracts the mobile agent’s ID from the decrypted information. Unique identifier, time stamp and unique identifier of the private code in the local node, validating the mobile agent, checking the mobile agent and the local node.

(4) The unique identifier of the private code in the point verifies whether it is legal, and verifies whether it is expired by checking the timestamp.

(5) The function extraction module of the i-th managed node Java card extracts the public codes and data and private codes and data to be executed on this node from the mobile agent that has passed the validity verification, and delivers them to the Java card task executor. The task executor communicates with the local resource control module of the i-th managed node MAEE

(6) Interact and complete network management tasks.

(7) After the network management task of the i-th managed node is completed, the Java card unloads the private code and data and some public codes and data that are no longer needed in the mobile agent, and reassembles the mobile agent. New data) is re-encrypted with a conventional encryption algorithm, and new private data (which may not exist) is re-encrypted with an encryption algorithm of a public key cryptosystem. Finally, the Java card submits the recombined mobile agent and the transmission information of the next node to the MAEE of the i-th managed node. The MAEE of the ith managed node transfers the mobile agent to the next node. If the next node is the managed node, go to (2); if the next node is the network management station, continue down.

(8) After the mobile agent arrives at the network management station, MAEE uploads it to the Java card of the network management station.

(9) The Java card of the network management station decrypts the public data of the mobile agent with a conventional decryption algorithm, and then decrypts the private data of all nodes with the decryption algorithm of the public key cryptosystem, and then verifies the validity of the decrypted mobile agent, Verify that the mobile agent is legitimate by checking its unique identifier, and verify that it is not expired by checking its timestamp. After passing the verification, the information extraction module of the Java card extracts the management result information from the decrypted data, and sends it to the management information processing module of the management station MAEE for statistical analysis and processing.

Claims (5)

1, a kind of method for security protection towards mobile agent network management is characterized in that the step that this method comprises is:

Step 1). the mobile agent execution environment of Network Management Station is according to webmaster task creation mobile agent, according to travel through by management node with this agency be divided into common code and data, each is by the privately owned code and the data of management node, submits to the Java card of Network Management Station;

Step 2). the Java card of Network Management Station at first carries out the validity management to mobile agent, in the publicly-owned data of mobile agent, add unique identifier, the timestamp of mobile agent, in each private data of mobile agent, add the unique identifier of each privately owned code respectively, encrypt the common code and the data of mobile agent then with conventional cryptographic algorithm, with the cryptographic algorithm of public-key encryptosystem the privately owned code and the data of each node are encrypted respectively again, give the mobile agent execution environment at last, send to by management node;

Step 3). mobile agent arrives by behind the management node, and the mobile agent execution environment uploads to it in Java card of this node;

Step 4). at first deciphered the common code and the data of mobile agent with conventional decipherment algorithm by the Java card of management node, decipher the privately owned code and the data of local node then with the decipherment algorithm of public-key encryptosystem, from the information of deciphering, extract the unique identifier of unique identifier, timestamp and the privately owned code of mobile agent at last, mobile agent is carried out validation verification, check mobile agent and in local node the unique identifier of privately owned code verify whether it legal, whether it expired to stab checking by the review time;

Step 5). by the function extraction module of management node Java card from by the mobile agent of validation verification, extraction will be in common code and data and the privately owned code and the data of this node execution, give Java card task actuator, the task actuator is by carrying out finishing network management task alternately with the local resource control module of mobile agent execution environment;

Step 6). after being finished by the webmaster task of management node, Java card at first unloads takes off privately owned code and data and some publicly-owned code and the data that no longer need in the mobile agent, reconfigure mobile agent then, publicly-owned code and data are encrypted again with conventional cryptographic algorithm, and new private data is encrypted again with the cryptographic algorithm of public-key encryptosystem, at last, the mobile agent after Java card will reconfigure and the transmission information of next node are given by the mobile agent execution environment of management node, the mobile agent execution environment is sent to next node with mobile agent, and mobile agent is proceeded network management remaining by management node;

Step 7). mobile agent returns management station after finishing all webmaster tasks, and the mobile agent execution environment of Network Management Station is given the Java card of management station with it;

Step 8). the Java card of Network Management Station is at first deciphered the common data of mobile agent with conventional decipherment algorithm, be decrypted with the decipherment algorithm of public-key encryptosystem private data again all nodes, mobile agent to deciphering carries out validation verification then, verify by the unique identifier of checking mobile agent whether it is legal, stab checking by the review time and look into whether it expired, at last, the information extraction modules of Java card is the extract management object information from these decrypted data, submits to management station's mobile agent execution environment and does the statistical analysis processing.

2, the method for security protection towards mobile agent network management as claimed in claim 1; it is characterized in that being responsible for the mobile agent execution environment of mobile agent fan-in network management station Java card to Network Management Station by mobile agent receiving interface module; handle the management object information that the Java card of resume module Network Management Station is submitted to by management information; provide, change or abolish the used password of Java card of Network Management Station by the cipher control module, send the mobile agent that the Java card of Network Management Station is submitted to by mobile agent transmission interface module.

3; method for security protection towards mobile agent network management as claimed in claim 2; the Java card that it is characterized in that Network Management Station is that mobile agent and each privately owned code distribute a unique identifier respectively by the validity administration module; in the common data of mobile agent, put into timestamp; check that perhaps the unique identifier guarantee information in the mobile agent does not repeat; review time is stabbed guarantee information not to be had expired; code and data by encryption and transmission process module encrypt mobile agent; agency's transmission path is set; by the code and the data of decipher deciphering mobile agent, extract the common data and the private data of mobile agent by information extraction modules.

4, the method for security protection towards mobile agent network management as claimed in claim 1; it is characterized in that being responsible for mobile agent is input to by the Java card of management node by mobile agent receiving interface module by the mobile agent execution environment of management node; guarantee that by the local resource control module Java card Lawful access by management node system resource, read-write managed object, sends the mobile agent of being submitted to by the Java card of management node by mobile agent transmission interface module.

5; method for security protection towards mobile agent network management as claimed in claim 4; it is characterized in that by code and the data of the Java card of management node by decipher deciphering mobile agent; unique identifier guarantee information by validation verification module check mobile agent does not repeat; review time is stabbed guarantee information not to be had expired; by the function extraction module from the mobile agent that checking is passed through; be extracted in code and data that this node is carried out; by the task actuator and describedly carried out the webmaster task alternately, by encrypting and the code and the data of transmission process module encrypt mobile agent by the local resource control module in the mobile agent execution environment of management node; agency's transmission path is set.

Images