The Research And Realization Of Mobile Agent Platform Used For VPN

Mobile agent is a self-determining program that can migrate itself freely from onecomputer to another in the heterogeneous networks. It can choose the time and thedestination of a migration. For example, it can suspend itself at any peer, and thenmigrate itself to another computer to resume execution. The technology of mobile agenthas been used in many domains of networking, such as network management,distributed invasion detection systems, electronic commerce systems, search engine, IPnetwork flow controlling, information retrieval systems, etc. However, it is rarely seento apply mobile agent to the security mechanism of virtual private networks (VPN).This paper mainly focuses on the research of applying mobile agent to the securitymechanism of virtual private networks. Based on the deep study of the migration andcommunication mechanism of mobile agent, we propose a technique named connectionmigration mechanism, and design a mobile agent platform – VPNAgent system, whichuses the technique to implement security mechanism of virtual private networks. In theexistent VPN security mechanisms,encrypted information is likely to be decryptedwhile getting across the firewall, so that it may be attacked by any possibility, and thesecurity of the encrypted information seems being weakened. In order to avoid thisconflict, we implement a VPNAgent System. By using this technique, the validdatagram can get across the firewall without decryption. VPNAgent System makes VPNmechanism more secure and reliable. The main contributions include:1. Propose a reliable technique named connection migration mechanism.To solve the message communication problem in the mobile agent migration andcommunication, we propose a technique of connection migration mechanism betweenmobile agents. The mechanism supports continuous and transparent communicationoperations between mobile agents while provides exactly-once delivery for alltransmitted data during agent migration. To avoid frequent agent authentication andpermission checking due to agent migration, a secret session key is associated with eachconnection. We implement this mechanism and name it AgentSocket in VPNAgentsystem used in the VPN security mechanism. It is a pure middleware implementation,without requiring modification of Java Virtual Machines. Evaluation results show thatthe AgentSocket system incurs a moderate overhead in connection setup, mainly due tosecurity checking. Once a secure connection is established, only a marginal cost isneeded to pay for reliable communication during agent migration.2. Design and implement the VPNAgent system.The traditional encryption mechanism used by VPN is conflicted with the detectionmechanism of firewall. To solve this problem, we construct the VPNAgent System. Inthis system, mobile agent works at the client, inspects the data, encrypts and signs thelegal ones, and then guards the packets to the firewall, shows the signature to the StaticAgent which works at the firewall, the Static Agent inspects the signature and removesit from the valid packet, then sends the valid packet to the destination host. Thus, thevalid packets are approved to pass through the firewall without decryption.