Agent and Modern Cryptography

The ground breaking development of modern cryptography has been meeting the demand of security of various applications over open network: Conceptually, the openness of modern cryptosystems, both symmetrical cryptosystem such as DES[2], IDEA[3], and asymmetric cryptosystem, such as RSA[4], lays a shared foundation of security operations of agents across the Internet. Technically, some security standard software packages and APIs are under development, and they could be available in very near future[6][7]. Those achievements, like the achievements in AI, are ripe to be adopted in development of agent applications. Agents, as primarily human-delegated software, could become the primary area for us to practice modern cryptographic technology because:

1. Software agents are playing increasingly active and bigger role in electronic commerce. To be adopted into soft agent development would be the direction for modern cryptography to fully demonstrate its potential significant function in electronic commerce.

2. Execution of most security protocols would be big burden for end-user, however, it could be done fairly easily by autonomous software, agents.

RETSINA[8], an intelligent multi-agent project at Carnegie Mellon University, is developing a general architecture of agents which can communicate with agent communication language, such as KQML[9] and work together cooperatively by applying DAI theory and technology. The multi-agent system is expected to be employed in various agent-based applications over the Internet, particularly in electronic commerce. Because of the importance and feasibility of security mentioned above, security mechanisms and functionality are considered as one of the basic features in our design[10]. At same time, we recognize that to achieve agent security, it is necessary to establish trust relationship among agent societies and an agent-based public key infrastructure is under construction[11].
In this paper, we systematically and comprehensively introduce our methodology and design of trust establishment, internal security functional module structure of agent, as well as an extension of agent communication language to achieve security of agent and agent society for general agent-based applications.
The remainder of the paper is organized as follows: Section 2, will introduce our work on establishment of trust for security agent societies, which will lay, in a bottom up fashion, a authentication foundation for agent security. This is security infrastructure for secure environment of agent. In section 3, we will introduce the basic methodology, a three-level partition for agent security involving security policy making, security protocol generation and security operation execution, as well as the security architecture within an agent. In section 4, we will introduce an extension of agent communication language for agent secure communication and trust management. In section 5, we will discuss some limitations and open problems.
Since our work, unlike other papers[12][13], focuses on general reusable software agent architecture,we are not going to focus on any specific application project or on a particular aspect.