Towards the use of mobile agents for privacy negotiation

Abstract

With the increase in popularity of e-Commerce, concern for privacy has also increased. Users are becoming increasingly concerned about what personal information they could reveal when they go online. Currently, an e-Commerce Website does not provide full support to conduct negotiations concerning personal information between a user and a Web site. A user has to comply with the privacy policy specified on the Web site and has two choices: either they abandon the transaction or accept the privacy practices of the host. The Platform for Privacy Preferences (P3P) [16] specification, a W3C standard, enables Web sites to specify their privacy practices in a standardized manner. The presence of P3P policies enables users to configure their Web browsers to constrain what they can and cannot do when visiting sites. However, one major limitation of P3P is that no support is given within the specification for negotiation of privacy preferences between a user and a Web site. As e-Commerce is growing, a proper negotiation mechanism should be in place to enhance user control over personal information, so users can decide what personal information they wish to release to the Web site. This thesis proposes a novel mechanism to address this limitation, focusing on the use of mobile agents with a web ontology language (OWL) for privacy negotiation. Thus far in the literature there appears to be no working mobile agent mechanism that does privacy policy negotiation, particularly in the context of P3P. The architecture proposed here explicitly incorporates the concept of variable end-user requirements with respect to privacy. It is designed keeping in mind a negotiation scenario where the user device has limited resources (i.e., poor connectivity) and cannot negotiate directly with desired Web sites, but, obviously, less constrained user devices may also benefit from this work. Despite the advantages of a mobile-agent-based architecture, there are several issues which hinder the deployment of mobile agents in real life scenarios. Two major security concerns associated with a mobile agent paradigm are malicious agents and malicious hosts. In this thesis, malicious host concerns have been addressed by proposing a Trace Based protocol. This protocol is designed keeping in mind the desired security properties required, and also considering other factors like resource constrained devices and bandwidth preservation.