### 1. Introduction

Confidentiality: Ensures that information is only accessible to those who are allowed access.

Authenticity: Permits proving the identity of a person or the origin of data.

Integrity: Ensures that data has not been accidentally or intentionally modified by a third party.

### 2. Background

Develop rules without programming.

Business experts to participate directly in the management of rules.

Automate decisions and manage frequent modifications of the rules.

Reduce development costs.

Improve reaction and adaptation capacities facing the changes.

### 2.1 Collaboration

### 2.2 Agents

Capable to act in an environment.

Dispose of their own resources.

Can communicate directly with other agents.

Possess expertise and offers services.

Capable of perceiving its environment.

The environment E: Represents the space where agents can move;

A set of situated objects O: This means that at it is possible to associate with any object that is in position in E;

A set of agents A: Considered as particular objects representing the active entities of the system;

A set of relations R: Unites the objects (especially the agents) between them;

A set of operations OP: Allows the agents of A to produce, consume, transform, and manipulate the objects of O. This corresponds to the ability of agents to perceive their environment.

### 3. Related Works and Contributions

### 3.1 Related Works

### 3.2 Our Contributions

Design and implementation of a collaborative system (BRMS) dedicated to business experts.

Covering the security aspect and its integration into the whole system.

Implementing an agent-based architecture where the security agent and the translator agent play an important role.

Providing a convivial and ergonomic editor as a collaborative interface for the experts.

### 4. Cryptography Algorithms

### 4.1 Symmetric Cryptography Algorithms

#### 4.1.1 DES (Data Encryption Standard)

*B*

*of 64 bits. For each block*

_{i}*B*

*, the following steps are applied:*

_{i}_{i}. We call

*G*

_{0}and

*D*

_{0}the parts that are 32 bits to the right and left of the obtained block.

*G*_{i}=*D*_{i}_{-1}-
*D*_{i}*= G*_{i-}_{1}XOR*f*(*D*_{i-}_{1},*K*)_{i}Where*K*is a block of 48 bits of the key_{i}*K*, and*f*is a function composed successively of a bit expansion, a XOR, a bit reduction, and a bits permutation. We recomposed a block

*B*_{16}by recovering*D*_{16}and*G*_{16}in this order.We performed the inverse permutation of the initial permutation (IP

^{−1}).

#### 4.1.2 Blowfish

#### 4.1.3 RC4 (Rivest Cipher 4)

*K*initialized with the byte of the key and a table P (called a state table, which is the flux applied on the clear text) initialized with the numbers of 0 to 255 that are permuted pseudo-randomly according to the table

*K*. The second step consists also in permutations to perform the encryption. Note that all additions are performed modulo 256.

#### 4.1.4 AES (Advanced Encryption Standard)

*N*

*columns, in which each term*

_{c}*x*

*(called byte) is composed of 8 bits (*

_{i,j}*b*=

*b*

_{7}

*b*

_{6}

*b*

_{5}

*b*

_{4}

*b*

_{3}

*b*

_{2}

*b*

_{1}

*b*

_{0}), and can be represented algebraically as polynomials of degree ≤7 (

*b*=

*b*

_{7}

*X*

_{7}+

*b*

_{6}

*X*

_{6}+

*b*

_{5}

*X*

_{5}+

*b*

_{4}

*X*

_{4}+

*b*

_{3}

*X*

_{3}+

*b*

_{2}

*X*

_{2}+

*b*

_{1}

*X*+

*b*

_{0}) with coefficients in {0, 1}. The length key can be 128, 192, or 256 bits [20]. AES operates on a 4×4 matrix (when the length of the message is 128) whose inputs are words of 8 bits. The clear message was cut into 16 blocks of 8 bits and filled in from top to bottom and left to right. The four steps of a round are [22]:

SubBytes: Each entry is replaced by another word of 8 bits given by a correspondence table;

ShiftRows: Inputs are shifted in a circular left shift of a number of squares depending on the line;

MixColumns: Each column is replaced by a new column obtained by transforming the column in a polynomial and multiplied by a fixed polynomial;

AddRoundKey: Each input is replaced by the OR exclusive between this input and the corresponding input in a 4×4 matrix built from the key.

### 4.2 Asymmetric Cryptography Algorithms

#### 4.2.1 RSA (Rivest-Shamir-Adleman)

Randomly generate two primes (

*p*and*q*), then multiplying them to generate the number*n*.Determine ϕ(

*n*) / ϕ(*n*) = (*p*- 1) * (*q*- 1)Determine

*e*/*p*,*q*<*e*<*ϕ*(*n*)Determine

*d*/*e***d*mod*ϕ*(*n*) = 1 and*p*,*q*<*d*<*ϕ*(*n*)The couple (

*n*,*e*) is the public key encryption, while the couple (*n*,*d*) is its private keyTo encrypt a text, we applied:

*c*=*m*^*e*mod*n*To decrypt a text, we applied:

*m*=*c*^*d*mod*n*

*m*is the plaintext message and

*c*is the encrypted message.

*M*of values between 0 and

*n-*1. For each integer

*M*it is necessary to calculate

*c*≡

*m*^

*e*mod

*n*. The encrypted message is comprised of the integers sequence

*c*. To decrypt

*c*,

*d*is used, and we recovered the clear message by

*m*=

*c*^

*d*mod

*n*.

### 4.3 Theoretical Comparison

### 5. Proposed Approach

### 5.1 Development Environment

### 5.2 Web Interface

#### 5.2.1 Rules edition

### 5.2.1.1 Syntactic verification module

**R1:**If an employee’s salary exceeds the salary of his director then mark this employee as having a special status → rule syntactically correct.

**R2:**If an emplyee’s salary exceeds the salary of his director then mark this employee as having a special status → rule syntactically incorrect.

### 5.2.1.2 Semantic verification module

### 5.2.1.3 Technical translation module

### 5.2.1.4 Consistency management module

### 5.2.1.5 Security module

Authentication: The identification of an expert is possible through an authentication process. There are many tools that have been developed for this, such as code PIN, login, banking card, badge, fingerprint, retinal scan, and vocal recognition.

Encryption: This is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. This term is most often associated with scrambling plaintext (ordinary text, sometimes referred to as clear text) into cipher text (a process called encryption) and then unscrambling it (known as decryption) [18].

### 5.2.1.6 Applicability module

### 5.2.1.7 Storage module

#### 5.2.2 Our agents

Expert agent: Responsible for the recuperation of the rules seized by the expert. This agent saves the rules and transmits them to the Translator agent.

Supervisor agent: Performs all control tasks in the system.

Translator agent: The heart of our system that retrieves the rule from the Expert agent, browses the domain ontology, and extracts the set of concepts that correspond to the introduced rule. Finally, this agent sends the technical rule to the Evaluator agent.

Evaluator agent: Responsible for assessing the consistency of the business rules. This agent recovers the rule translated by the Translator agent and accesses the rules repository to test if this rule poses a problem with another rule, and if it is does, the Evaluator agent sends a message to the Expert agent; otherwise this agent validates the rule.

Security agent: Responsible for encrypting and decrypting the business rule. This agent uses the AES algorithm to encrypt and decrypt the business rules (see Section 6).

### 6. Implementation

### 6.1 Execution Scenario

*If the customer’s state is MIN and the customer’s category is GOLD and the date of the order is between January 1 and January 31, 2015, then give a 10% discount on the order and add this message to the order “As a GOLD customer, you have received a 10% discount on your order”.*

### 6.2 Experimentations

#### 6.2.1 Experiment 1: Response time (ms) with the four encryption algorithms

#### 6.2.2 Experiment 2: Response time (ms) with a different rules base

#### 6.2.3 Experiment 3: Response time (ms) with variations in the size of the rules

#### 6.2.4 Experiment 4: Memory space with the four encryption algorithms

#### 6.2.5 Experiment 5: Resistance to the attacks

*Doctor Dobbs Journal*, showed that Blowfish contained some flaws. In practice, these flaws are not exploitable. Blowfish is relatively new and not very widespread. As such, there is not enough information yet to say if this algorithm is truly powerful [20].

*K*[20]. According to the three researchers, these two attacks are applicable and can permit a complete recuperation of the key with an efficiency that is superior to the attack. However, it is necessary to know that these attacks are not feasible in all cases. So the use of the RC4 encryption in the SSL protocol, for example, is made in order to avoid those two types of attacks [20].

#### 6.2.7 Experiment 7: The objective function

#### 6.2.8 Experiment 8: Agent performance

#### 6.2.9 Experiment 9: Encryption of the key

### 7. Discussion

Security level: resistance to cryptanalysis.

Key length: security vs. generation costs, transmission, storage.

Debit.

Block size: security vs. complexity (implementation cost).

Complexity of the encryption function: security vs. cost (development and hardware).

Error propagation.