Abstract
Recent work has shown that several cryptographic protocols for the protection of free-roaming mobile agents are vulnerable by means of protocol interleaving attacks. This paper presents equivalent protocols meant to be robust against this type of attack. Moreover, it describes the required processes and data structures at a level of detail that can be translated to an implementation in a straightforward way. Our aim is to demonstrate how cryptographic processing can be implemented transparently for agent programmers, thereby reducing the risks of human error in (secure) mobile agent programming.
This research was supported by the DAAD (German Academic Exchange Service). Views and conclusions contained in this document are those of the author and do not necessarily represent the official opinion, either expressed or implied, by the DAAD.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
V. Roth, "On the robustness of some cryptographic protocols for mobile agent protection," in Proc. Mobile Agents 2001, vol. 2240 of Lecture Notes in Computer Science, Springer Verlag, December 2001.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Discrete Mathematics and its Applications, New York: CRC Press, 1996. ISBN 0-8493-8523-7.
V. Roth and V. Conan, "Encrypting Java Archives and its application to mobile agent security," in Agent Mediated Electronic Commerce: A European Perspective (F. Dignum and C. Sierra, eds.), vol. 1991 of Lecture Notes in Artifical Intelligence, pp. 232–244, Berlin: Springer Verlag, 2001.
M. Bellare and B. Yee, "Forward integrity for secure audit logs," tech. rep., Computer Science and Engineering Department, University of California at San Diego, November 1997.
PKWARE Inc., 9025 N. Deerwood Dr., Brown Deer, WI 53223-2480, .ZIP File Format Specification, November 2001. Available at URL http://www.pkware.com/support/appnote.html.
T. Dell, D. Hopwood, D. Brown, B. Renaud, and D. Connelly, Manifest Format. Sun Microsystems Inc. and Netscape Corporation, March 1999. Available at URL http://java.sun.com/products/jdk/1.2/docs/guide/jar/.
T. Bray, E. Maler, J. Paoli, and C. M. Sperberg-McQueen, "Extensible Markup Language (XML) 1.0," w3c recommendation, W3C, October 2000. Available at URL http://www.w3.org/TR/2000/REC-xml-20001006.
V. Roth, "Mutual protection of co-operating agents," in Secure Internet Programming: Security Issues for Mobile and Distributed Objects (J. Vitek and C. Jensen, eds.), vol. 1603 of Lecture Notes in Computer Science, pp. 275–285, New York, NY, USA: Springer-Verlag Inc., 1999.
A. Corradi, R. Montanari, and C. Stefanelli, "Mobile agents protection in the Internet environment," in The 23rd Annual International Computer Software and Applications Conference (COMPSAC’ 99), pp. 80–85, 1999.
G. Karjoth, N. Asokan, and C. Gülcü, "Protecting the computation results of free-roaming agents," in Proceedings of the Second International Workshop on Mobile Agents (MA’ 98) (K. Rothermel and F. Hohl, eds.), vol. 1477 of Lecture Notes in Computer Science, pp. 195–207, Berlin Heidelberg: Springer Verlag, September 1998.
G. Karjoth, "Secure mobile agent-based merchant brokering in distributed marketplaces," in Proc. ASA/MA 2000 (D. Kotz and F. Mattern, eds.), vol. 1882 of Lecture Notes in Computer Science, pp. 44–56, Berlin Heidelberg: Springer Verlag, 2000.
International Telecommunication Union, Information technology — Abstract Syntax Notation One (ASN.1): Specification of basic notation, December 1997. ITU-T Recommendation X.680, equivalent to ISO/IEC International Standard 8824-1.
International Telecommunication Union, Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), December 1997. ITU-T Recommendation X.690, equivalent to ISO/IEC International Standard 8825-1.
N. M. Karnik and A. R. Tripathi, "Security in the Ajanta mobile agent system," Technical Report TR-5-99, University of Minnesota, Minneapolis, MN 55455, U. S. A., May 1999.
S. Loureiro, Mobile Code Protection. Ph.d. thesis, Ecole Nationale Supérieure des Télécommunications, January 2001.
D. Johansen, R. van Renesse,, and F. B. Schneider, "An introduction to the TACOMA distributed system version 1.0," Technical Report 95-23, Department of Computer Science, University of Tromsø, June 1995.
V. Roth and M. Jalali, "Concepts and architecture of a security-centric mobile agent server," in Proc. Fifth International Symposium on Autonomous Decentralized Systems (ISADS 2001), (Dallas, Texas, U.S.A.), pp. 435–442, IEEE Computer Society, March 2001. ISBN 0-7695-1065-5.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roth, V. (2002). Empowering Mobile Software Agents. In: Suri, N. (eds) Mobile Agents. MA 2002. Lecture Notes in Computer Science, vol 2535. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36112-X_4
Download citation
DOI: https://doi.org/10.1007/3-540-36112-X_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00085-3
Online ISBN: 978-3-540-36112-1
eBook Packages: Springer Book Archive