Abstract
Mobile agent is a program which can autonomously migrate from a host to another and it provides a useful framework for Electronic Commerce. But, in spite of mobile agent system’s benefits, it has been exposed to the serious security attacks from malicious hosts or agents. So, there has been a lot of works in the mobile agent’s security, and recently, Kim and Chung proposed a security protocol for mobile agent system [5]. But their protocol has some security weaknesses; i.e., it is vulnerable to intruder-in-the-middle attack and the previous agent platform can forge the multi-signature. In this paper, we show that their protocol has the security weaknesses. And then we propose a new security protocol for secure mobile agent system that solves the weaknesses of their protocol and provides the security services such as the mutual authentication, the confidentiality, the non-repudiation, and the prevention of replay attack. Our protocol is very suitable for protecting mobile agent from malicious host in the Electronic Commerce Web site that searches the best price of the products.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
N. Borselius, “Mobile Agent Security,” Electronics and Communication Engineering Journal, Vol.14, No.5, pp.211–218, 2002.
S. Funfrocken, “Integrating Java-based Mobile Agents into Web Servers under Security Concerns,” Proceeding of the Hawaii International Conference on System Sciences, 1998.
W.M. Farmer, J.D. Guttman and V. Swarup, “Security for Mobile Agents: Issues and Requirements,” Proceedings of the National Information Systems Security Conference (NISSC), 1996.
F. Hohl, “Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts,” Mobile Agent Security, LNCS 1420, Springer, pp.91–113, 1998.
S. Kim and I. Chung, “A Secure Mobile Agent System Applying Identity-Based Digital Signature Scheme,” EurAsia-ICT 2002, LNCS 2510, pp.588–596, 2002.
S. Mitomi and A. Miyaji, “A General Model of Multisignature Schemes with Message Flexibility, Order Flexibility, and Order Verifiability,” IEICE Transaction on Fundamentals, Vol.E84-A, No.10, pp.2488–2499, 2001.
A. J. Menezes, P.C. Oorschot and S. A. Vanstone, Handbook of Applied Cryptography, CRC, 1997.
National Security Agency, “SKIPJACK and KEA Algorithm Specification,” Version 2.0, May 29, 1998.
T. Okamoto and K. Ohta, “A Digital Multisignature Scheme based on the Fiat-Shamir Scheme,” Advances in Cryptology — Proceedings of ASIACRYPT’91, LNCS 739, Springer-Verlag, pp.139–148, 1991.
A. Shamir, “Identity-based Cryptosystem and Signature Scheme,” Advances in Cryptology, Springer-Verlag, pp.47–57, 1985.
I. Satoh, “An Architecture for Next Generation Mobile Agent Infrastructure,” Proceedings of International Symposium on Multi-Agent and Mobile Agents (MAMA’2000), ICSC Academic Press, pp281–287, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, SH., Lee, SH. (2003). A Secure Mobile Agent System Using Multi-signature Scheme in Electronic Commerce. In: Chung, CW., Kim, CK., Kim, W., Ling, TW., Song, KH. (eds) Web and Communication Technologies and Internet-Related Social Issues — HSI 2003. HSI 2003. Lecture Notes in Computer Science, vol 2713. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45036-X_53
Download citation
DOI: https://doi.org/10.1007/3-540-45036-X_53
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40456-9
Online ISBN: 978-3-540-45036-8
eBook Packages: Springer Book Archive