Abstract
One approach to secure mobile agent execution is restricting the agent route to trusted environments. A necessary condition for this approach to be practical is that the agent route be protected. Previous proposals for agent route protection either offer low security or suffer from high computational costs due to cryptographic operations. We present two fast, hash-based mechanisms for agent route protection. The first solution relies on hash collisions and focuses on minimizing the computational cost of route verification by hosts along the route; the cost is shifted to the stage of route protection by the agent owner. The second solution uses Merkle trees and minimizes the cost of route protection by the agent owner, so that a single digital signature suffices to protect the whole route; for hosts along the route, the verification cost is similar to the cost of previous schemes in the literature, namely one digital signature verification per route step. The first solution is especially suitable for agent routes which go through heavily loaded hosts (to avoid denial of service or long delay). The second solution is more adapted to mitigating the bottleneck at agent owners who are expected to launch a great deal of agents. Both solutions provide independent protection for each route step and can be extended to handle flexible itineraries.
This work is partly supported by the Spanish CICYT under project no. TEL98- 0699-C02-02.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Y. Bennet, “A sanctuary for mobile agents”, in Foundations for Secure Mobile Code Workshop. Monterey CA: DARPA, 1997, pp. 21–27.
J. Borrell, S. Robles, J. Serra and A. Riera, “Securing the itinerary of mobile agents through a non-repudiation protocol”, in 33rd Annual IEEE Intl. Carnahan Conference on Security Technology. Piscataway NJ: IEEE, 1999, pp. 461–464.
J. Domingo-Ferrer, “A new privacy homomorphism and applications”, Information Processing Letters, vol. 60, no. 5, Dec. 1996, pp. 277–282.
J. Domingo-Ferrer, M. Alba and F. Sebé, “Asynchronous large-scale certification based on certificate verification trees”, in IFIPCommunic ations and Multimedia Security’2001, Boston MA: Kluwer, 2000, pp. 185–196.
D. Dyer, “Java decompilers compared”, June 1997. http://www.javaworld.com/javaworld/jw-07-1997/jw-decompilers.html
I. Gassko, P. S. Gemmell and P. MacKenzie, “Efficient and fresh certification”, in Public Key Cryptography’2000, LNCS 1751. Berlin: Springer-Verlag, 2000, pp. 342–353.
F. Hohl, “Time limited blackbox security: Protecting mobile agents from malicious hosts”, in Mobile Agents and Security, LNCS 1419. Berlin: Springer-Verlag, 1998, pp. 92–113.
C. Jutla and M. Yung, “PayTree: “ Amortized-signature” for flexible micropayments”, in Second USENIX Workshop on Electronic Commerce, Oakland CA, Nov. 1996.
D. Libes, Obfuscated C and Other Mysteries, New York: Wiley, 1993.
C. Meadows, “Detecting attacks on mobile agents”, in Foundations for Secure Mobile Code Workshop. Monterey CA: DARPA, 1997, pp. 50–56.
J. Mir, “Protecting flexible routes of mobile agents”, private communication, 2001.
National Bureau of Standards, “Data Encryption Standard”, FIPS Publication 46, Washington DC, 1977.
U. S. National Institute of Standards and Technology, Secure Hash Standard, FIPS PUB 180-1, 1995. http://csrc.ncsl.nist.gov/fips/fip180-1.txt
R. L. Rivest and S. Dusse, “RFC 1321: The MD5 message-digest algorithm”, Internet Activities Board, Apr. 1992.
R. L. Rivest and A. Shamir, “PayWord and MicroMint: Two simple micropayment schemes”, Technical report, MIT Laboratory for Computer Science, Nov. 1995.
T. Sander and C. F. Tschudin, “Protecting mobile agent against malicious hosts”, in Mobile Agents and Security, LNCS 1419. Berlin: Springer-Verlag, 1998, pp. 44–60.
K. B. Sriram, “Hashjava-a java applet obfuscator”, July 1997. http://www.sbktech.org/hashjava.html
J. P. Stern, G. Hachez, F. Koeune and J.-J. Quisquater, “Robust object watermarking: application to code”, in Information Hiding’99, LNCS 1768. Berlin: Springer-Verlag, 2000, pp. 368–378.
M. Strasser, K. Rothermel and C. Maihöfer, “Providing reliable agents for electronic commerce”, in TREC’98, LNCS 1402. Berlin: Springer-Verlag, 1998, pp. 241–253.
N. van Someren, “The practical problems of implementing MicroMint”, in Financial Cryptography’2001, February 2001 (proceedings still to appear). Available from author nicko@ncipher.com.
G. Vigna, “Cryptographic traces for mobile agents”, in Mobile Agents and Security, LNCS 1419. Berlin: Springer-Verlag, 1998, pp. 137–153.
D. Westho., M. Schneider, C. Unger and F. Kaderali, “Methods for protecting a mobile agent’s route”, in Information Security-ISW’99, LNCS 1729. Berlin: Springer-Verlag, 1999, pp. 57–71.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Domingo-Ferrer, J. (2001). Mobile Agent Route Protection through Hash-Based Mechanisms. In: Rangan, C.P., Ding, C. (eds) Progress in Cryptology — INDOCRYPT 2001. INDOCRYPT 2001. Lecture Notes in Computer Science, vol 2247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45311-3_2
Download citation
DOI: https://doi.org/10.1007/3-540-45311-3_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43010-0
Online ISBN: 978-3-540-45311-6
eBook Packages: Springer Book Archive