Skip to main content

Introducing Trusted Third Parties to the Mobile Agent Paradigm

  • Chapter
Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

  • 604 Accesses

Abstract

The mobile agent paradigm gains ever more acceptance for the creation of distributed applications, particularly in the domain of electronic commerce. In such applications, a mobile agent roams the global Internet in search of services for its owner. One of the problems with this approach is that malicious service providers on the agent’s itinerary can access confidential information contained in the agent or tamper with the agent.

In this article we identify trust as a major issue in this context and propose a pessimistic approach to trust that tries to prevent malicious behaviour rather than correcting it. The approach relies on a trusted and tamper-resistant hardware device that provides the mobile agent with the means to protect itself. Finally, we show that the approach is not limited to protecting the mobile agents of a user but can also be extended to protect the mobile agents of a trusted third party in order to take full advantage of the mobile agent paradigm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. R. Anderson and M. Kuhn. Tamper resistance — a cautionary note. In The Second USENIX Workshop on Electronic Commerce Proceedings, pages 1–11, Oakland, California, November 1996.

    Google Scholar 

  2. H. Bürk and A. Pfitzmann. Value exchange systems enabling security and unobservability. Computers & Security, 9(8):715–721, 1990.

    Article  Google Scholar 

  3. A. Carzaniga, G. P. Picco, and G. Vigna. Designing distributed applications with mobile code paradigms. In R. Taylor, editor, Proceedings of the 19th International Conference on Software Engineering (ICSE’97), pages 22–32. ACM Press, 1997.

    Google Scholar 

  4. D. M. Chess, B. Grosof, C. G. Harrison, D. Levine, C. Parris, and G. Tsudik. Itinerant agents for mobile computing. IEEE Personal Communications, 2(3):34–49, October 1995.

    Article  Google Scholar 

  5. W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6), November 1976.

    Google Scholar 

  6. DoD. Trusted Computer System Evaluation Criteria (TCSEC). Technical Report DoD 5200.28-STD, Department of Defense, December 1985.

    Google Scholar 

  7. J. Gosling and H. McGilton. The Java language environment. White paper, Sun Microsystems, Inc., 1996.

    Google Scholar 

  8. R.S. Gray. Agent Tel: A transportable agent system. In Proceedings of the CIKM Workshop on Intelligent Information Agents, Baltimore, MD, December 1995.

    Google Scholar 

  9. C. G. Harrison, D. M. Chess, and A. Kershenbaum. Mobile agents: Are they a good idea? In Mobile Object Systems: Towards the Programmable Internet, volume 1222 of Lecture Notes in Computer Science, pages 25–47. Springer Verlag, 1997.

    Google Scholar 

  10. ITU. ITU-T Recommendation X.509: The Directory — Authentication Framework. International Telecommunication Union, 1993.

    Google Scholar 

  11. D. B. Lange and M. Ishima. Program and Deploying Java Mobile Agents with Aglets. Addison-Wesley, 1998.

    Google Scholar 

  12. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of applied cryptography. CRC Press, Inc., 1997.

    Google Scholar 

  13. J. Ordille. When agents roam, who can you trust? Technical Report Technical Report, Computing Science Research Center, Bell Labs, 1996.

    Google Scholar 

  14. RSA Data Security, Inc. PKCS #1: RSA Encryption Standard. RSA Data Security, Inc., November 1993.

    Google Scholar 

  15. R. A. Rueppel. A formal approach to security architectures. In EuroCrypt, pages 387–398, Brighton, England, 1991.

    Google Scholar 

  16. T. Sander and C. Tschudin. Towards mobile cryptography. In IEEE Symposium on Security and Privacy, May 1998.

    Google Scholar 

  17. B. Schneier. Applied cryptography. Wiley, New York, 1994.

    Google Scholar 

  18. J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter 1988 Technical Conference, pages 191–202. USENIX Association, Berkeley, USA, February 1988.

    Google Scholar 

  19. V. Swarup and J. T. Fabrega. Understanding trust. In Secure Internet Programming [22].

    Google Scholar 

  20. New York Times. U.S. workers stole data on 11,000, agency says, April 6, 1996.

    Google Scholar 

  21. G. Vigna. Protecting mobile agents through tracing. In Proceedings of the Third Workshop on Mobile Object Systems, Finland, June 1997.

    Google Scholar 

  22. Jan Vitek and Christian Jensen. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.

    Google Scholar 

  23. J. E. White. Telescript technology: The foundation for the electronic market place. White paper, General Magic, Inc., 1994.

    Google Scholar 

  24. U. G. Wilhelm, L. Buttyàn, and S. Staamann. On the problem of trust in mobile agent systems. In Symposium on Network and Distributed System Security, pages 114–124. Internet Society, March 1998.

    Google Scholar 

  25. I. S. Winkler. The non-technical threat to computing systems. Computing Systems, USENIX Association, 9(1):3–14, Winter 1996.

    Google Scholar 

  26. T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. IEEE Computer, 25(1):39–52, January 1992.

    Google Scholar 

  27. B. Yee. A sancturary for mobile agents. In Secure Internet Programming [22].

    Google Scholar 

  28. P. Zimmermann. PGP User’s Guide. MIT Press, Cambridge, 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Wilhelm, U.G., Staamann, S., Buttyán, L. (1999). Introducing Trusted Third Parties to the Mobile Agent Paradigm. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics