Abstract
The mobile agent paradigm gains ever more acceptance for the creation of distributed applications, particularly in the domain of electronic commerce. In such applications, a mobile agent roams the global Internet in search of services for its owner. One of the problems with this approach is that malicious service providers on the agent’s itinerary can access confidential information contained in the agent or tamper with the agent.
In this article we identify trust as a major issue in this context and propose a pessimistic approach to trust that tries to prevent malicious behaviour rather than correcting it. The approach relies on a trusted and tamper-resistant hardware device that provides the mobile agent with the means to protect itself. Finally, we show that the approach is not limited to protecting the mobile agents of a user but can also be extended to protect the mobile agents of a trusted third party in order to take full advantage of the mobile agent paradigm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
R. Anderson and M. Kuhn. Tamper resistance — a cautionary note. In The Second USENIX Workshop on Electronic Commerce Proceedings, pages 1–11, Oakland, California, November 1996.
H. Bürk and A. Pfitzmann. Value exchange systems enabling security and unobservability. Computers & Security, 9(8):715–721, 1990.
A. Carzaniga, G. P. Picco, and G. Vigna. Designing distributed applications with mobile code paradigms. In R. Taylor, editor, Proceedings of the 19th International Conference on Software Engineering (ICSE’97), pages 22–32. ACM Press, 1997.
D. M. Chess, B. Grosof, C. G. Harrison, D. Levine, C. Parris, and G. Tsudik. Itinerant agents for mobile computing. IEEE Personal Communications, 2(3):34–49, October 1995.
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6), November 1976.
DoD. Trusted Computer System Evaluation Criteria (TCSEC). Technical Report DoD 5200.28-STD, Department of Defense, December 1985.
J. Gosling and H. McGilton. The Java language environment. White paper, Sun Microsystems, Inc., 1996.
R.S. Gray. Agent Tel: A transportable agent system. In Proceedings of the CIKM Workshop on Intelligent Information Agents, Baltimore, MD, December 1995.
C. G. Harrison, D. M. Chess, and A. Kershenbaum. Mobile agents: Are they a good idea? In Mobile Object Systems: Towards the Programmable Internet, volume 1222 of Lecture Notes in Computer Science, pages 25–47. Springer Verlag, 1997.
ITU. ITU-T Recommendation X.509: The Directory — Authentication Framework. International Telecommunication Union, 1993.
D. B. Lange and M. Ishima. Program and Deploying Java Mobile Agents with Aglets. Addison-Wesley, 1998.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of applied cryptography. CRC Press, Inc., 1997.
J. Ordille. When agents roam, who can you trust? Technical Report Technical Report, Computing Science Research Center, Bell Labs, 1996.
RSA Data Security, Inc. PKCS #1: RSA Encryption Standard. RSA Data Security, Inc., November 1993.
R. A. Rueppel. A formal approach to security architectures. In EuroCrypt, pages 387–398, Brighton, England, 1991.
T. Sander and C. Tschudin. Towards mobile cryptography. In IEEE Symposium on Security and Privacy, May 1998.
B. Schneier. Applied cryptography. Wiley, New York, 1994.
J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter 1988 Technical Conference, pages 191–202. USENIX Association, Berkeley, USA, February 1988.
V. Swarup and J. T. Fabrega. Understanding trust. In Secure Internet Programming [22].
New York Times. U.S. workers stole data on 11,000, agency says, April 6, 1996.
G. Vigna. Protecting mobile agents through tracing. In Proceedings of the Third Workshop on Mobile Object Systems, Finland, June 1997.
Jan Vitek and Christian Jensen. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.
J. E. White. Telescript technology: The foundation for the electronic market place. White paper, General Magic, Inc., 1994.
U. G. Wilhelm, L. Buttyàn, and S. Staamann. On the problem of trust in mobile agent systems. In Symposium on Network and Distributed System Security, pages 114–124. Internet Society, March 1998.
I. S. Winkler. The non-technical threat to computing systems. Computing Systems, USENIX Association, 9(1):3–14, Winter 1996.
T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. IEEE Computer, 25(1):39–52, January 1992.
B. Yee. A sancturary for mobile agents. In Secure Internet Programming [22].
P. Zimmermann. PGP User’s Guide. MIT Press, Cambridge, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Wilhelm, U.G., Staamann, S., Buttyán, L. (1999). Introducing Trusted Third Parties to the Mobile Agent Paradigm. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_22
Download citation
DOI: https://doi.org/10.1007/3-540-48749-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66130-6
Online ISBN: 978-3-540-48749-4
eBook Packages: Springer Book Archive