Abstract
The security problems that impact mobile agents include authentication and privacy. A challenging task is to implement secure mobile agents that provide anonymity for the mobile agent. Wang, Zhang, and Wang constructed a scheme that provides secure web transactions with anonymous mobile agents over the internet. Our paper will discuss the Wang, Zhang and Wang protocol(WZW) thoroughly, our work demonstrates the weaknesses of the WZW protocol, showing that it is not as secure as it is claimed to be. In this paper, we will construct attacks on the WZW protocol, provide several repairs and construct a secure scheme for conducting E-commerce using anonymous mobile agents.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. In: SP 2001: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2–11. IEEE Computer Society, Los Alamitos (2001)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)
Borselius, N.: Mobile agent security. Electronics and Communication Engineering Journal 14, 211–218 (2002)
Boukerche, A., Ren, Y.: A Novel Solution based on Mobile Agent for Anonymity in Wireless and Mobile Ad hoc Networks. In: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, pp. 86–94 (2007)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 84–88 (1981)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptography, 65–75 (1988)
Claessens, J., Preneel, B., Vandewalle, J.: (How) can mobile agents do secure electronic transactions on untrusted hosts? ACM Transactions on Internet Technology (TOIT) 3(1), 28–48 (2003)
Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357 (1981)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Reed, M., Syverson, P., Goldschlag, D.: Proxies for anonymous routing. In: Proceeding of the 12th Annual Computer Security Applications, pp. 95–104 (1995)
Saxena, A., Soh, B.: A novel method for authenticating mobile agents with one-way signature chaining. In: Proceedings of The 7th International Symposium on Autonomous Decentralized Systems (ISADS 2005), pp. 187–193 (2005)
Wang, C.J., Zhang, F.G., Wang, Y.: Secure Web Transaction with Anonymous Mobile Agent over Internet. Journal of Computer Science and Technology 18(1), 84–89 (2003)
Zwierko, A., Kotulski, Z.: Mobile Agents: Preserving Privacy and Anonymity. In: Bolc, L., Michalewicz, Z., Nishida, T. (eds.) IMTCI 2004. LNCS (LNAI), vol. 3490, pp. 246–258. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jalal, S., King, B. (2010). An Attack and Repair of Secure Web Transaction Protocol for Anonymous Mobile Agents. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-16342-5_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16341-8
Online ISBN: 978-3-642-16342-5
eBook Packages: Computer ScienceComputer Science (R0)