Skip to main content
SpringerLink
Log in

Mobile agents and telcos’ nightmares

Agents Mobiles et les Cauchemars des OpÉrateurs de TÉlÉcommunication

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

The paper analyzes the current state- of- the- art of mobile agents technology wrt security, seen from the standpoint of a public network operator (pno). It is argued that the current state- of- the- art does not offer sufficient security for large- scale, commercial applications of mobile agents technology within the pno ’s networks. To support this premise, the most important security issues in this context are discussed, and a number of deficiencies are identified. Some of these deficiencies pose principal questions for future research that are not necessarily widely accepted within the agent community.

Résumé

Cet article analyse l’état de l’art dans le domaine de la sécurité des agents mobiles du point de vue d’un opérateur de télécommunication. L’argument principal introduit dans l’article est l’insuffisance des solutions existantes par rapport aux exigences de facteur d’échelle qu ’on retrouve chez les opérateurs. Les principaux problèmes de sécurité rencontrés dans ce cadre sont analysés et les défauts correspondants sont identifiés. Certains de ces problèmes soulèvent des questions controversées concernant la recherche future dans le domaine de la sécurité des agents mobiles.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alexander (D.S.), Arbaugh (W.A.), Keromytis (A.D.), Smith (J.-M.), A secure active network environment architecture.IEEE Network Magazine, special issue on Active and Controllable Netmorks,12(3), pp. 37–45, 1997.

    Google Scholar 

  2. Alexander (D.S.), Arbaugh (W.A.), Keromytis (A.D.), Smith (J.M.), Security in active network, pp. 433–451 of: (Vitek & Jensen, 1999), 1999.

  3. Alves-Foss J., (ed),Formal Syntax and Semantics of Java, Lecture Notes in Computer Science, n° 1523. Springer, 1999.

  4. Appleby (S.), Steward (S.), Mobile software agents for control in telecommunications networks,BT Technology Journal,12(2), pp. 104–113, 1994.

    Google Scholar 

  5. Aucsmith (D.), Tamper resistant software: an implementation, pp.317–333 of: Anderson, R.J. (ed),Information Hiding I996, Lecture Notes in Computer Science, n° 1174, Springer, 1996.

  6. Baentsch (M.), Buhler (P.), Eirich (T.), Horing (F.), Oestrei-cher (M.), JavaCard - from hype to reality.IEEE Concurrency,7(4), pp.36–43, 1999.

    Article  Google Scholar 

  7. Berkovits (S.), Guttman (J.D.), Swarup (V.), Authentication for mobile agents,pp. 114–136 of: (Vigna, 1998), 1998.

  8. Bieszczad (A.), Pagurek (B.), White (T.), Mobile agents for network management,IEEE Communications Surveys,1(1), pp. 2–9, 1998. http://www.comsoc.org/pubs/surveys.

    Article  Google Scholar 

  9. British standards institution.Common criteria V1.0 Web Page, http://wuw.itsec.gov.Uk/itsechtml/ccvl.o/ccvl.htm.

  10. Bonabeau (E.), Henaux (F.), Guérin (S.), Snyers (D.), Kuntz (P.), &Theraulaz (G.), Routing in telecommunications networks with ant-like agents,pp. 60–71 of: Albayrak (S.), Garijo (F.J.), (eds),Intelligent Agents for Telecommunications Applications ’98 (IATA ’98), Lecture Notes in Computer Science, n° 1437, Springer-Verlag, Berlin Germany, 1998.

    Google Scholar 

  11. Chess (D.), Security considerations in agent-based systems,in: First Conference on Emerging Technologies and Applications in Communications (etaCOM), 1996 (May).

  12. Chess (D.), Grosof (B.), Harrison (C), Levine (D.), Parris (C), Tsudtk (G.), Itinerant agents for mobile commputing.IEEE Personal Communication systems,2(5), pp. 34–49, 1995.

    Article  Google Scholar 

  13. DARPA97,Darpa Workshop on Foundations for Secure Mobile Code, 1997 (Mar.), http://uuu.cs.nps.navy.mil/research/lan-guages/ukshp.html

  14. Devanbu (P.T.), Stubblebtne (S.G.), Research directions for automated software verification: using trusted hardware,in: 12th IEEE Int’l Conference on Automated Softwere Engineering -ASE’97, IEEE Computer Society, 1997.

  15. Devanbu (P.T.), Stubblebine (S.G.), Stack and queue integrity on hostile platforms,pp. 198–207 of: IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1998.

  16. Di Caro (G.), Dorigo (M.), Mobile Agents for Adaptive Routing,in: 31stHawaii International Conference on System Science (HICSS ’98), Volume 7: Software Technology, 1998 (Jan).

  17. Digicrime Inc.A full service criminal computer hacking organization, http: //www. digicrime.com.

  18. Ford (W.), Computer communications security. Prentice-Hall, 1994.

  19. Fritzinger (J.S.), Mueller (M),Java security, Tech. rept. Sun Microsystems, Inc, 1996.

  20. Funfrocken (S.), Protecting mobile Web-commerce agents with smartcards,pp. 90–102 of: ASA/MA 99, IEEE Computer Society, 1999.

  21. Greenberg (M.S), Byington (J.C.), Holdting (T.), Mobile Agents and Security,IEEE Communications Magazine,36(7), pp. 76–85, 1998.

    Article  Google Scholar 

  22. Hamilton (M.A.), Java and the Shift to Net-Centric Computing.IEEE Computer, Aug., pp. 31–39, 1996.

  23. Hayzelden (A.L.G.), Bigham (J.), (eds),Software agents for future communication systems: agent based digital communication. Springer, 1999.

  24. Herzberg (A.), Jarecki (S.), Krawczuk (H.), Yung (M), Proactive secret sharing, or: How to cope with perpetual leakage.pp. 339-332 of: CooperSmith (D.) (ed),Advances in Cryptology-Crypto’95, Lecture Notes in Computer Science, n° 963, Springer, 1995.

  25. Hohl (F.), Time limited blackbox security: protecting mobile agents from malicious hosts,pp 92–113 of: (Vigna, 1998), 1998.

  26. Jansen (W.), Karygiannis (T.),Mobile, agent security, Tech. rept. National Institute of Standards and Technology, 1999.

  27. Jennings (N.R.), Wooldridge (M.J.),Agent technology: foundations application and markets. Springer Verlag, Berlin Germany, 1998.

    MATH  Google Scholar 

  28. Johansen (D.), Marzullo (K.), Schneider (F.B.), Jacobsen (K.), Zagorodnov (D.), nap: Practical fault-tolerance for itinerant computations,pp. 180–189 of: 19th IEEE International Conference on Distributed Computing Systems (ICDCS’99), 1999.

  29. Kaufman (C.), Perlman (R.), Speciner (M.),Network security: private communication in a public world, Prentice-Hall, 1995.

  30. Kramer (K.H.), Minar (N.), Maes (P.), Tutorial: Mobile software agents for dynamic routing,Mobile Computing and Communications Review,3(2), pp. 12–16, 1999.

    Article  Google Scholar 

  31. Lange (D.B.), Oshima (M),Programming and deploying Java mobile agents with aglets, Addison-Wesley, 1998.

  32. Loureiro (S.), Molva (R.), Function Hiding based on error correcting codes,In: International Workshop on Cryptographic ’Techniques and E-Commerce (CrypTEC ’99), 1999.

  33. Magedantz (T.), Rothermel (K.), Krause (S.), Intelligent agents: an emerging technology for next generation telecommunications?pp. 464–472 of: IEEE INFOCOM 1996, 1996.

  34. McGraw (G.), Felten (E.W.),Java security: hostile applets,holes, and antidotes, Wiley, 1997.

  35. McGraw (G.), Felten (E.W), Securing Java:getting down to business with mobile code, Wiley, 1998.

  36. Minar (N.), Kramer (K.H.), Maes (P.),Cooperating mobile agent for dynamic network routing. Springer, Chap. 12, 1999.

  37. Minsky (Y.), Van Renesse (R.), Schneider (F.B.), Stoller (S.D.), Cryptographic support for fault tolerant distributed computing, In, pp. 109–114 of:Seventh ACM S1G0PS European Workshop, 1996.

  38. Moore (J.T.) (May),Mobile code security techniques. Tech. rept. MS-CIS-98-28, University of Pennsylvania, Department of Computer and Information Science, 1998 .

  39. Necula (G.C.), (Jan.), Proof-carrying code, pp. 106-119 of:Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL ’97), 1997.

  40. Necula (G.C.), Lee (P.), Safe untrusted agents using proof-carrying code, pp. 61–9f of: (Vigna, 1998), 1998.

  41. Neumann (P.G.), (February), risks digest, Vol. 18, N° 61, http://catless.ncl.ac.uk/Risks/, 1997a.

  42. Neumann (P.G.), (February), risks digest, Vol. 18, N° 82, http://catless ncl.ac.uk/Risks/, 1997b.

  43. Nwana (H.S.), Software agents: an, overview,Knowledge Engineering Review, 11(3), pp. 205–244, 1996.

    Article  Google Scholar 

  44. Ordille (J.-J.), (May), When agents roam, who can you trust?In: First Conference on Emerging Technologies and Applications in Communications (etacoM), 1996.

  45. Ousterhout (J.K.), Levy (J.Y.), & Welch (B.B.), The safe Tcl security model, pp. 217-234 of: (Vigna, 1998), 1998.

  46. Plu (M.), Software technologies for building agent based systems in telecommunication networks, In: (Jennings & Wool-dridge, 1998), 1998.

  47. Posegga (J.), & Vogt (H.), Byte code verification for Java smart cards based on model checking, pp. 175–190 of:5th European Symposium on Research in Computer Security (esorics), Lecture Notes in Computer Science, n° 1485, Springer, 1998.

  48. Qian (Z.), A formal specification of Java virtual machine instructions for objects, methods and subroutines, pp. 271–311 of: (Alves-Foss, 1999), 1999.

  49. Rasmusson (L.), Rasmusson (A.), Janson (S.), Using agents to secure the Internet marketplace - reactive security and social control,In: Practical Applications of Agents and Multi-Agent Systems 1997 (paam’97), 1997.

  50. Reinhardt (A.), The network with smarts, Byte, Oct., 15–66, 1994.

  51. Riordan (J.), Schneider (B.), Environmental key generation towards clueless agents, pp .15–24 of: (Vigna, 1998), 1998.

  52. Rivest (R.L.), Adleman (L.), Dertouzos (M.L), On data banks and privacy homomorphisms, pp. 169–177 of: De Millo (R.A.), Dobkin (D.P.), Jones (A.K.), & Lipton (R.J.), (eds),Foundations of Secure Computing. Academic Press, 1978.

  53. Rothermel (K.), Popescu-Zeletin (R.), (eds),First International Workshop on Mobile Agents (MA ’97), Lecture Notes in Computer Science, n° 1219, Springer, 1997.

  54. Sander (T.), Tschudin (C.), Towards mobile cryptography. pp. 215-224 of:IEEE Symposium on Research in Security and Privacy, IEEÉ Computer Society Press, 1998.

  55. Sander (T.), Young (A.), Yung (M.), Non-interactive CryptoComputing For NC1, In:40th Annual Symposium on Foundations of Computer Science, 1999.

  56. Schneier (F. B.), Towards fault-tolerant and secure agentry.In: 11th Int. Workshop on Distributed Algorithms, 1997 (Sept.).

  57. Schneier (B.), Kelsey (J.), Remote Auditing of Software Outputs Using a Trusted Coprocessor,Journal of Future Generation Computer Systems, 13(1), pp. 9–18, 1997.

    Article  Google Scholar 

  58. SIP, Princeton Safe Internet Programming Group, Web Page, http://wwu.cs.princeton.edu/sip/News.html.

  59. Smith (S.W.), Weingart (S.H.), Building a high-performance, programmable secure coprocessor,Computer Networks and ISDN systems (Special Issue on Network Security), 31 (Apr.), pp. 831–860, 1999.

  60. Sun Microsystems, Security FAQ, http://www.javasoft.com/sfaq.

  61. Tardo (J.), Valente (L.), Mobile agent security and telescript, pp. 58–63 of:IEEE Comp Con ’96, 1996.

  62. Tennenhouse (D.L.), Smith (J.M.), Sincoskie (W.D.), Wethe-rall (D.J.), Minden (G.J.), A Survey of Active Network Research,IEEE Communications Magazine, 35(1), pp. 80–86, 1997.

    Article  Google Scholar 

  63. Travis (P.), Why the at&t network crashed,Telephony, 218(4), pp. 11, 1990.

    Google Scholar 

  64. Tschudin (C), Mobile agent security, pp. 431–445 of: Klusch, M. (ed),Intelligent information agents: cooperative, rational and adaptive information gathering on the Internet, Springer, 1999.

  65. Vigna (G.), Protecting mobile agents through tracing, In:Third Workshop on Mobile Object Systems, 1997 (June).

  66. Vigna (G.), (ed),Mobile agents and security, Lecture Notes in Computer Science, No. 1449, Springer, 1998.

  67. Virdhagriswaran (S.),Agents - state of the Art &The incredible future, http://hunchuen.crystaliz.com/resaarch/sub/agents.pdf, CrystallZ, Inc, 1997 (Jan.).

  68. Vitek (J.), Jensen (C.), (eds),Secure Internet programming: security issues for mobile and distributed objects, Lecture Notes in Computer Science, n° 1603, Springer, 1999.

  69. Walsh (T.), Paciorek (N.), Wong (D.), Security and reliability in Concordia,In: 31st Hawaii International Conference on System Science (HICSS’98), Volume 7: Software Technology, 1998 (Jan.).

  70. Wilhelm (U.G.), Staamann (S.), Buttyan (L.), Introducing trusted third parties to the mobile agent paradigm, pp. 471–491 of: (Vitek & Jensen, 1999), 1999.

  71. Yee (B.S.), A sanctuary for mobile agents, pp. 261–273 of: (Vitek & Jensen, 1999) 1999.

  72. Yellin (F.), Low level security in Java.In: Fourth International Conference on the World-Wide Web, 1995 (Dec).

  73. Young (A.), Yung (M.), Encryption tools for mobile agents: sliding encryption, pp. 230-241 of: BIHAM, P, (ed),Fast Software Encryption, Lecture Notes in Computer Science, n° 1267, Springer, 1997.

Download references

Author information

Authors and Affiliations

  1. IBM Research, IBM Zurich Research Laboratory, Säumerstr. 4, CH-8803, Rüschlikon

    Günter Karjoth

  2. Deutsche Telekom AG, Technologiezentrum, it Security Research, D-64276, Darmstadt

    Joachim Posegga

Authors
  1. Günter Karjoth
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joachim Posegga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Günter Karjoth or Joachim Posegga.

Additional information

The opinions expressed in this paper are solely those of the authors, and do not necessarily reflect the views of their respective employers.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Karjoth, G., Posegga, J. Mobile agents and telcos’ nightmares. Ann. Télécommun. 55, 388–400 (2000). https://doi.org/10.1007/BF02994846

Download citation

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02994846

Mots clés

Key words

Search

Navigation