Skip to main content
SpringerLink
Log in

Verifiable Distributed Oblivious Transfer and Mobile Agent Security

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent’s privacy and the hosts’ privacy. In this paper, we introduce a new cryptographic primitive called Verifiable Distributed Oblivious Transfer (VDOT), which allows us to replace a single trusted party with a group of threshold trusted servers. The design of VDOT uses a novel technique called consistency verification of encrypted secret shares. VDOT protects the privacy of both the sender and the receiver against malicious attacks of the servers. We also show the design of a system to apply VDOT to protect the privacy of mobile agents. Our design partitions an agent into the general portion and the security-sensitive portion. We also implement the key components of our system. As far as we know, this is the first effort to implement a system that protects the privacy of mobile agents. Our preliminary evaluation shows that protecting mobile agents not only is possible, but also can be implemented efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Algesheimer, C. Cachin, J. Camenisch and G. Karjoth, Cryptographic security for mobile code, in: IEEE Symposium on Secutity and Privacy (2001) IEEE pp. 2–11.

  2. M. Bellare and S. Micali, Non-interactive oblivious transfer and applications, in: Advances in Cryptology—Proceedings of CRYPTO 89, vol. 435 of Lecture Notes in Computer Science (1990) pp. 547–557.

  3. E.R. Berlekamp, Algebraic Coding Theory (McGraw-Hill, 1968).

  4. G. Brassard, C. Crepeau and J.-M. Robert All -or- nothing disclosure of secrets, in: Advance in Cryptology –Proceedings of CRYPTO 86, vol. 263 of Lecture Notes in Computer Science (1986) pp. 234–238.

  5. C. Cachin, J. Camenisch, J. Killan and J. Muller, One-round secure computation and secure autonomous mobile agents, in: Automata, Languages Programming, 27th International Colloquium, vol. 1853 of Lecture Notes in Computer Notes in Computer Science, (2000) pp. 512–523.

  6. B. Chor, O. Goldreich, E. Kushilevitz and M. Sudan, Private information retrieval, Journal of the ACM 45(6) (1998) 965–982.

    Article  MathSciNet  Google Scholar 

  7. R. Cramer, I. Damgård and B. Schoenmakers, Proofs of partial knowledge and simplified design of witness hiding protocols, in: Advances in Cryptology – Proceeding of CRYPT, vol. 839 of Lecture Notes in Computer Science, Springer, Verlag, (1994) pp. 174–187

  8. G. Di Crescenzo, T. Malkin and R. Ostrovsky, Single database private information retrieval implies obivious transfer, in: Advances in Cryptology—Proceedings of EUROCRYPT 2000, vol. 1807 of Lecture Notes in Computer Science (2000) pp. 122–138.

  9. S. Even, O. Goldreich and A. Lempel, A randomized protocol for signing contracts, Communications of the ACM 28 (1985) 637–647.

    Article  MathSciNet  Google Scholar 

  10. P. Feldman, A practical scheme for non–interactive verifiable secret sharing, in: Proceedings of the 28th IEEE Symposium on Foundations of Computer Science (1987) pp. 427–437.

  11. Y. Gertner, S. Goldwasser, and T. Malkin, A random server model for private information retrieval, in: RANDOM’98, vol 1518 of Lecture Notes in Computer Science, (1998) pp. 200–217.

  12. Y. Gertner, Y. Ishai, E. Kushilevitz and T. Malkin, Protecting data privacy in private information retrieval schemes, in: Proceedings of the 30th Annual ACM Symposium on the Theory of Computing (1998) pp. 151–160.

  13. O. Goldreich, Secure multi-party computation. Working Draft Version 1.1 (1998).

  14. L. Gong, Java security architecture (JDK1.2) Technical report, Sun Microsystems (1998).

  15. E. Kushilevitz and R. Ostrovsky, Replication is NOT needed: SINGLE database, computationally-private information retrieval, in: Proceedings of the 38th IEEE Symposium on Foundations of Computer Science (1997) pp. 364–373.

  16. R.J. McEliece and D.V. Sarwate, On sharing secrets and Reed-Solomon codes, Communications of the ACM 24(9) (1981) 583–584.

    Article  MathSciNet  Google Scholar 

  17. M. Naor and B. Pinkas, Oblivious transfer and polynomial evaluation. in: Proceedings of the 31st Annual ACM Symposium on the Theory of Computing (1999) pp. 245–254.

  18. M. Naor and B. Pinkas, Oblivious transfer with adaptive queries, in: Advances in Cryptology – Proceeding of CRYPTO 99, vol. 1666 of Lecture Notes in Computer Science (1999) pp. 573–590.

  19. M. Naor and B. Pinkas Distributed oblivious transfer. in: Advances in Cryptology ASIACRYPT 2000, vol. 1976 of Lecture Notes in Computer Science, (2000) pp. 205–219.

  20. G.C Necula and P. Lee, Safe, untrusted agents using proof-carrying code, in: Mobile Agents and Security, vol. 1419 of Lecture Notes in Computer Science (1998) pp. 61–91.

  21. T.P. Pedersen, Non-interactive and information-theoretical secure verifiable secret sharing, in: Advances in Cryptology-Proceedings of CRYPTO 91, vol. 576 of Lecture Notes in Computer Science (1992) pp. 129–140.

  22. J. Pieprzyk and X.-M. Zhang, Cheating prevention in secret sharing over GF(pt), in: INDOCRYPT 2001, vol. 2247 of Lecture Notes in Computer Science (2001) pp. 79–90.

  23. M. Rabin, How to exchange secrets by oblivious transfer, Tech. memo TR-81, (Aiken Computation Laboratory, Havard Univ., 1981).

  24. T. Rabin and M. Ben-or. Verifiable secret sharing and multiparty protocols with honest majority, in: Proceedings of 21th Annual ACM Symposium on the Theory of Computing (1989) pp. 73–85.

  25. T. Sander and C. Tschudin, Protecting mobile agents against malicious hosts, in: Mobile Agents and Security, vol. 1419 of Lecture Notes in Computer Science, (1998) pp. 44–60.

  26. Tomas Sander, Adam Young, and Moti Young, Non-interactive cryptocomputing for NC1, in: Proceedings of the 40th IEEE Symposium on Foundations of Computer Science (1998) pp. 554–567. ACM.

  27. A. Shamir, How to share a secret, Communications of the ACM 22(11) (1979) 612–613.

    Article  MATH  MathSciNet  Google Scholar 

  28. S.R. Tate and K. Xu, Mobile agent security through multi-agent cryptographic protocols, in: Proceedings of the 4th International Conference on Intrnet Computing (IC 2003) (2003) pp. 462–468.

  29. A. Yao, How to generate and exchange secrets, in: Proceedings of the 27th IEEE Symposium on Foundations of Computer Science (1986) pp. 162–167.

  30. X.-M. Zhang and J. Pieprzuk, Cheating immune secret sharing, in: ICICS 2001, vol. 2229 of Lecture Notes In Computer Science, (2001) pp. 144–149.

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Yale University, New Haven, CT, 06520, U.S.A.

    Sheng Zhong & Yang Richard Yang

Authors
  1. Sheng Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Richard Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Additional information

This work was supported in part by the DoD University Research Initiative (URI) program administered by the Office of Naval Research under grant N00014-01-1-0795. Sheng Zhong was supported by ONR grant N00014-01-1-0795 and NSF grants ANI-0207399 and CCR-TC-0208972. Yang Richard Yang was supported in part by NSF grant ANI-0207399. A preliminary version of this paper was presented at the DialM-POMC Joint Workshop on Foundations of Mobile Computing in 2003.

Sheng Zhong received his Ph.D. in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory.

Yang Richard Yang is an Assistant Professor of Computer Science at Yale University. His research interests include computer networks, mobile computing, wireless networking, sensor networks, and network security. He leads the LAboratory of Networked Systems (LANS) at Yale. His recent awards include a Schlumberger Fellowship and a CAREER Award from the National Science Foundation. He received his B.E. degree from Tsinghua University (1993), and his M.S. and Ph.D. degrees from the University of Texas at Austin (1998 and 2001).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhong, S., Richard Yang, Y. Verifiable Distributed Oblivious Transfer and Mobile Agent Security. Mobile Netw Appl 11, 201–210 (2006). https://doi.org/10.1007/s11036-005-4472-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-005-4472-2

Keywords

Search

Navigation