ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
(How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions
Full text PdfPdf (198 KB)
Source ACM Transactions on Internet Technology (TOIT) archive
Volume 3 ,  Issue 1  (February 2003) table of contents
Pages: 28 - 48  
Year of Publication: 2003
ISSN:1533-5399
Authors
Joris Claessens  Katholieke Universiteit Leuven---ESAT/SCD-COSIC, Leuven-Heverlee, Belgium
Bart Preneel  Katholieke Universiteit Leuven---ESAT/SCD-COSIC, Leuven-Heverlee, Belgium
Joos Vandewalle  Katholieke Universiteit Leuven---ESAT/SCD-COSIC, Leuven-Heverlee, Belgium
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 48,   Downloads (12 Months): 403,   Citation Count: 15
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/643477.643479
What is a DOI?

ABSTRACT

This article investigates if and how mobile agents can execute secure electronic transactions on untrusted hosts. An overview of the security issues of mobile agents is first given. The problem of untrusted (i.e., potentially malicious) hosts is one of these issues, and appears to be the most difficult to solve. The current approaches to counter this problem are evaluated, and their relevance for secure electronic transactions is discussed. In particular, a state-of-the-art survey of mobile agent-based secure electronic transactions is presented.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Joy Algesheimer , Christian Cachin , Jan Camenisch , Gunter Karjoth, Cryptographic Security for Mobile Code, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.2, May 14-16, 2001
 
2
N. Asokan , G. Tsudik , M. Waidner, Server-supported signatures, Journal of Computer Security, v.5 n.1, p.91-108, Jan. 1997
 
3
David Aucsmith, Tamper Resistant Software: An Implementation, Proceedings of the First International Workshop on Information Hiding, p.317-333, May 30-June 01, 1996
 
4
Boaz Barak , Oded Goldreich , Russell Impagliazzo , Steven Rudich , Amit Sahai , Salil P. Vadhan , Ke Yang, On the (Im)possibility of Obfuscating Programs, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.1-18, August 19-23, 2001
 
5
Mihir Bellare , Sara K. Miner, A Forward-Secure Digital Signature Scheme, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.431-448, August 15-19, 1999
6
S. M. Bellovin, Security problems in the TCP/IP protocol suite, ACM SIGCOMM Computer Communication Review, v.19 n.2, p.32-48, April 1, 1989  [doi>10.1145/378444.378449]
 
7
Shimshon Berkovits , Joshua D. Guttman , Vipin Swarup, Authentication for Mobile Agents, Mobile Agents and Security, p.114-136, January 1998
 
8
Ingrid Biehl , Bernd Meyer , Susanne Wetzel, Ensuring the Integrity of Agent-Based Computations by Short Proofs, Proceedings of the Second International Workshop on Mobile Agents, p.183-194, September 01, 1998
 
9
Binder, W. 1999. J-Seal2---A secure high-performance mobile agent system. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 141--150.
 
10
Niklas Borselius , Chris J. Mitchell , Aaron Wilson, On Mobile Agent Based Transactions in Moderately Hostile Environments, Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security, p.173-186, November 26-27, 2001
 
11
Niklas Borselius , Chris J. Mitchell , Aaron Wilson, Undetachable Threshold Signatures, Proceedings of the 8th IMA International Conference on Cryptography and Coding, p.239-244, December 17-19, 2001
 
12
Christian Cachin , Jan Camenisch , Joe Kilian , Joy Müller, One-Round Secure Computation and Secure Autonomous Mobile Agents, Proceedings of the 27th International Colloquium on Automata, Languages and Programming, p.512-523, July 09-15, 2000
 
13
David M. Chess, Security Issues in Mobile Code Systems, Mobile Agents and Security, p.1-14, January 1998
 
14
Chess, D. M., Grosof, B., Harrison, C. G., Levine, D., Parris, C., and Tsudik, G. 1995. Itinerant agents for mobile computing. IBM Res. Rep. RC 20010.
 
15
David M. Chess , Colin G. Harrison , Aaron Kershenbaum, Mobile Agents: Are They a Good Idea?, Selected Presentations and Invited Papers Second International Workshop on Mobile Object Systems - Towards the Programmable Internet, p.25-45, July 08-09, 1996
 
16
Joris Claessens , Bart Preneel , Joos Vandewalle, Secure Communication for Secure Agent-Based Electronic Commerce Applications, E-Commerce Agents, Marketplace Solutions, Security Issues, and Supply and Demand, p.180-190, January 2001
 
17
Ronald Cramer, Introduction to Secure Computation, Lectures on Data Security, Modern Cryptology in Theory and Practice, Summer School, Aarhus, Denmark, July 1998, p.16-62, January 1999
 
18
Amitabha Das , Yao Gongxuan, A Secure Payment Protocol Using Mobile Agents in an Untrusted Host Environment, Proceedings of the Second International Symposium on Topics in Electronic Commerce, p.33-41, April 26-28, 2001
 
19
de Carvalho Ferreira, L. and Dahab, R. 2001. Blinded-key signatures: Securing private keys embedded in mobile agents. Tech. Rep., Institute of Computing, University of Campinas, Brazil.
 
20
Bart De Decker , Frank Piessens , Erik Van Hoeymissen , Gregory Neven, Semi-trusted Hosts and Mobile Agents: Enabling Secure Distributed Computations, Proceedings of the Second International Workshop on Mobile Agents for Telecommunication Applications, p.219-232, September 18-20, 2000
 
21
Dierks, T. and Allen, C. 1999. The TLS Protocol Version 1.0. IETF Request for Comments, RFC 2246.
 
22
Naganand Doraswamy , Dan Harkins, IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Prentice Hall PTR, Upper Saddle River, NJ, 1999
 
23
Eastlake, D., Reagle, J., and Solo, D. 2002. XML-Signature syntax and processing. W3C Recommendation.
 
24
William M. Farmer , Joshua D. Guttman , Vipin Swarup, Security for Mobile Agents: Authentication and State Appraisal, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.118-130, September 25-27, 1996
 
25
Farmer, W. M., Guttman, J. D., and Swarup, V. 1996a. Security for mobile agents: Issues and requirements. In Proceedings of the Nineteenth National Information Systems Security Conference.
 
26
Oded Goldreich , Birgit Pfitzmann , Ronald L. Rivest, Self-Delegation with Controlled Propagation - or - What If You Lose Your Laptop, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.153-168, August 23-27, 1998
 
27
Li Gong , Roland Schemers, Signing, Sealing, and Guarding Java Objects, Mobile Agents and Security, p.206-216, January 1998
 
28
Robert S. Gray , David Kotz , George Cybenko , Daniela Rus, D'Agents: Security in a Multiple-Language, Mobile-Agent System, Mobile Agents and Security, p.154-187, January 1998
 
29
Hassler, V. 2000. Mobile agent security. In Security Fundamentals for E-Commerce, Computer Security Series. Artech House, Chapter 20, 331--351.
 
30
Fritz Hohl, A Model of Attacks of Malicious Hosts Against Mobile Agents, Workshop ion on Object-Oriented Technology, p.299, July 20-24, 1998
 
31
Fritz Hohl, Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts, Mobile Agents and Security, p.92-113, January 1998
 
32
Fritz Hohl, A Framework to Protect Mobile Agents by Using Reference States, Proceedings of the The 20th International Conference on Distributed Computing Systems ( ICDCS 2000), p.410, April 10-13, 2000
 
33
Markus Jakobsson , Ari Juels, X-Cash: Executable Digital Cash, Proceedings of the Second International Conference on Financial Cryptography, p.16-27, February 23-25, 1998
 
34
Jansen, W. 2000. Countermeasures for mobile agent security. Comput. Commun. 23, 17 (Nov.), 1667--1676.
 
35
Jansen, W. and Karygiannis, T. 1999. Mobile agent security. NIST Special Publication 800-19.
 
36
Günter Karjoth , N. Asokan , C. Gülcü, Protecting the Computation Results of Free-Roaming Agents, Proceedings of the Second International Workshop on Mobile Agents, p.195-207, September 01, 1998
 
37
Günter Karjoth , Danny B. Lange , Mitsuru Oshima, A Security Model for Aglets, Mobile Agents and Security, p.188-205, January 1998
 
38
Kim, H., Baek, J., Lee, B., and Kim, K. 2001. Secret computation with secrets for mobile agent using one-time proxy signature. In Proceedings of the 2001 Symposium on Cryptography and Information Security, 845--850.
 
39
Paul C. Kocher , Joshua Jaffe , Benjamin Jun, Differential Power Analysis, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.388-397, August 15-19, 1999
40
David Kotz , Robert S. Gray, Mobile agents and the future of the internet, ACM SIGOPS Operating Systems Review, v.33 n.3, p.7-13, July 1999  [doi>10.1145/311124.311130]
 
41
Panayiotis Kotzanikolaou , Mike Burmester , Vassilios Chrissikopoulos, Secure Transactions with Mobile Agents in Hostile Environments, Proceedings of the 5th Australasian Conference on Information Security and Privacy, p.289-297, July 10-12, 2000
 
42
Kotzanikolaou, P., Katsirelos, G., and Chrissikopoulos, V. 1999. Mobile agents for secure electronic transactions. In Recent Advances in Signal Processing and Communications, N. Mastorakis, Ed., World Scientific, River Edge, NJ, 363--368.
43
Hugo Krawczyk, Simple forward-secure signatures from any signature scheme, Proceedings of the 7th ACM conference on Computer and communications security, p.108-115, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352617]
44
Danny B. Lange , Mitsuru Oshima, Seven good reasons for mobile agents, Communications of the ACM, v.42 n.3, p.88-89, March 1999  [doi>10.1145/295685.298136]
 
45
Byoungcheon Lee , Heesun Kim , Kwangjo Kim, Secure Mobile Agent Using Strong Non-designated Proxy Signature, Proceedings of the 6th Australasian Conference on Information Security and Privacy, p.474, July 11-13, 2001
 
46
Loureiro, S. 2001. Mobile code protection. PhD thesis, ENST Paris.
 
47
Loureiro, S. and Molva, R. 1999. Function hiding based on error correcting codes. In Proceedings of the CryptTEC'99 International Workshop on Cryptographic Techniques and Electronic Commerce (Hong Kong), M. Blum and C. Lee, Eds., 92--98.
 
48
Loureiro, S. and Molva, R. 2000. Mobile code protection with smartcards. In Proceedings of the Sixth ECOOP Workshop on Mobile Object Systems: Operating System Support, Security and Programming Languages.
 
49
Loureiro, S., Molva, R., and Pannetrat, A. 1999. Secure data collection with updates. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 121--130.
 
50
Meadows, C. 1997. Detecting attacks on mobile agents. In Proceedings of the DARPA Foundations for Secure Mobile Code Workshop.
 
51
Johannes Merkle , Ralph Werchner, On the Security of Server-Aided RSA Protocols, Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, p.99-116, February 05-06, 1998
52
Yaron Minsky , Robbert van Renesse , Fred B. Schneider , Scott D. Stoller, Cryptographic support for fault-tolerant distributed computing, Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications, September 09-11, 1996, Connemara, Ireland  [doi>10.1145/504450.504472]
 
53
George C. Necula , Peter Lee, Safe, Untrusted Agents Using Proof-Carrying Code, Mobile Agents and Security, p.61-91, January 1998
 
54
Neuman, B. C. 1993. Proxy-based authorization and accounting for distributed systems. In Proceedings of the Thirteenth International Conference on Distributed Computing Systems, 283--291.
 
55
Gregory Neven , Frank Piessens , Bart De Decker, On the Practical Feasibiltiy of Secure Distributed Computing: A Case Study, Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, p.361-370, August 22-24, 2000
 
56
Ng, S.-K. and Cheung, K.-W. 1999. Intention spreading: An extensible theme to protect mobile agents from read attack hoisted by malicious hosts. In Intelligent Agent Technology: Systems, Methodologies, and Tools---Proceedings of the first Asia-Pacific Conference on Intelligent Agent Technology (IAT '99), J. Liu and N. Zhong, Eds., World Scientific, River Edge, NJ, 406--415.
 
57
Donal O'Mahony , Michael Pierce , Hitesh Tewari , Michael Peirce, Electronic Payment Systems, Artech House, Inc., Norwood, MA, 1997
 
58
John K. Ousterhout , Jacob Y. Levy , Brent B. Welch, The Safe-Tcl Security Model, Mobile Agents and Security, p.217-234, January 1998
59
Lars Rasmusson , Sverker Jansson, Simulated social control for secure Internet commerce, Proceedings of the 1996 workshop on New security paradigms, p.18-25, September 17-20, 1996, Lake Arrowhead, California, United States  [doi>10.1145/304851.304857]
 
60
James Riordan , Bruce Schneier, Environmental Key Generation Towards Clueless Agents, Mobile Agents and Security, p.15-24, January 1998
 
61
Romão, A. and da Silva, M. M. 1999. Proxy certificates: A mechanism for delegating digital signature power to mobile agents. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 131--140.
 
62
Volker Roth, On the Robustness of Some Cryptographic Protocols for Mobile Agent Protection, Proceedings of the 5th International Conference on Mobile Agents, p.1-14, December 02-04, 2001
 
63
Tomas Sander , Christian F. Tschudin, On Software Protection via Function Hiding, Proceedings of the Second International Workshop on Information Hiding, p.111-123, April 14-17, 1998
 
64
Tomas Sander , Christian F. Tschudin, Protecting Mobile Agents Against Malicious Hosts, Mobile Agents and Security, p.44-60, January 1998
 
65
Sander, T. and Tschudin, C. F. 1998c. Towards mobile cryptography. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, 215--224.
 
66
SET Secure Electronic Transaction LLC. SET Secure Electronic Transaction Specification. Available at http://www.setco.org/.
 
67
Adi Shamir , Nicko van Someren, Playing "Hide and Seek" with Stored Keys, Proceedings of the Third International Conference on Financial Cryptography, p.118-124, February 01, 1999
 
68
Shoup, V. 2000. Practical threshold signatures. In Advances in Cryptology---EUROCRYPT 2000, B. Preneel, Ed., Lecture Notes in Computer Science, vol. 1807, Springer-Verlag, New York, 207--220.
 
69
Spafford, E. H. 1988. The Internet worm program: An analysis. Purdue Tech. Rep. CSD-TR-823.
 
70
TCPA. Trusted Computing Platform Alliance. Available at http://www.trustedpc.org/.
 
71
Tschudin, C. F. 1999. Mobile Agent Security. In Intelligent Information Agents: Agent-Based Information Discovery and Management on the Internet, M. Klusch, Ed., Springer-Verlag, New York, Chapter 18, 431--446.
 
72
Vigna, G. 1997. Protecting mobile agents through tracing. In Proceedings of the Third ECOOP Workshop on Mobile Object Systems: Operating System Support for Mobile Object Systems.
 
73
Giovanni Vigna, Cryptographic Traces for Mobile Agents, Mobile Agents and Security, p.137-153, January 1998
 
74
Dennis M. Volpano , Geoffrey Smith, Language Issues in Mobile Program Security, Mobile Agents and Security, p.25-43, January 1998
 
75
Wilhelm, U. G., Staamann, S., and Buttyán, L. 1998. On the problem of trust in mobile agent systems. In Proceedings of the 1998 Network and Distributed System Security (NDSS'98) Symposium.
 
76
Bennet S. Yee, A sanctuary for mobile agents, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
 
77
Yi, X., Siew, C. K., and Syed, M. R. 2000. Digital signature with one-time pair of keys. Electron. Lett. 36, 2 (Jan.), 130--131.
 
78
Adam Young , Moti Yung, Sliding Encryption: A Cryptographic Tool for Mobile Agents, Proceedings of the 4th International Workshop on Fast Software Encryption, p.230-241, January 20-22, 1997

CITED BY  15
G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, AEGIS: architecture for tamper-evident and tamper-resistant processing, Proceedings of the 17th annual international conference on Supercomputing, June 23-26, 2003, San Francisco, CA, USA
Paul C. van Oorschot , Anil Somayaji , Glenn Wurster, Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.82-92, April 2005
Wenyu Qu , Hong Shen , John Sum, New analysis on mobile agents based network routing, Design and application of hybrid intelligent systems, IOS Press, Amsterdam, The Netherlands, 2003
Nikolaos Papadakis , Antonios Litke , Dimitrios Skoutas , Theodora Varvarigou, MEMPHIS: a mobile agent-based system for enabling acquisition of multilingual content and providing flexible format internet premium services, Journal of Systems Architecture: the EUROMICRO Journal, v.52 n.6, p.315-331, June 2006
MARIA FASLI, On agent technology for e-commerce: trust, security and legal issues, The Knowledge Engineering Review, v.22 n.1, p.3-35, March 2007
Jia Zhang, A mobile agents-based approach to test the reliability of web services, International Journal of Web and Grid Services, v.2 n.1, p.92-117, February 2006
Ariel Futoransky , Emiliano Kargieman , Carlos Sarraute , Ariel Waissbein, Foundations and applications for secure triggers, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.94-112, February 2006
Guido Rotondi , Gianpiero Guerrera, A consistent history authentication protocol, ACM SIGSOFT Software Engineering Notes, v.31 n.3, May 2006
Salvatore Garruzzo , Stefano Modafferi , Domenico Rosaci , Domenico Ursino, An XML-based agent model for supporting user activities on the Web, Web Intelligence and Agent System, v.4 n.2, p.181-207, April 2006
G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, Efficient Memory Integrity Verification and Encryption for Secure Processors, Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, p.339, December 03-05, 2003
Cristian Mateos , Alejandro Zunino , Marcelo Campo, JGRIM: An approach for easy gridification of applications, Future Generation Computer Systems, v.24 n.2, p.99-118, February, 2008
Georgios V. Lioudakis , Eleftherios A. Koutsoloukas , Nikolaos L. Dellas , Nikolaos Tselikas , Sofia Kapellaki , George N. Prezerakos , Dimitra I. Kaklamani , Iakovos S. Venieris, A middleware architecture for privacy protection, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.16, p.4679-4696, November, 2007
G. Edward Suh , Charles W. O'Donnell , Srinivas Devadas, Aegis: A Single-Chip Secure Processor, IEEE Design & Test, v.24 n.6, p.570-580, November 2007
Yan Wang , Duncan S. Wong , Huaxiong Wang, Employ a mobile agent for making a payment, Mobile Information Systems, v.4 n.1, p.51-68, January 2008
Sean M. Price, Host-Based Security Challenges and Controls: A Survey of Contemporary Research, Information Security Journal: A Global Perspective, v.17 n.4, p.170-178, July 2008

INDEX TERMS

Primary Classification:
  A. General Literature
  A.1 INTRODUCTORY AND SURVEY

Additional Classification:
  E. Data
  E.3 DATA ENCRYPTION

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security


Keywords:
Mobile agent security, electronic transactions, malicious hosts

Collaborative Colleagues:
Joris Claessens: colleagues
Bart Preneel: colleagues
Joos Vandewalle: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player