(How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions

ACM Transactions on Internet Technology

Volumn 3, Issue 1, 2003, Pages 28-48

  Claessens, Joris ^a   Preneel, Bart ^a   Vandewalle, Joos ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

Electronic transactions; Malicious hosts; Mobile agent security

Indexed keywords

ELECTRONIC PAYMENTS; ELECTRONIC TRANSACTIONS; MALICIOUS HOSTS; MOBILE AGENT SECURITY;

BANDWIDTH; CRYPTOGRAPHY; ELECTRONIC COMMERCE; INFORMATION MANAGEMENT; PROBLEM SOLVING; SECURITY OF DATA; WEB BROWSERS;

INTERNET;

EID: 1142282727     PISSN: 15335399     EISSN: None     Source Type: Journal    
DOI: 10.1145/643477.643479     Document Type: Review

References (78)

1. ALGESHEIMER, J., CACHIN, C., CAMENISCH, J., AND KARJOTH, G. 2001. Cryptographic security for mobile code. In Proceedings of the IEEE Symposium on Security and Privacy (S&P 2001), 2-11.
2. ASOKAN, N., TSUDIK, G., AND WAIDNER, M. 1997. Server-supported signatures. J. Comput. Sec. 5, 1, 91-108.
3. AUCSMITH, D. 1996. Tamper resistant software: An implementation. In Proceedings of the Information Hiding Workshop '96, R. Anderson, Ed., Springer-Verlag, New York, 317-333.
4. BARAK, B., GOLDREICH, O., IMPAGLIAZZO, R., RUDICH, S., SAHAI, A., VADHAN, S., AND YANG, K. 2001. On the (im)possibility of obfuscating programs. In Advances in Cryptology - CRYPTO 2001, J. Kilian, Ed., Lecture Notes in Computer Science, vol. 2139, Springer-Verlag, New York, 1-18.
5. BELLARE, M. AND MINER, S. K. 1999. A forward-secure digital signature scheme. In Advances in Cryptology - CRYPTO'99, M. Wiener, Ed., Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, New York, 431-448.
6. BELLOVIN, S. M. 1989. Security problems in the TCP/IP protocol suite. Comput. Commun. Rev. 19, 2 (April), 32-48.
7. BERKOVITS, S., GUTTMAN, J. D., AND SWAEUP, V. 1998. Authentication for mobile agents. In Mobile Agents and Security, G. Vigna, Ed. Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 114-136.
8. BIEHL, I., MEYER, B., AND WETZEL, S. 1998. Ensuring the integrity of agent-based computations by short proofs. In Proceedings of the Second International Workshop on Mobile Agents, K. Rothermel and P. Hohl, Eds., Lecture Notes in Computer Science, vol. 1477, Springer-Verlag, New York, 183-194.
9. BINDER, W. 1999. J-Seal2 - A secure high-performance mobile agent system. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 141-150.
10. BORSELIUS, N., MITCHELL, C. J., AND WILSON, A. 2001a. On mobile agent based transactions in moderately hostile environments. In Advances in Network and Distributed Systems Security - Proceedings of IFIP I-NetSec'01, B. De Decker, P. Piessens, J. Smits, and E. Van Herreweghen, Eds., Kluwer Academic, Hingham, MA, 173-186.
11. BOHSELIUS, N., MITCHELL, C. J., AND WILSON, A. 2001b. Undetachable threshold signatures. In Proceedings of the Eighth IMA International Conference on Cryptography and Coding, B. Honary, Ed., Lecture Notes in Computer Science, vol. 2260, Springer-Verlag, New York, 239-244.
12. CACHIN, C., CAMENISCH, J., KILIAN, J., AND MÜLLER, J. 2000. One-round secure computation and secure autonomous mobile agents. In Proceedings of the 27th International Colloquium on Automata, Languages and Programming (ICALP), U. Montanari, J. D. P. Rolim, and E. Welzl, Eds., Lecture Notes in Computer Science, vol. 1853. Springer-Verlag, New York, 512-523.
13. CHESS, D. M. 1998. Security issues in mobile code systems. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 1-14.
14. CHESS, D. M., GROSOF, B., HARRISON, C. G., LEVINE, D., PARRIS, C., AND TSUDIK, G. 1995. Itinerant agents for mobile computing. IBM Res. Rep. RC 20010.
15. CHESS, D. M., HARRISON, C. G., AND KERSHENBAUM, A. 1997. Mobile agents: Are they a good idea? In Proceedings of the Second International Workshop on Mobile Object Systems: Towards the Programmable Internet, J. Vitek and C. Tschudin, Eds., Lecture Notes in Computer Science, vol. 1222, Springer-Verlag, New York, 25-45.
16. CLAESSENS, J., PRENEEL, B., AND VANDEWALLE, J. 2001. Secure communication for secure agent-based electronic commerce. In E-Commerce Agents: Marketplace Solutions, Security Issues, and Supply and Demand, J. Liu and Y. Ye, Eds., Lecture Notes in Computer Science, vol. 2033, Springer-Verlag, New York, 180-190.
17. CRAMER, R. 1999. Introduction to secure computation. In Lectures on Data Security - Modern Cryptology in Theory and Practice, I. Damgård, Ed., Lecture Notes in Computer Science, vol. 1561, Springer-Verlag, New York, 16-62.
18. DAS, A. AND GONGXUAN, Y. 2001. A secure payment protocol using mobile agents in an untrusted host environment. In Electronic Commerce Technologies - Proceedings of the Second International Symposium, ISEC 2001, W. Kou, Y. Yesha, and C. J. Tan, Eds., Lecture Notes in Computer Science, vol. 2040, Springer-Verlag, New York, 33-41.
19. DE CAHVALHO FERREIRA, L. AND DAHAB, R. 2001. Blinded-key signatures: Securing private keys embedded in mobile agents. Tech. Rep., Institute of Computing, University of Campinas, Brazil.
20. DE DECKER, B., PIESSENS, F., VAN HOEYMISSEN, E., AND NEVEN, G. 2000. Semi-trusted hosts and mobile agents: Enabling secure distributed computations. In Proceedings of the Second International Workshop on Mobile Agents for Telecommunication Applications, E. Horlait, Ed., Lecture Notes in Computer Science, vol. 1931, Springer-Verlag, New York, 219-232.
21. DIERKS, T. AND ALLEN, C. 1999. The TLS Protocol Version 1.0. IETF Request for Comments, RFC 2246.
22. DORASWAMY, N. AND HARKINS, D. 1999. IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks. Prentice-Hall, Englewood Cliffs, NJ.
23. EASTLAKE, D., REAGLE, J., AND SOLO, D. 2002. XML-Signature syntax and processing. W3C Recommendation.
24. FARMER, W. M., GUTTMAN, J. D., AND SWARUP, V. 1996b. Security for mobile agents: Authentication and state appraisal. In Proceedings of the Fourth European Symposium on Research in Computer Security (ESORICS), E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds., Lecture Notes in Computer Science, vol. 1146, Springer-Verlag, New York, 118-130.
25. FARMER, W. M., GUTTMAN, J. D., AND SWARUP, V. 1996a. Security for mobile agents: Issues and requirements. In Proceedings of the Nineteenth National Information Systems Security Conference.
26. GOLDREICH, O., PFITZMANN, B., AND RIVEST, R. L. 1998. Self-delegation with controlled propagation - or - What if you lose your laptop. In Advances in Cryptology - CRYPTO'98, H. Krawczyk, Ed., Lecture Notes in Computer Science, vol. 1462, Springer-Verlag, New York, 153-168.
27. GONG, L. AND SCHEMERS, R. 1998. Signing, sealing, and guarding Java™ objects. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 206-216.
28. GRAY, R. S., KOTZ, D., CYBENKO, G., AND RUS, D. 1998. D'Agents: Security in a multiple-language, mobile-agent system. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 154-187.
29. HASSLER, V. 2000. Mobile agent security. In Security Fundamentals for E-Commerce, Computer Security Series. Artech House, Chapter 20, 331-351.
30. HOHL, F. 1998a. A model of attacks of malicious hosts against mobile agents. In Proceedings of the fourth ECOOP Workshop on Mobile Oject Systems: Secure Internet Mobile Computation.
31. HOHL, F. 1998b. Time limited blackbox security: Protecting mobile agents from malicious hosts. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 92-113.
32. HOHL, F. 2000. A framework to protect mobile agents by using reference states. In Proceedings of the Twentieth International Conference on Distributed Computing Systems.
33. JAKOBSSON, M. AND JUELS, A. 1998. X-Cash: Executable digital cash. In Proceedings of Financial Cryptography '98, R. Hirschfeld, Ed., Lecture Notes in Computer Science, vol. 1465, Springer-Verlag, New York, 16-27.
34. JANSEN, W. 2000. Countermeasures for mobile agent security. Comput. Commun. 23, 17 (Nov.), 1667-1676.
35. JANSEN, W. AND KARYGIANNIS, T. 1999. Mobile agent security. NIST Special Publication 800-19.
36. KARJOTH, G., ASOKAN, N., AND GÜLCÜ, C. 1998. Protecting the computation results of free-roaming agents. In Proceedings of the Second International Workshop on Mobile Agents, K. Rothermel and F. Hohl, Eds., Lecture Notes in Computer Science, vol. 1477, Springer-Verlag, New York, 195-207.
37. KARJOTH, G., LANGE, D. B., AND OSHIMA, M. 1998. A security model for aglets. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 188-205.
38. KIM, H., BAEK, J., LEE, B., AND KIM, K. 2001. Secret computation with secrets for mobile agent using one-time proxy signature. In Proceedings of the 2001 Symposium on Cryptography and Information Security, 845-850.
39. KOCHER, P., JAFFE, J., AND JUN, B. 1999. Differential power analysis. In Advances in Cryptology-CRYPTO'99, M. Wiener, Ed., Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, New York, 388-397.
40. KOTZ, D. AND GRAY, R. S. 1999. Mobile agents and the future of the Internet. ACM SIGOPS Oper. Syst. Rev. 33, 3 (July), 7-13.
41. KOTZANIKOLAOU, P., BURMESTER, M., AND CHRISSIKOPOULOS, V. 2000. Secure transactions with mobile agents in hostile environments. In Proceedings of the fifth Australasian Conference on Information Security and Privacy, B. Dawson, A. Clark, and C. Boyd, Eds., Lecture Notes in Computer Science, vol. 1841, Springer-Verlag, New York, 289-297.
42. KOTZANIKOLAOU, P., KATSIRELOS, G., AND CHRISSIKOPOULOS, V. 1999. Mobile agents for secure electronic transactions. In Recent Advances in Signal Processing and Communications, N. Mastorakis, Ed., World Scientific, River Edge, NJ, 363-368.
43. KRAWCZYK, H. 2000. Simple forward-secure signatures from any signature scheme. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, 108-115.
44. LANGE, D. B. AND OSHIMA, M. 1999. Seven good reasons for mobile agents. Commun. ACM 42, 3 (March), 88-89.
45. LEE, B., KIM, H., AND KIM, K. 2001. Secure mobile agent using strong non-designated proxy signature. In Proceedings of the Sixth Australasian Conference on Information Security and Privacy (ACISP 2001), V. Varadharajan and Y. Mu, Eds., Lecture Notes in Computer Science, vol. 2119, Springer-Verlag, New York, 474-486.
46. LOUREIRO, S. 2001. Mobile code protection. PhD thesis, ENST Paris.
47. LOUREIRO, S. AND MOLVA, R. 1999. Function hiding based on error correcting codes. In Proceedings of the CryptTEC'99 International Workshop on Cryptographic Techniques and Electronic Commerce (Hong Kong), M. Blum and C. Lee, Eds., 92-98.
48. LOUREIRO, S. AND MOLVA, R. 2000. Mobile code protection with smartcards. In Proceedings of the Sixth ECOOP Workshop on Mobile Object Systems: Operating System Support, Security and Programming Languages.
49. LOUREIRO, S., MOLVA, R., AND PANNETRAT, A. 1999. Secure data collection with updates. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 121-130.
50. MEADOWS, C. 1997. Detecting attacks on mobile agents. In Proceedings of the DARPA Foundations for Secure Mobile Code Workshop.
51. MERKLE, J. AND WERCHNER, R. 1998. On the security of server-aided RSA protocols. In Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography, H. Imai and Y. Zheng, Eds., Lecture Notes in Computer Science, vol. 1431, Springer-Verlag, New York, 99-116.
52. MINSKY, Y., VAN RENESSE, R., SCHNEIDER, F. B., AND STOLLER, S. D. 1996. Cryptographic support for fault-tolerant distributed computing. In Proceedings of the Seventh ACM SIGOPS European Workshop, 109-114.
53. NECULA, G. C. AND LEE, P. 1998. Safe, untrusted agents using proof-carrying code. InMobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 61-91.
54. NEUMAN, B. C. 1993. Proxy-based authorization and accounting for distributed systems. In Proceedings of the Thirteenth International Conference on Distributed Computing Systems, 283-291.
55. NEVEN, G., PIESSENS, F., AND DE DECKER, B. 2000. On the practical feasibility of secure distributed computing: A case study. In Information Security for Global Information Infrastructures - Proceedings of IFIP SEC 2000, S. Qing and J. Eloff, Eds., Kluwer Academic, Hingham, MA, 361-370.
56. Ng, S.-K. AND CHEUNG, K.-W. 1999. Intention spreading: An extensible theme to protect mobile agents from read attack hoisted by malicious hosts. In Intelligent Agent Technology: Systems, Methodologies, and Tools - Proceedings of the first Asia-Pacific Conference on Intelligent Agent Technology (IAT '99), J. Liu and N. Zhong, Eds., World Scientific, River Edge, NJ, 406-415.
57. O'MAHONY, D., PEIRCE, M., AND TEWARI, H. 2001. Electronic Payment Systems for E-Commerce, 2nd ed. Artech House.
58. OUSTERHOUT, J. K., LEVY, J. Y., AND WELCH, B. B. 1998. The safe-Tcl security model. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 217-234.
59. RASMUSSON, L. AND JANSSON, S. 1996. Simulated social control for secure Internet commerce. In Proceedings of the 1996 ACM Workshop on New Security Paradigms. 18-25.
60. RIORDAN, J. AND SCHNEIER, B. 1998. Environmental key generation towards clueless agents. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 15-24.
61. ROMÃO, A. AND DA SILVA, M. M. 1999. Proxy certificates: A mechanism for delegating digital signature power to mobile agents. In Proceedings of the Workshop on Agents in Electronic Commerce, Y. Ye and J. Liu, Eds., 131-140.
62. ROTH, V. 2001. On the robustness of some cryptographic protocols for mobile agent protection. In Proceedings of the fifth International Conference on Mobile Agents, G. P. Picco, Ed., Lecture Notes in Computer Science, vol. 2240, Springer-Verlag, New York, 1-14.
63. SANDER, T. AND TSCHUDIN, C. F. 1998a. On software protection via function hiding. In Proceedings of the Second International Workshop on Information Hiding, D. Aucsmith, Ed., Lecture Notes in Computer Science, vol. 1525. Springer-Verlag, New York, 111-123.
64. SANDER, T. AND TSCHUDIN, C. F. 1998b. Protecting mobile agents against malicious hosts. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 44-60.
65. SANDER, T. AND TSCHUDIN, C. F. 1998c. Towards mobile cryptography. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, 215-224.
66. SET SECURE ELECTRONIC TRANSACTION LLC. SET Secure Electronic Transaction Specification. Available at http://www.setco.org/.
67. SHAMIR, A. AND VAN SOMEREN, N. 1999. Playing "hide and seek" with stored keys. In Proceedings of Financial Cryptography '99, M. Franklin, Ed., Lecture Notes in Computer Science, vol. 1648, Springer-Verlag, New York, 118-124.
68. SHOUP, V. 2000. Practical threshold signatures. In Advances in Cryptology - EUROCRYPT 2000, B. Preneel, Ed., Lecture Notes in Computer Science, vol. 1807, Springer-Verlag, New York, 207-220.
69. SPAFFORD, E. H. 1988. The Internet worm program: An analysis. Purdue Tech. Rep. CSD-TR-823.
70. TCPA. Trusted Computing Platform Alliance. Available at http://www.trustedpc.org/.
71. TSCHUDIN, C. F. 1999. Mobile Agent Security. In Intelligent Information Agents: Agent-Based Information Discovery and Management on the Internet, M. Klusch, Ed., Springer-Verlag, New York, Chapter 18, 431-146.
72. VIGNA, G. 1997. Protecting mobile agents through tracing. In Proceedings of the Third ECOOP Workshop on Mobile Object Systems: Operating System Support for Mobile Object Systems.
73. VIGNA, G. 1998. Cryptographic traces for mobile agents. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 137-153.
74. VOLPANO, D. AND SMITH, G. 1998. Language issues in mobile program security. In Mobile Agents and Security, G. Vigna, Ed., Lecture Notes in Computer Science, vol. 1419, Springer-Verlag, New York, 25-43.
75. WILHELM, U. G., STAAMANN, S., AND BUTTYÁN, L. 1998. On the problem of trust in mobile agent systems. In Proceedings of the 1998 Network and Distributed System Security (NDSS'98) Symposium.
76. YEE, B. S. 1999. A sanctuary for mobile agents. In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, J. Vitek and C. Jensen, Eds., Lecture Notes in Computer Science, vol. 1603, Springer-Verlag, New York, 261-274.
77. YI, X., SIEW, C. K., AND SYED, M. R. 2000. Digital signature with one-time pair of keys. Electron. Lett. 36, 2 (Jan.), 130-131.
78. YOUNG, A. AND YUNG, M. 1997. Sliding encryption: A cryptographic tool for mobile agents. In Fast Software Encryption - FSE'97, E. Biham, Ed., Lecture Notes in Computer Science, vol. 1267, Springer-Verlag, New York, 230-241.