On the Robustness of Some Cryptographic Protocols for Mobile Agent Protection
Mobile agent security is still a young discipline and most naturally, the focus up to the time of writing was on inventing new cryptographic protocols for securing various aspects of mobile agents. However, past experience shows that protocols can be flawed, and flaws in protocols can remain unnoticed for a long period of time. The game of breaking and fixing protocols is a necessary evolutionary process that leads to a better understanding of the underlying problems and ultimately to more robust and secure systems. Although, to the best of our knowledge, little work has been published on breaking protocols for mobile agents, it is inconceivable that the multitude of protocols proposed so far are all flawless. As it turns out, the opposite is true. We identify flaws in protocols proposed by Corradi et al., Karjoth et al., and Karnik et al., including protocols based on secure co-processors.
Keywordsmobile agent security cryptanalysis breaking security protocols
Unable to display preview. Download preview PDF.
- 2.M. Abadi and R. Needham, “Prudent engineering practice for cryptographic protocols,” SRC Research Report 125, Digital Equipment Corporation, June 1994.Google Scholar
- 3.N. M. Karnik and A. R. Tripathi, “Security in the Ajanta mobile agent system,” Technical Report TR-5-99, University of Minnesota, Minneapolis, MN 55455, U. S. A., May 1999.Google Scholar
- 4.A. Corradi, R. Montanari, and C. Stefanelli, “Mobile agents protection in the Internet environment,” in The 23rd Annual International Computer Software and Applications Conference (COMPSAC’ 99), pp. 80–85, 1999.Google Scholar
- 5.G. Karjoth, N. Asokan, and C. Gülcü, “Protecting the computation results of free-roaming agents,” in Proceedings of the Second InternationalWorkshop on Mobile Agents (MA’ 98) (K. Rothermel and F. Hohl, eds.), vol. 1477 of Lecture Notes in Computer Science, pp. 195–207, Berlin Heidelberg: Springer Verlag, September 1998.Google Scholar
- 6.G. Karjoth, “Secure mobile agent-based merchant brokering in distributed marketplaces,” in Proc. ASA/MA 2000 (D. Kotz and F. Mattern, eds.), vol. 1882 of Lecture Notes in Computer Science, pp. 44–56, Berlin Heidelberg: Springer Verlag, 2000.Google Scholar
- 7.A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Discrete Mathematics and its Applications, NewYork: CRC Press, 1996. ISBN 0-8493-8523-7.Google Scholar
- 8.V. Roth and V. Conan, “Encrypting Java Archives and its application to mobile agent security,” in Agent Mediated Electronic Commerce: A European Perspective (F. Dignum and C. Sierra, eds.), vol. 1991 of Lecture Notes in Artifical Intelligence, pp. 232–244, Berlin: Springer Verlag, 2001.Google Scholar
- 10.W. M. Farmer, J. D. Guttman, and V. Swarup, “Security for mobile agents: Issues and requirements,” in Proceedings of the National Information Systems Security Conference (NISSC 96), pp. 591–597, October 1996.Google Scholar
- 11.V. Roth, “Programming Satan’s agents,” in 1st International Workshop on Secure Mobile Multi-Agent Systems, (Montreal, Canada), 2001.Google Scholar