5.2 Taxonomy of Possible Attacks 167
The interesting question from the technical point of view is, can we reach
anonymity in the digital world, and if so, at what cost?
In the real world, it is not always necessary to identify ourselves to conduct
business. For example, it is not necessary to identify yourself when you want
to buy something and plan to pay in cash. Anonymity in this situation can
be achieved because we have other mechanisms to authenticate ourselves.
This is not so in the digital world. As we have seen, authenticity is a major
concern, especially in electronic commerce. Sure, there are techniques that
enable you to pay for a service without authentication against the seller,
especially for smaller amounts of money—so-called micropayments. Such a
technique introduces a so-called trusted third party. When you want to buy a
newspaper, for example, you must authenticate only against the third party,
which then will give notice to the newspaper. The newspaper itself has no
information about you except for the IP address of your computer. Thus,
browsing the Web is still not completely anonymous. See, for example, the
JAP project at the University of Dresden,
in which software was developed
that guarantees anonymity on the level of IP addresses when surﬁng theWeb.
5.2 Taxonomy of Possible Attacks
In this section we give an overview of possible problems that can occur when
using mobile agents. We use the common classiﬁcation scheme found in
similar papers, such as Hohl [1998b] and Jansen , which distinguishes
between malicious agents and malicious agencies.
5.2.1 Malicious Agents
Malicious agents are those that try to attack the hosting agency. We further
classify malicious agents according to the target they attack.
Attacking the Hosting Agency
The most obvious example of a malicious agent is one that consumes
resources of the hosting environment in an improper way. Examples of such
1. See anon.inf.tu-dresden.de for more information.