O'Reilly logo

Mobile Agents by Wilhelm R. Rossak, Peter Braun

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

178 Chapter 5 Mobile Agent Security
For example, it might be possible for an agent to deliberately complain
about an allegedmaliciousagency. Another problem is that behaving benevo-
lently for a long time does not necessarily mean that an agency is not
malicious. The agency might work properly over a long time, accumulating a
high reputation, and then begin attacking agents without warning.
5.4.3 By Law
The last organizational approach we want to mention here is based on
laws legislated by the government or individual contracts between agency
providers and users to guarantee that agencies are not spying out an agent’s
data or code or otherwise tampering with agents. In addition, a provider
could be forced to ensure that his or her agency is not attacked by third
parties. Refer to the approach that was proposed in the Telescript project
[Tardo and Valente, 1996].
This approach does not need any techniques to prevent attacks, but it does
require techniques to detect them and later be able to verify whether attacks
have taken place. The agency must audit all activities of visiting agents so
that the agency administrator can prove the behavior of its agency if an agent
owner makes claims about malicious behavior. These audits could be used as
evidence later in court. This means that this solution does not really improve
the situation in which we have no security protection but provides only a
trusted procedure for the case of an attack.
5.5 Protecting Mobile Agents
We divide our introduction of techniques and protocols to protect mobile
agents from malicious agencies to address the best possible prevention of
attacks and the detection of attacks after they have occurred.
5.5.1 Preventing Attacks on Mobile Agents
Encrypted Functions
Sander and Tschudin [1998a] propose a technique to encrypt an agent while
still allowing it to execute at remote agencies. Their technique is called
encrypted functions. Using this technique makes it possible to create mobile
5.5 Protecting Mobile Agents 179
agents that are able to compute functions securely even in an untrusted
environment. The general idea is to let an agency execute the mobile
agent carrying an encrypted function without knowing the original function.
Unfortunately, it can be shown that, so far, only basic mathematical func-
tions can be protected with this approach. The technique is not sophisticated
enough to be used in mobile agents in general. However, with the develop-
ment of enhancements to their approach, in the future, this technique might
work with mobile agents in a generalized setting.
The general scheme can be described as follows:
1. Alice has a mathematical function, f , and encrypts this function,
resulting in E(f ).
2. Alice sends the program P(E(f )) that executes E(f )toBob.
3. Bob executes P(E(f )) using input x.
4. Bob sends P(E(f ))(x) back to Alice.
5. Alice decrypts P(E(f ))(x) and obtains x.
This idea seems simple at a glance; however, it is difficult to find a suit-
able encryption function E, and until now, no such encryption function has
been developed. Sander and Tschudin [1998b] present a protocol that works
for polynomials over rings
Z/MZ with smooth integers M, where smooth
integers are those that consist only of small prime factors.
However, even if function f is encrypted and an agency has access only to
P(E(f )), this does not prevent the agency from undertaking so-called black-
box attacks. Here, the agency simply executes P(E(f )) several times to obtain
pairs of input and (encrypted) output of the underlying function f . Thus,
any algorithm that can be easily detected from such a table could be recon-
structed. As the authors point out, the only difficulty might be the size of the
table necessary for reconstructing f .
For a complete understanding of this approach, some basic knowledge in
algebra is necessar y, which is outside the scope of this book. The interested
reader is pointed to the available literature.
Time-Limited Black Boxes
The last approach results in an encrypted program that will be completely
protected against spying out code and data for the lifetime of an agent.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required