Publication Information
S. R. Tate and K. Xu. Mobile Agent Security Through Multi-Agent Cryptographic Protocols, in Proceedings of the 4th International Conference on Internet Computing (IC 2003), pp. 462-468. Security&CryptographyConference
Abstract
We consider the problem of keeping sensitive data and algorithms contained in a mobile agent from discovery and exploitation by a malicious host. The focus in this paper is on rigorous techniques based on cryptographic protocols. Algesheimer, Cachin, Camenisch, and Karjoth (IEEE Security and Privacy, 2001) devised a secure agent protocol in such a setting, where agents and hosts are mutually distrusting, but access to a “trusted third party” is available to all participants. In this paper, we present ways of removing the trusted third party, and achieving similar results through the application of multiple agents. As an agent on a remote host is trusted by neither the current host nor the agent originator, the remote agent cannot simply act as a “stand-in” for the trusted third party, and requires the design of non-trivial multi-agent protocols. In addition, our multi-agent protocol can proceed if any subset of the agents of a certain size is available at any particular time, adding fault-tolerance which did not exist in previous protocols, while achieving a high level of security. Our solution relies on well-tested cryptographic primitives, including threshold cryptography and oblivious transfer.