Top | Introduction | Members | Activities | Call for Paper | Link | Japanese


    "A study on mobile agent security"


    Keywords: mobile agent, secure function evaluation, oblivious transfer, encrypted circuit.

    A mobile agent is an autonomous program (software) which moves and runs on behalf of a user in networked environments. Mobile agent technology has been paid attention to as a fundamental technology in the next generation and thus has been studied extensively. Because of autonomy, mobile agents have advantages that they can reduce traffic by agent movement, and that they can run in parallel and reduce computational overhead. However realization of mobile agents is facing two security problems.

    1. Attacks on hosts by malicious agents such as virus, and
    2. Attacks on mobile agents by malicious hosts by such as tampering and eavesdropping agent's secret.

    Although the former security problem can be solved by the established means, e.g., antivirus software and JAVA security technique, the latter security problem is difficult to solve, because of the feature of programs as will be discussed in detail later. Therefore the latter security problem must be resolved for practical application of mobile agents. One of the solutions to the latter problem is a tamper-proof hardware installed on each host, and software can be safely executed on the host because each host is not controlled by a malicious user. But it is not realistic to install tamper-proof hardware on all hosts. Consequently, we address only software solutions instead of tamper-proof hardware. Furthermore this security technique is useful for dynamic software, so useful mobile agent security. However, it is too difficult for software to solve the problem. At first glance encryption of a program seems to be one of the most efficient and promising solutions to such a problem. However, since execution of the program is usually carried out by plain text, even if we encrypt a program, it must be eventually decrypted into a plaintext form at the time of program execution, and there is vulnerable to attacks by malicious hosts. Therefore the methods of executing an encrypted program without decrypting it have been studied so far.

    Secure function evaluation, which is the most promising of such methods, has especially attracted attention. One of the reasons why secure function evaluation attracts attention is that it is not easy for an attacker to compromise enciphered information as the attackers expects. By using the enciphered logic circuit, secure function evaluation does not leak secret information, but can calculate it securely. Consequently, even on a malicious host, a program can perform execution, calculation, etc., without suffering the attack from the host since it is enciphered. The security of this encrypted circuit is based on decisional Diffie-Hellman (DDH for short) problem. Then, in this paper, the protection technique of mobile agents using secure function evaluation is studied. In secure function evaluation, the input data to the encrypted circuit of a mobile agent is exchanged between the agent and the execution host. However such a communication protocol has not been explicitly stated in previous work. Moreover, if an execution host of an agent is able to obtain the encrypted circuit input by a certain method, it would be possible to perform unauthorized computation by using the input. Therefor, in this paper, in order to specify a communication protocol between a mobile agent and the execution host, we place the host. We suppose that the trusted host dose not conspire with other hosts and intervene between them. Moreover, although oblivious transfer is used in order to perform this communication safely, the conventional 1-out-of-2 oblivious transfer is not efficient. Hence, we improve the protocol called k-out-of-n oblivious transfer so that it can be adapted for a mobile agent. In this paper, we verity communication with a mobile agent and the execution host in the encrypted circuit input, and we show that our protocol is more efficient with respect to computation cost them previous oblivious transfer.


    [ back ]