On the Robustness of Some Cryptographic Protocols for Mobile Agent Protection
نویسنده
چکیده
Mobile agent security is still a young discipline and most naturally, the focus up to the time of writing was on inventing new cryptographic protocols for securing various aspects of mobile agents. However, past experience shows that protocols can be flawed, and flaws in protocols can remain unnoticed for a long period of time. The game of breaking and fixing protocols is a necessary evolutionary process that leads to a better understanding of the underlying problems and ultimately to more robust and secure systems. Although, to the best of our knowledge, little work has been published on breaking protocols for mobile agents, it is inconceivable that the multitude of protocols proposed so far are all flawless. As it turns out, the opposite is true. We identify flaws in protocols proposed by Corradi et al., Karjoth et al., and Karnik et al., including protocols based on secure co-processors.
منابع مشابه
Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملEmpowering Mobile Software Agents
Recent work has shown that several cryptographic protocols for the protection of free-roaming mobile agents are vulnerable by means of protocol interleaving attacks. This paper presents equivalent protocols meant to be robust against this type of attack. Moreover, it describes the required processes and data structures at a level of detail that can be translated to an implementation in a straig...
متن کاملMobile Agent Security Through Multi-Agent Cryptographic Protocols
We consider the problem of keeping sensitive data and algorithms contained in a mobile agent from discovery and exploitation by a malicious host. The focus in this paper is on rigorous techniques based on cryptographic protocols. Algesheimer, Cachin, Camenisch, and Karjoth (IEEE Security and Privacy, 2001) devised a secure agent protocol in such a setting, where agents and hosts are mutually di...
متن کاملFormal Speci cation and Veri cation of Mobile Agent Data Integrity Properties: a Case Study
The aim of the work presented in this paper is to check cryptographic protocols for mobile agents against both network intruders and malicious hosts using formal methods. We focus attention on data integrity properties and show how the techniques used for classical message-based protocols such as authentication protocols can be applied to mobile agent systems as well. To illustrate our approach...
متن کاملProtecting Integrity and Secrecy of Mobile Agents on Trusted and Non-Trusted Agent Places
Mobile Software Agents are at the mercy of the agent places they visit on their itinerary. But certain applications have a need for protection of secrecy and integrity of parts of the mobile agents data space. In this paper I will introduce a definition of the term Mobile Software Agent that is derived from a general definition of the term agent and the definition of Wooldridge and Jennings in ...
متن کامل