Security Scheme for Mobile Agent System in E- Commerce Scenario

Mobile agents are software program that can autonomously migrate from a platform to another platform to accomplish their tasks and it is believed that they will play an important role in future ecommerce system, offering higher flexibility and improved performance. In spite of those benefits from mobile agent system, security in mobile agent system is especially hard to achieve when a mobile agent is executed on remote platform that may behave maliciously or mobile agent may behave maliciously on the remote platform. There has been a lot of work done in the area of mobile agent’s security. Recently, Bae et al. proposed a security scheme for mobile agent system using an IDENTITYBASED digital signature scheme and claimed that their scheme provided complete security to mobile agent system. However, in this paper, we show that their security scheme still suffers from some security weakness such as man in middle attack and previous agent platform can forge the signature. And then we further propose a new security scheme for secure mobile agent system that solves the weakness of their protocol using dynamic generated partial multi signature with message flexibility and provides the security services such as mutual authentication, confidentiality, integrity, nonrepudiation and the prevention of replay and exclude attack. The propose scheme is suitable and practical for protecting mobile agent from malicious platform in e-commerce scenario over the Internet.