Securing Mobile Agents Through Evaluation of Encrypted Functions

摘要

The mobile agent technology is a new paradigm of distributed computing that can replace the conventional client-server model. However, it has not become popular due to some problems such as security. The fact that computers have complete control over all the programs makes it very hard to protect mobile agents from untrusted hosts. In this paper we propose a security approach for mobile agents, which protects mobile agents from malicious hosts. Our new approach prevents privacy attacks and integrity attacks to mobile agents from malicious hosts. Many people have proposed good security approaches, but most of them do not prevent both integrity and privacy attacks. We review a few security approaches for mobile agents, discuss their weaknesses and strengths, and propose a new approach that can fix many of their problems. One interesting approach is mobile cryptography proposed by Sander and Tschudin. It encrypts mobile agents and the encrypted mobile agents are executable without decryption. Implementing mobile cryptography requires an interesting types of cryptosystem called homomorphic encryption scheme, which allows direct computation on encrypted data, but none of such a homomorphic encryption scheme is known yet.