| Abstract |
|
Mobile agents play an important role in electronic commerce.
Security in free-roaming agents is especially hard
to achieve when the mobile code is executed in hosts that
may behave maliciously. Some schemes have been proposed
to protect agent data (or computation results). However,
a known vulnerability of these techniques is the truncation
attack where two visited hosts (or one revisited host)
can collude to discard the partial results collected between
their respective visits. Cheng and Wei proposed a scheme
in ICICS’02 to defense against the truncation of computation
results of free-roaming agents [1]. Cheng-Wei scheme
is effective against such an attack in most cases. However,
we demonstrate that it still suffers from the truncation attack
when a special loop is established on the path of a
free-roaming agent. We further propose two amendments
to Cheng-Wei scheme to avoid such an attack.
|
 Additional Information
|
Index Terms- secure electronic commerce, mobile agent, cryptographic protocol
Citation:
Jianying Zhou, Jose A. Onieva, Javier Lopez,
"Analysis of a Free Roaming Agent Result-Truncation Defense Scheme,"
cec,
pp. 221-226,
2004 IEEE International Conference on E-Commerce Technology (CEC'04),
2004
|
