Introducing Trusted Third Parties to the Mobile Agent Paradigm

  • Uwe G. Wilhelm
  • Sebastian Staamann
  • Levente Buttyán
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1603)


The mobile agent paradigm gains ever more acceptance for the creation of distributed applications, particularly in the domain of electronic commerce. In such applications, a mobile agent roams the global Internet in search of services for its owner. One of the problems with this approach is that malicious service providers on the agent’s itinerary can access confidential information contained in the agent or tamper with the agent.

In this article we identify trust as a major issue in this context and propose a pessimistic approach to trust that tries to prevent malicious behaviour rather than correcting it. The approach relies on a trusted and tamper-resistant hardware device that provides the mobile agent with the means to protect itself. Finally, we show that the approach is not limited to protecting the mobile agents of a user but can also be extended to protect the mobile agents of a trusted third party in order to take full advantage of the mobile agent paradigm.


Mobile Agent Trusted Third Party Agent Executor Shopping Agent Mobile Agent System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Anderson and M. Kuhn. Tamper resistance — a cautionary note. In The Second USENIX Workshop on Electronic Commerce Proceedings, pages 1–11, Oakland, California, November 1996.Google Scholar
  2. 2.
    H. Bürk and A. Pfitzmann. Value exchange systems enabling security and unobservability. Computers & Security, 9(8):715–721, 1990.CrossRefGoogle Scholar
  3. 3.
    A. Carzaniga, G. P. Picco, and G. Vigna. Designing distributed applications with mobile code paradigms. In R. Taylor, editor, Proceedings of the 19th International Conference on Software Engineering (ICSE’97), pages 22–32. ACM Press, 1997.Google Scholar
  4. 4.
    D. M. Chess, B. Grosof, C. G. Harrison, D. Levine, C. Parris, and G. Tsudik. Itinerant agents for mobile computing. IEEE Personal Communications, 2(3):34–49, October 1995.CrossRefGoogle Scholar
  5. 5.
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6), November 1976.Google Scholar
  6. 6.
    DoD. Trusted Computer System Evaluation Criteria (TCSEC). Technical Report DoD 5200.28-STD, Department of Defense, December 1985.Google Scholar
  7. 7.
    J. Gosling and H. McGilton. The Java language environment. White paper, Sun Microsystems, Inc., 1996.Google Scholar
  8. 8.
    R.S. Gray. Agent Tel: A transportable agent system. In Proceedings of the CIKM Workshop on Intelligent Information Agents, Baltimore, MD, December 1995.Google Scholar
  9. 9.
    C. G. Harrison, D. M. Chess, and A. Kershenbaum. Mobile agents: Are they a good idea? In Mobile Object Systems: Towards the Programmable Internet, volume 1222 of Lecture Notes in Computer Science, pages 25–47. Springer Verlag, 1997.Google Scholar
  10. 10.
    ITU. ITU-T Recommendation X.509: The Directory — Authentication Framework. International Telecommunication Union, 1993.Google Scholar
  11. 11.
    D. B. Lange and M. Ishima. Program and Deploying Java Mobile Agents with Aglets. Addison-Wesley, 1998.Google Scholar
  12. 12.
    A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of applied cryptography. CRC Press, Inc., 1997.Google Scholar
  13. 13.
    J. Ordille. When agents roam, who can you trust? Technical Report Technical Report, Computing Science Research Center, Bell Labs, 1996.Google Scholar
  14. 14.
    RSA Data Security, Inc. PKCS #1: RSA Encryption Standard. RSA Data Security, Inc., November 1993.Google Scholar
  15. 15.
    R. A. Rueppel. A formal approach to security architectures. In EuroCrypt, pages 387–398, Brighton, England, 1991.Google Scholar
  16. 16.
    T. Sander and C. Tschudin. Towards mobile cryptography. In IEEE Symposium on Security and Privacy, May 1998.Google Scholar
  17. 17.
    B. Schneier. Applied cryptography. Wiley, New York, 1994.Google Scholar
  18. 18.
    J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter 1988 Technical Conference, pages 191–202. USENIX Association, Berkeley, USA, February 1988.Google Scholar
  19. 19.
    V. Swarup and J. T. Fabrega. Understanding trust. In Secure Internet Programming [22].Google Scholar
  20. 20.
    New York Times. U.S. workers stole data on 11,000, agency says, April 6, 1996.Google Scholar
  21. 21.
    G. Vigna. Protecting mobile agents through tracing. In Proceedings of the Third Workshop on Mobile Object Systems, Finland, June 1997.Google Scholar
  22. 22.
    Jan Vitek and Christian Jensen. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.Google Scholar
  23. 23.
    J. E. White. Telescript technology: The foundation for the electronic market place. White paper, General Magic, Inc., 1994.Google Scholar
  24. 24.
    U. G. Wilhelm, L. Buttyàn, and S. Staamann. On the problem of trust in mobile agent systems. In Symposium on Network and Distributed System Security, pages 114–124. Internet Society, March 1998.Google Scholar
  25. 25.
    I. S. Winkler. The non-technical threat to computing systems. Computing Systems, USENIX Association, 9(1):3–14, Winter 1996.Google Scholar
  26. 26.
    T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. IEEE Computer, 25(1):39–52, January 1992.Google Scholar
  27. 27.
    B. Yee. A sancturary for mobile agents. In Secure Internet Programming [22].Google Scholar
  28. 28.
    P. Zimmermann. PGP User’s Guide. MIT Press, Cambridge, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Uwe G. Wilhelm
    • 1
  • Sebastian Staamann
    • 1
  • Levente Buttyán
    • 2
  1. 1.Operating Systems Laboratory (LSE)Swiss Federal Institute of Technology (EPFL)LausanneSwitzerland
  2. 2.Institute for computer Communications and ApplicationsSwiss Federal Institute of Technology (EPFL)LausanneSwitzerland

Personalised recommendations