An Attack and Repair of Secure Web Transaction Protocol for Anonymous Mobile Agents

  • Saba Jalal
  • Brian King
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


The security problems that impact mobile agents include authentication and privacy. A challenging task is to implement secure mobile agents that provide anonymity for the mobile agent. Wang, Zhang, and Wang constructed a scheme that provides secure web transactions with anonymous mobile agents over the internet. Our paper will discuss the Wang, Zhang and Wang protocol(WZW) thoroughly, our work demonstrates the weaknesses of the WZW protocol, showing that it is not as secure as it is claimed to be. In this paper, we will construct attacks on the WZW protocol, provide several repairs and construct a secure scheme for conducting E-commerce using anonymous mobile agents.


Anonymity Mobile Agent Security Mobile Agent Authentication E-commerce 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. In: SP 2001: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2–11. IEEE Computer Society, Los Alamitos (2001)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Borselius, N.: Mobile agent security. Electronics and Communication Engineering Journal 14, 211–218 (2002)CrossRefGoogle Scholar
  4. 4.
    Boukerche, A., Ren, Y.: A Novel Solution based on Mobile Agent for Anonymity in Wireless and Mobile Ad hoc Networks. In: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, pp. 86–94 (2007)Google Scholar
  5. 5.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 84–88 (1981)Google Scholar
  6. 6.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptography, 65–75 (1988)Google Scholar
  7. 7.
    Claessens, J., Preneel, B., Vandewalle, J.: (How) can mobile agents do secure electronic transactions on untrusted hosts? ACM Transactions on Internet Technology (TOIT) 3(1), 28–48 (2003)CrossRefGoogle Scholar
  8. 8.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357 (1981)Google Scholar
  9. 9.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Reed, M., Syverson, P., Goldschlag, D.: Proxies for anonymous routing. In: Proceeding of the 12th Annual Computer Security Applications, pp. 95–104 (1995)Google Scholar
  11. 11.
    Saxena, A., Soh, B.: A novel method for authenticating mobile agents with one-way signature chaining. In: Proceedings of The 7th International Symposium on Autonomous Decentralized Systems (ISADS 2005), pp. 187–193 (2005)Google Scholar
  12. 12.
    Wang, C.J., Zhang, F.G., Wang, Y.: Secure Web Transaction with Anonymous Mobile Agent over Internet. Journal of Computer Science and Technology 18(1), 84–89 (2003)zbMATHCrossRefGoogle Scholar
  13. 13.
    Zwierko, A., Kotulski, Z.: Mobile Agents: Preserving Privacy and Anonymity. In: Bolc, L., Michalewicz, Z., Nishida, T. (eds.) IMTCI 2004. LNCS (LNAI), vol. 3490, pp. 246–258. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Saba Jalal
    • 1
  • Brian King
    • 1
  1. 1.Purdue School of Engineering and TechnologyIndiana University Purdue University IndianapolisUSA

Personalised recommendations