A Secure Payment Protocol Using Mobile Agents in an Untrusted Host Environment

Mobile agents are believed to be playing an important role in future e-commerce systems, offering great flexibility and improved performance. Yet, their adoption is largely hampered by the new security issues they raise. Among them, the most difficult to solve is the issue of protecting mobile agents against malicious hosts. While no known general solution to this problem exists, solutions providing effective protection against specific threats from malicious hosts are possible. In this paper, we propose a secure payment protocol using mobile agents that protects the confidentiality of sensitive payment information from spying by malicious agents. The protocol makes use of Shamir's secret sharing scheme. The security properties of the protocol are proven, and an analysis of its message complexity is provided.

[1]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[2]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[3]  Yiannis Tsiounis,et al.  Anonymity Control in E-Cash Systems , 1997, Financial Cryptography.

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[6]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[8]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.