Mobile agents play an important role in electronic commerce. Security in free-roaming agents is especially hard to achieve when the mobile code is executed in hosts that may behave maliciously. Some schemes have been proposed to protect agent data (or computation results). However, a known vulnerability of these techniques is the truncation attack where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. Cheng and Wei proposed a scheme in IC1CS'O2 to defense against the truncation of computation results of free-roaming agents (Cheng and Wei, 2002). Cheng-Wei scheme is effective against such an attack in most cases. However, we demonstrate that it still suffers from the truncation attack when a special loop is established on the path of a free-roaming agent. We further propose two amendments to Cheng-Wei scheme to avoid such an attack.
[1]
N. Asokan,et al.
Protecting the computation results of free-roaming agents
,
2005,
Personal Technologies.
[2]
Victor K.-W. Wei,et al.
Defenses against the Truncation of Computation Results of Free-Roaming Agents
,
2002,
ICICS.
[3]
Joachim Posegga,et al.
Mobile agents and telcos’ nightmares
,
2000,
Ann. des Télécommunications.
[4]
Bennet S. Yee.
A Sanctuary for Mobile Agents
,
2001,
Secure Internet Programming.
[5]
Volker Roth.
Programming Satan's Agents
,
2001,
Electron. Notes Theor. Comput. Sci..
[6]
Christian F. Tschudin,et al.
Protecting Mobile Agents Against Malicious Hosts
,
1998,
Mobile Agents and Security.