Sebastian Staamann

Introducing trusted third parties to the mobile agent paradigm

The mobile agent paradigm gains ever more acceptance for the creation of distributed applications, particularly in the domain of electronic commerce. In such applications, a mobile agent roams the global Internet in search of services for its owner. One of the problems with this approach is that malicious service providers on the agents itinerary can access confidential information contained in the agent or tamper with the agent. In this article we identify trust as a major issue in this context and propose a pessimistic approach to trust that tries to prevent malicious behaviour rather than correcting it. The approach relies on a trusted and tamper-resistant hardware device that provides the mobile agent with the means to protect itself. Finally, we show that the approach is not limited to protecting the mobile agents of a user but can also be extended to protect the mobile agents of a trusted third party in order to take full advantage of the mobile agent paradigm.

A simple logic for authentication protocol design

The authors describe a simple logic. The logic uses the notion of channels that are generalisations of communication links with various security properties. The abstract nature of channels enables one to treat the protocol at a higher abstraction level than do most of the known logics for authentication, and thus, one can address the higher level functional properties of the system, without having to be concerned with the problems of the actual implementation. The major advantage of the proposed logic is its suitability for the design of authentication protocols. They give a set of synthetic rules that can be used by protocol designers to construct a protocol in a systematic way.

Extensions to an authentication technique proposed for the global mobility network

We present three attacks on the authentication protocol that has been proposed for the so-called global mobility network in the October 1997 issue of the IEEE Journal on Selected Areas in Communications. We show that the attacks are feasible and propose corrections that make the protocol more robust and resistant against two of the presented attacks. The aim is to highlight some basic design principles for cryptographic protocols, the adherence to which would have prevented these attacks.

A pessimistic approach to trust in mobile agent platforms

The problem of protecting an execution environment from possibly malicious mobile agents has been studied extensively, but the reverse problem, protecting the agent from malicious execution environments, has not. We propose an approach that relies on trusted and tamper-resistant hardware to prevent breaches of trust, rather than correcting them after the fact. We address the question of how to base trust on technical reasoning. We present a pessimistic approach to trust that tries to prevent malicious behavior from occurring in the first place, rather than correcting it after it has occurred.

Protecting the Itinerary of Mobile Agents

New approaches for distributed computing based on mobile agent technology, such as Java, Telescript, or Agent Tel become ever more pervasive. Typical applications of mobile agents in the domain of electronic commerce are agents that roam the Internet in search of services for their owners. The question of how to protect agent platforms from malicious agents is extensively being tackled. The reverse problem of how to protect mobile agents and the potentially confidential information they contain from malicious platforms is largely ignored.

Security in the Telecommunications Information Networking Architecture-the CrySTINA approach

We present the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

Closed user groups in Internet service centres

The paper presents a model for end-user directed access control to services in Internet service centres that, beside the classical Internet services (e.g., e-mail), offer a multitude of new services (e.g., on-line conferencing and auctioning) over the Internet. The model is based on the concept of closed user groups. The main idea is that at creation time each service instance and its components are assigned to a user group previously formed by a subset of the end-users, and access control is performed for access attempts through checking the group assignment of the accessed resource against the group memberships of the authenticated accessing end-user. Access control is directed by the end-users through the management of group memberships. We describe the concept of closed user groups, the management of group memberships, the enforcement of access control, and the realisation with off-the-shelf software for a middleware based service environment, which is characterised by the use of CORBA, Java, and WWW technology.