Abstract
In this article we describe an extension of Java Archives that allows to keep data encrypted for multiple recipients. Encrypted data is accessible only by selected access groups. Java archives may be used as containers of mobile agents, which allows agents to keep confidential data unaccessible while residing on untrusted hosts. However, additional protective measures are required in order to prevent Cut & Paste attacks on mobile agents by malicious hosts. One such mechanism is described. The usefulness of the concepts is illustrated by an example application for user profile management in an electronic commerce setting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CONAN, V., FOSS, M., LENDA, P., LOUVEAUX, S., and SALAYN, A. Legal issues for personalised agent mediated electronic commerce: The aimedia case study. In Agent Mediated Electronic Commerce, C. Sierra, Ed.Springer Verlag, Berlin, 2000. Issued for review, book is to appear.
CROCKER, D. RFC 822: Standard for the format of ARPA Internet text messages, Aug. 1982. See also STD0011. Obsoletes RFC0733. Updated by RFC1123, RFC1138, RFC1148, RFC1327, RFC2156. Status: STANDARD.
FIPS46. Data Encryption Standard. Federal Information Processing Standards Publication 46, U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia, 1977. revised as FIPS 46-1:1988; FIPS 46-2:1993.
International Organization For Standardization. Information Processing-Modes of Operation for an n-Bit Block Cipher Algorithm. Geneva, Switzerland, 1991. ISO/IEC 10116.
International Organization for Standardization. Information technology-Open Systems Interconnection-The Directory: Authentication Framework. Geneva, Switzerland, nov 1993. ISO/IEC 9594-8, equivalent to ITU-T Rec. X.509, 1993.
KARNIK, N. M., and TRIPATHI, A. R. Agent server architecture for the Ajanta mobile-agent system. In Proceedings of the 1998 International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA’ 98) (Las Vegas, July 1998).
KARNIK, N. M., and TRIPATHI, A. R. Security in the Ajanta mobile agent system. Technical ReportTR-5-99, University of Minnesota, Minneapolis, MN 55455, U. S. A., May1999.
MENEZES, A. J., vanOORSCHOT, P. C., and VANSTONE, S. A. Handbook of Applied Cryp-tography. Discrete Mathematics and its Applications. CRC Press, New York, 1996. ISBN 0-8493-8523-7.
RIORDAN, J., and SCHNEIER, B. Environmental key generation towards clueless agents. In Vigna [20], pp. 15–24.
RIVEST, R. L., SHAMIR, A., and ADLEMAN, L. M. A method for obtaining digital signatures and publi-key cryptosystems. Communications of the ACM 21 (1978), 120–126.
Roth, V. Mutual protection of co-operating agents. In Secure Internet Programming [21].
ROTH, V., AND JALALI, M. Access control and key management for mobile agents. Computers & Graphics, Special Issue on Data Security in Image Communication and Networks22, 3 (1998).
RSA Laboratories. Cryptographic message syntax standard. Public Key-Cryptography Standards 7, RSA Laboratories, Redwood City, CA, USA, 1993. Available at URL: ftp://ftp.rsa.com/pub/pkcs/.
RSA Laboratories. Password-based encryption standard. Public Key-Cryptography Standards 5, RSA Laboratories, Redwood City, CA, USA, 1993. Available at URL: ftp://ftp.rsa.com/pub/pkcs/.
SANDER, T., and TSCHUDIN, C. F. Protecting mobile agents against malicious hosts. In Vigna [20], pp. 44–60.
Sun Microsystems, Inc. Java tm Archive (JAR) Features. in [19], relative URL: http://file:/docs/guide/jar/index.html.
SUN MICROSYSTEMS,INC. JDK 1.2 Documentation, 1998. Available at URL:http://java.sun.com.
VIGNA, G., Ed. Mobile Agents and Security, vol. 1419 of Lecture Notes in Computer Science.Springer Verlag, Berlin Heidelberg, 1998.
VITEK, J., and JENSEN, C. Secure Internet Programming: Security Issues for Mobile and Distributed Objects, vol. 1603of Lecture Notes in Computer Science. Springer-Verlag Inc., NewYork, NY, USA, 1999.
WHITE, J. E. Mobile Agents. AAAI/MIT Press, 1997, ch. 18.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Roth, V., Conan, V. (2001). Encrypting Java Archives and Its Application to Mobile Agent Security. In: Dignum, F., Sierra, C. (eds) Agent Mediated Electronic Commerce. Lecture Notes in Computer Science(), vol 1991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44682-6_13
Download citation
DOI: https://doi.org/10.1007/3-540-44682-6_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41671-5
Online ISBN: 978-3-540-44682-8
eBook Packages: Springer Book Archive