Secure Agent for E-Commerce Applications

Abstract

One hindrance to the widespread adoption of mobile agent technology (Johansen et al., 2002) is the lack of security. SAFER, or Secure Agent Fabrication, Evolution and Roaming, is a mobile agent framework that is specially designed for the purpose of electronic commerce (Guan & Yang, 2002, 2004; Yang & Guan, 2000; Zhu, Guan, Yang, & Ko, 2000). By building strong and efficient security mechanisms, SAFER aims to provide a trustworthy framework for mobile agents. Although such an agent transport protocol provides for the secure roaming of agents, there are other areas related to security to be addressed. Agent integrity is one such area crucial to the success of agent technology. The integrity protection for agent code is relatively straightforward. A more complex code integrity scheme to handle code-on-demand is also proposed in Wang, Guan, and Chan (2002). Agent data, however, is dynamic in nature and will change as the agent roams from host to host. Despite the various attempts in the literature (Chionh, Guan, & Yang, 2001), there is no satisfactory solution to the problem so far. Some of the common weaknesses of the current schemes are vulnerabilities to revisit attack and illegal modification (deletion/insertion) of agent data.