A novel method for authenticating mobile agents with one-way signature chaining

Abstract

Mobile agents are mobile programs capable of maintaining their execution states as they migrate between different execution platforms. A key security problem in such systems is how to trust the code coming from a remote platform before it can be executed. In this paper, we set a formal model for mobile agent security based on cryptographic primitives and describe a protocol that enables trust relationships to be formed between agent platforms in an ad-hoc manner. This protocol can be used to authenticate agents before granting execution privileges. The main idea behind our approach is the concept of 'additive' zero-know ledge which we demonstrate using non-commutative associative one-way functions.