Boosting m-business using a truly secured protocol for data gathering mobile agents

Abstract

The paper focuses on the security issue of employing mobile agents in m-business. The trustworthiness of mobile agents is crucial to the success of m-business. To be trustworthy, a mobile agent must protect its gathered data against adversaries encountered while traversing the Internet. Several cryptographic protocols were presented in the literature asserting the security of gathered data. Formal verification of the protocols reveals security flaws, such as truncation, alteration, or breach of privacy of gathered data. We present an accurate security protocol for data gathering mobile agents. The protocol uses co-operating agents, performs verifications during agent's lifecycle in addition to the verifications upon agent's return to the originator. It also implements special security techniques on the top of the common techniques, which would rectify revealed flaws. We prove its correctness by verifying the security properties: authenticity, confidentiality, and strong integrity using STA, an infinite-state exploration formal method.