
	Home \| IBM Research \| IBM Switzerland \| Zurich Research Laboratory

Mobile Code Security and Computing with Encrypted Functions

Mobile code is an important programming paradigm for the Internet (e.g., Java Applets) and provides a flexible way to structure distributed systems. Mobile agents is mobile code that acts autonomously on behalf of a user for continuous collecting and processing of information.

Autonomous mobile agents are produced by an originator and may visit any number of hosts before returning to the originator:

Mobile Agent Scenario

Mobile code poses new security threats:

How to protect the host who runs potentially malicious mobile code?
How to protect the mobile code from a potentially malicious host?

A survey of the current state-of-the-art of mobile agents technology with respect to security is given by Karjoth and Posegga [KP00], from the standpoint of a public network operator (PNO). They look into above categories and elaborate on potential protection mechanisms usable within restricted trust models.

Protecting the Host

This question has received considerable attention because of the threat of viruses (unfortunately, a prominent form of the mobile agent species!). Current solutions for this problem are to run mobile code in a sandbox with access control and by applying code signing.

Karjoth et al. [KLO97] describe a security model for the Aglets Software Development Kit that supports flexible architectural definition of security policies.

Protecting Mobile Code Applications

Some people thought that mobile code cannot be protected from a malicious host. However, Sander and Tschudin ("Protecting mobile agents from malicious hosts", in Mobile Agents and Security, LNCS 1419, Springer, 1998) recognized that, at least in principle, this could be possible by applying tools from basic research in cryptography using homomorphic encryption schemes.

Karjoth et al. [KAG98] show how to protect the integrity of the computation results for an agent that visits many hosts.

Yao ("How to generate and exchange secrets", Proc. 27th Symp. Foundations of Computer Science (FOCS), IEEE, 1986) and others have shown that secure computation of arbitrary functions is indeed possible. However, these protocols need several rounds of interaction between the user and the host and for truly autonomous mobile code, only one message forth and one back is allowed.

Recent work at IBM Zurich [CCKM00] shows that it is indeed possible to protect mobile code from a spying host. However, such an application is limited to the case where the mobile code must not affect its host in any way. This limitation is also inherent in the previous proposals.

But if one the host of the mobile agent is to receive some output of the computation as well, then we require minimal trust in a third party. This could be tamper-proof hardware installed on each host or a generic third party secure computation service, as proposed in the paper [ACCK01].

In conclusion, it is possible to compute with encrypted data, to compute encrypted functions, and to protect mobile code from a spying host, at least in theory, and also in practice for very small programs.

Publications

ACCK01: J. Algesheimer, C. Cachin, J. Camenisch, and G. Karjoth. Cryptographic security for mobile code. In Proc. IEEE Symposium on Security and Privacy, Oakland, May 2001. Also available as Research Report RZ 3302, IBM Research, November 2000 from IBM Cyberdigest.
CCKM00: C. Cachin, J. Camenisch, J. Kilian, and J. Müller. One-Round Secure Computation and Secure Autonomous Mobile Agents. In Proc. 27th Colloquium on Automata, Languages and Programming (ICALP), Geneva, Lecture Notes in Computer Science, Springer-Verlag, 2000.
KLO97: G. Karjoth, D.B. Lange, and M. Oshima. A Security Model for Aglets. IEEE Internet Computing, Vol. 1, No. 4, 68-77 (July/August 1997).
Reprinted in G. Vigna (Ed.), Mobile Agents and Security. Lecture Notes in Computer Science 1419, pages 188-205, Springer Verlag, 1998.
KAG98: G. Karjoth, N. Asokan, and C. Gülcü. Protecting the computation results of free-roaming agents. In K. Rothermel and F. Hohl, editors, Second International Workshop on Mobile Agents (MA '98), Lecture Notes in Computer Science 1477, pages 195-207. Springer-Verlag, 1998.
KP00: G. Karjoth and J. Posegga. Mobile agents and Telcos' nightmares. Annales des Télécommunications, 55(7/8):29-41, 2000.

About IBM | Privacy | Legal | Contact