A Secure Payment Protocol Using Mobile Agents in an Untrusted Host Environment.

This article investigates if and how mobile agents can execute secure electronic transactions on untrusted hosts. An overview of the security issues of mobile agents is first given. ... In particular, a state-of-the-art survey of mobile agent-based secure electronic transactions is presented. ... However, in practice and in an open environment this might not be realistic. Obviously, mobile agents can still be safely sent to untrusted hosts if they do not include payment capability. ...

doi:10.1145/643477.643479 fatcat:uix6hvsrf5hdfo5wgredip6xpi

Further, we support the algorithmic proofs of the security of the underlying protocols with automated formal verification tools. ... We discuss various approaches to instantiate our security architecture based on different hardware-based trusted execution environments, and elaborate on their security properties. ... We assume that each mobile platform P consists of an untrusted host H and a trusted execution environment (TrEE) S. ...

doi:10.1145/2435349.2435382 dblp:conf/codaspy/BusoldTWDSSS13 fatcat:voqekmljrbc5hg53pkmdvfrycq

The paper introduces a novel offline payment system in mobile commerce using the case study of micro-payments. ... However, the current work has attempted to provide much more light weight secure offline payment system in micro-payments by designing a new schema termed as Offline Secure Payment in Mobile Commerce ( ... The proposed protocol now termed as Offline Secure Payment in Mobile Commerce or OSPM deploys the authority that has to be signed by mobile agent and m-token key authorized by merchant. ...

doi:10.1109/icccnt.2013.6726503 fatcat:ug6ibosv4rcqfdcgwtcfrz4hgi

Security is a fundamental precondition for the acceptance of mobile agent systems. ... In this paper we discuss protocols to improve agent security by distributing critical data and operations on mutually supporting agents which migrate in disjunct host domains. ... Quoting from [3] :"It is difficult to exaggerate the value and importance of security in an itinerant agent environment. ...

doi:10.1007/3-540-48749-2_13 fatcat:ryweqv4rjbeavnz3kmzuukv5ye

This paper describes a framework that can be used to identify security requirements for a specific mobile environment. ... Specific security measures for mobile hardware, mobile users and mobile software are also discussed. Security, Mobility, Mobile Agents, Mobile Computers, Wireless ... User friendly payment scheme supporting micropayments CONCLUSION This paper has described a proposed framework that can be used to identify security requirements for a specific mobile environment. ...

doi:10.1007/0-306-47007-1_3 fatcat:j6fbt3rvzjb3lfqyxc5jcuxsgi

We then designed and implemented a secure Communications Protocol Translator Interface (CPTI), which allows an NFC enabled mobile phone to access and use, over a contactless interface, any additional smart ... By using CPTI, it is now possible to have communication and interaction between passive security tokens as well as to use external contact based security tokens in the NFC environment, such as a contact ... In the 'untrusted' PC environment, the transaction is secured with end-to-end security between the NFC enabled mobile phone and the smart card or between two smart cards. ...

doi:10.1109/aict.2010.52 dblp:conf/aict/FrancisHMM10 fatcat:rvxyxa3qs5g7djx6dul42xduua

A major problem of mobile agents is their apparent inability to authenticate transactions in hostile environments. ... In this paper, we consider a framework for the prevention of agent tampering without compromising the mobility or autonomy of the agent. Our approach uses encrypted functions. ... In this paper we prove that it is possible for mobile agents to conduct private and binding transactions in a hostile environment, by using cryptographic primitives. ...

doi:10.1007/10718964_24 fatcat:rodffn4lo5cmlboq5dkcgbgyhu

Despite its many practical benefits, mobile agent technology results in significant new security threats from both malicious agents and hosts. ... This paper investigates the problems and approaches of mobile agent system, which shows that bi-directional and layered security model may be a good idea to resolve the security problems in mobile agent ... Again, there are a number of security techniques agent or a mobile agent system can use. Authentication is also used here to check the validation of host the mobile agent migrates to. ...

doi:10.1145/506128.506131 fatcat:dovlnrei55byrfe7dnk4r5gnvi

This paper introduces a trust-based mechanism to improve the security of mobile agents against malicious hosts and to allow their execution in various environments. ... Mobile agents are the most suited technology. They must therefore be prepared to execute on different hosts with various environmental security conditions. ... In our approach, the trust estimation is dynamic and it is used to enable the mobile agent to adapt its execution in untrusted environments. ...

doi:10.1007/s11416-007-0056-y fatcat:fuzfonio7zcc5lmt5m53ozmdqq

In a broad sense, an agent is any program that acts on behalf of a (human) user. ... A mobile agent then is a program that represents a user in a computer network and can migrate autonomously from node to node, to perform some computation on behalf of the user. ... Acknowledgments We thank the anonymous referees, whose comments were very helpful in improving our presentation. ...

doi:10.1109/4434.708256 fatcat:gepwlbd7sjb7zl26fjwjoglbxq

The problem of protecting an execution environment from possibly malicious mobile agents has been studied extensively, but the reverse problem-protecting the agent from malicious execution environments-has ... The authors propose an approach that relies on trusted and tamper-resistant hardware to prevent breaches of trust, rather than correcting them after the fact. ... In a conventional mobile agent system, when an executor receives a mobile agent, the owner loses all control over the agent's code and data. ...

doi:10.1109/4236.877485 fatcat:4qm426tstjhrhpqv2oh6sete4e

A semi-trusted processor is introduced for safe execution of sensitive customer information in a protected environment and provides accountability in the case of disputed transactions. ... We propose a service-oriented technically enforceable system that preserves privacy and security for customers transacting with untrusted online vendors. ... ACKNOWLEDGEMENTS We would like to thank Formal Systems for providing a license to freely use FDR2. We would also like to thank the anonymous reviewers for their useful suggestions. ...

doi:10.1007/0-387-25660-1_2 fatcat:tovljzmvtbgwrcbvhfe7kobpoy

As mobile cloud tenants use cloud services everywhere, trusted geolocation of cloud users arises a new security issue. ... The key mechanism of TGVisor is providing a trusted channel between the geolocation server and the GPS module in each mobile client device. ... After loading the untrusted legacy OS, the Cloud Agent is executed in the user mode and performs an initialization for the attestation protocol. ...

doi:10.1109/mobilecloud.2015.17 dblp:conf/mobilecloud/ParkYKKH15 fatcat:estvi5iv7ze25kjvuddvlaseti

These articulations should be captured in information security policy document or other suitable document of financial services organization like banks, payment service provider, etc. ... The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are often asked to identify the risks with mobile computing channel for financial services ... However, the fundamental features of root-of-trust may be leveraged in a mobile device even when it is not used in enterprise environment. ...

arXiv:1502.00724v1 fatcat:y6ywdrnyazgn7iiv7q42boojq4

Full-scale adoption of mobile agent technology in untrustworthy network environment, such as Internet, has been delayed due to several security complexities. ... The protection of mobile agents against the attacks of malicious hosts is considered a very challenging security problem. ... not discussed in previous mobile agent protocols. ...

doi:10.1016/j.csi.2005.02.002 fatcat:3i3ovhyecfagdlvn3i6ibxv7re

(How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions

Preserved Fulltext

Smart keys for cyber-cars

Preserved Fulltext

Reliable OSPM schema for secure transaction using mobile agent in micropayment system

Preserved Fulltext

Mutual Protection of Co-operating Agents [chapter]

Preserved Fulltext

A Three-dimensional Framework for Security Implementation in Mobile Environments [chapter]

Preserved Fulltext

A Security Framework Model with Communication Protocol Translator Interface for Enhancing NFC Transactions

Preserved Fulltext

Secure Transactions with Mobile Agents in Hostile Environments [chapter]

Preserved Fulltext

Security in mobile agent system

Preserved Fulltext

TAMAP: a new trust-based approach for mobile agent protection

Preserved Fulltext

Design issues in mobile agent programming systems

Preserved Fulltext

A pessimistic approach to trust in mobile agent platforms

Preserved Fulltext

Protecting Consumer Data in Composite Web Services [chapter]

Preserved Fulltext

TGVisor: A Tiny Hypervisor-Based Trusted Geolocation Framework for Mobile Cloud Clients

Preserved Fulltext

Review of Considerations for Mobile Device based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs [article]

Preserved Fulltext

Protecting mobile-agent data collection against blocking attacks

Preserved Fulltext