Securing mobile agents through evaluation of encrypted functions

Mobile agent technology is a new paradigm of distributed computing that can replace the conventional client-server model. However, it has not become popular due to some practical problems, such as security. The fact that computers have complete control over all the programs makes it very hard to protect mobile agents from untrusted hosts. In this dissertation we propose a security approach for mobile agents which protects the mobile agents from malicious hosts. Our new approach prevents privacy attacks and integrity attacks on mobile agents from malicious hosts.; Many people have proposed good security approaches, but most of them do not prevent both integrity and privacy attacks. We review a few security approaches for mobile agents, discuss their weaknesses and strengths, and propose a new approach that can fix many of their problems. One interesting approach is mobile cryptography proposed by Sander and Tschudin. It encrypts mobile agents and the encrypted mobile agents are executable without decryption. Implementing mobile cryptography requires an interesting type of cryptosystem called homomorphic encryption; which allows direct computation on encrypted data, but no such homomorphic encryption schemes have been previously proposed.; Our new security approach is an extension of mobile cryptography, and it removes many problems found in the original idea of mobile cryptography while preserving most of the benefits. Although the original idea of mobile cryptography allowed direct computations without decryption on encrypted mobile agents, it did not provide any practical ways of implementation due to the fact that no homomorphic encryption schemes have been published. Our approach provides a practical idea for implementing mobile cryptography by suggesting a hybrid method that mixes a function composition technique and a homomorphic encryption scheme that we have found. Like the original mobile cryptography, our approach will encrypt both code and data including state information in a way that enables direct computation on encrypted data without decryption. We believe that our approach is a viable and practical means to address security problems such as integrity and privacy attacks on mobile agents.