Mobile Agent System Based On A Trusted Third Party Security Design And Implementation,

Along with the development of network technology and the advent of migration computation, traditional Client/Server computation pattern has not been able to satisfy the complexity and the application infinite inflation of Internet. Since 1990s, mobile agent has been researched and paid attention extensively by reason of its intelligence , adaptability and mobility. Compared with computation pattern of traditional network, mobile agent paradigm has more advantage and feature, such as alleviation of network bandwidth, no needs for ongoing network connection, and good support for customization of service. Many scholars consider it as the appropriate computation pattern for the next generation of network. But the mobility of mobile agent has many uncertain ingredients, if mobile agent will be accepted extensively and be applicated triumphantly in trade(such as e-commerce),the security of mobile agent must be solved completely. The security problem has already been an important factor that restrict the application of mobile agent . It has become the most important and complicated problem in mobile agent system.This paper introduces the origin of mobile agent, system composition, realization technology and prospect of its application and analyses the security of mobile agent system. And some ideas of security solutions at present have been analysed and introduced . The security problems of mobile agent, the approaches and methods which can be used to realize the security have been discussed emphatically. The emphasis of this thesis is how to protect the mobile agents against attacking from the malicious hosts or other agents.The article proposes a security design scheme based on the trusted third party to construct a perfect security frame of mobile agent system in the research and development project named "the safe transfer researchof commercial data in the Internet " by Shandong Province science and technology department, which is based on all kinds of existing achievement in the home and abroad about mobile agent technology applyed in the e-commerce. In order to guarantee the integrity and privacy of commercial intention and secret of the customer, to prevent malicious attack between mobile agent and agent platform, specially prevent the malicious agent platform or the third party from stealing the data message mobile agent carried, pretending to be, even destroying mobile agent, the scheme solves three security questions of mobile agent about integrity, privacy and signing message without exposing owner's private key in far-end.The scheme adopts ideas of intermediate result encapsulation and fault-tolerance, utilizes all kinds of encryption technology and the measure to enhance the security of mobile agent system. Information encryption and identity authentication technology are adopted to accomplish the bidirectional identity authentication between mobile agent and agent platform. By this way, agent platform can avoid to be attacked or visited exceeding authority by malicious agents, and agent can avoid to be attacked by malicious agent platform. Here a remote trusted agent platform is adopted as the data processing platform. The scheme adopts a multi-agent system and a threshold secret share technology, in which the secret information and the shares are carried by many different agents, adopts D-H key exchange technology to encrypt intermediate result to hide real intention of agent, to protect the privacy of agents and to enhance the reliability and the fault-tolerance capability of the mobile agent system. A mobile agent with limited authorization can sign a message on behalf of a user at far-end without divulging the user' s private key. In order to avoid rebuilder attack the time-stampe mechanism is adopted.