Securing Mobile Agents by Integrity-Based

Encryption
Jaewon Lee t, Seong-Min Hong and Hyunsoo Yoon
Division of Computer Science
Department of Electrical Engineering and Computer Science
Korea Advanced Institute of Science and Technology,
373-1 Guseng-dong, Yuseong-gu, Daejeon 305-701, Rep. of Korea
Email: jaewon@camars.kaist.ac.kr
smhong@camars.kaist.ac.kr
hyoon@camars.kaist.ac.kr
. Abstract-The mobile agent paradigm i s an important and
prqmising technology to structure distributed applications. Since
the mobile agent physically moves to a remote host that i s under
the control of a different principal, it needs t o be protected from
this environment which is responsible for its execution. This
probIemconstitutes the major dinculty for using the mobile
agent paradigm for privacy protection sad is explored in great
detail. In this paper, weprovide the methodology of protecting the
mobile agents fromunauthorized modification for the program
code or.data by malicious hosts. One important technique is
an integrity-based encryption, by which a mobile agent, while
running on the remote host, checks itself to verify that it has not
been modi6ed and conceals some privacy sensitive parts of the
mobile agent.
Keytuords-Integrity-based encryption, mobile agent protec-
tion, malicious host problem
1. INTRODUCTION
Mobile agents are autonomous software entities that are able
to migrate across different execution environments. Mobility
and autonomy make permanent connections unnecessary; thus
mobile agents are suitable for providing low-bandwidth con-
nections and asynchronous communication [I]. Furthermore,
they provide better support for heterogeneous computing en-
vironments.
Although the mobile agent paradigm extends the capabilities
of traditional ways of remote communication and distributed
computing, i t also raises new security issues [2]. These are
generally divided into two broad areas: i) protecting the host
from malicious agents and ii) protecting the agent from hostile
hosts. The first problem has received considerable attention
because of the imminent threat of computer viruses and Trojan
horses. Current solutions are to run mobile code in a sandbox
with fine-grained access control and to apply code signing for
exploiting a trust relation with the code producer.
However, unfortunately, solutions for the second problem
are far less developed, but this problem needs to be solved
for making the mobile agent metaphor useful in many con-
texts since the most crucial defect of mobile agent is its
vulnerability to several attacks, in particular, by malicious
hosts. Until quite recently there was a general belief that the
vulnerability of the mobile agent could be prevented only with
hardware solutions. This belief however has been shown to
be misleading and is referred to the Chess paradox in the
literature from Sander and Tschudin [3]. They proposed the
use of encrypted functions, named CBF (Computation with
Encrypted Function), in which the user encrypts a function 5,
which is then executed by the host, without the host having
access to s. Although the approach is very promising, no
secure implementation has been proposed as yet. In [4], Volker
Roth summarized some rules and principles of good and
bad practice for designing cryptographic protocols to protect
mobile agents from malicious host. The conventional crypto-
graphic protocols are not followed thoroughly in the design of
some cryptographic protocols meant to protect mobile agents
againstcertain attacks by malicious hosts.
In this paper, we present the methodology of protecting
the mobile agents from the malicious hosts trying to reverse
engineer and to make unauthorized modification, by which a
mobile agent, while running, checks itself to verify that it has
not been modified and conceals some privacy sensitive parts
of the program. Our goal for the mobile agents protection is
to defend up to the level of dynamic modification for program
as shown in Fig. 1 and can be summarized as following
objectives:
(1) (Integrity) The dynamic modification by the malicious
hosts should be detected by the mobile agent itself, and
it helps to cope with some proper reaction.
(2) (Confidentiality) The privacy sensitive algorithm which
has been implemented into the mobile agent should be
concealed fromthe analysis of malicious hosts.
To fulfill these goals, we propose an integrity-bused encryp-
fion scheme, which is composed of self-decrypting and self-
integrity checking methods. It is a new concept of encryption
scheme, which uses the program code as a key so that the used
code fragment can preserve the integrity. In other words, the
encryption will work properly if and only if the integrity of
keyed code holds. The self-decryption makes a mobile agent
- 508 -
eta L1:
If Ichecksum 1s lnvalial i
Da some count er measur es:
Exit;
1
Continue as normal c o n al z~o n ;
L1:
Fig. 1. Trivial attacks; bold face denotes malicious modifications
enable to decrypt the own parts of a encrypted code. The
decryption key is computed by hashing the integrity sensitive
parts of a program, so it does not need to store the decryption
key in a secure container or database, Furthermore, we can
also preserve the integrity of those parts which are involved
as a decryption key as well as the encrypted fragments without
the notable routines.
Weadopt the identity-based encryption ( BE) scheme I S] to
build a decryption key from an arbitrary string which is the
result of hashing the integrity sensitive parts of the program.
The idea of identity-based cryptography was first formulated
by 'Shamir [6] in 1984. However, .the most significant and
practical scheme in this field is probably the IBE scheme by
Boneh and Franklin [ 5] , 171. The typical difference between
IBE and our scheme is the usage and secrecy for the keys.
III BE, as well as the general public key encryption schemes,
the encryption key is publicly opened to the arbitrary parties
and the decryption key is privately secured within an owner's
environment.'
However, we focus the cryptographic primitives t o guaran-
tee the programintegrity while the confidentiality is subsidiary,
since the encrypted program codes should be exposed in de-
crypted form to computing environment due to the characteris-
tics of modem general-purposed computer architecture. So, on
the contrary, we publicly throw the decryption key and conceal
the encryption key on the software manufacturer. Note that it
may seem to be similar to digital signature, but digital signa-
ture can provide only the proof of illegitimated modification.
As shown in Fig. I , the judgement and reaction, without the
preparation for holding an integrity, can be tampered, either.
In addition, by the inherent element of master-key which
is generated fromKey Generation Center (KGC) in IBE, we
utilize this property to distinguish the responsibility of security
management. With our scheme, neither specialized compiler
nor hardware is needed and additional implementation in the
source code is minimal, so it makes efficient to use in practice.
The rest of,this paper is organized as follows. Several previ-
ous researches in security of the mobile agents are discussed in
section 2. Wedescribe our integrity-based encryption scheme
in section 3. In section 4, we analyze the security of our
scheme. Finally, section 5 gives conclusions and some open
problems:
2. RELATED RESEARCHES
The security problems in the mobile agent system are
concerned with the protection of the two primary components:
the mobile agent and the agent platformin which the mobile
agent runs its aims. In this section, we consider the previous re-
searches to solve the malicious hosr problem, which addresses
the issues of protecting the mobile agents from malicious
hosts. The most researches to response the malicious host
problemcan be classified as shown in Fig. 2. The first broad
class is the tamper deleelion. Tamper detection [8], [9] can
be accomplished by means of the verification of computation
results and the tracing of execution logs. However, it may be
useless where the communication is blocked or there is no
way of returning. Hence, we focus our attention on tamper
prevention. Secondly, tomper prevenfion, furthermore, can be
characterized into passive prevention and active prevention
according to the attitude of prevention against tampering via
reverse engineering.
Reverse engineering i s the process of analyzing a subject
system 1) to identify the system's components and their
interrelationships and 2) to create the representations of a
system in another form or at a higher level of abstraction [I O].
It isusually accompanied with a static or dynamic analysis.
The static analysis is a program analysis without an execution
of a given program. Tools to carry out a static analysis are
the decompiler and deassembler. Wecan easily translate every
native code into assembly language with a deassembler, and
then carry out a static -anaIysis with the output code from
a decompiler. The dynamic analysis is a program analysis
with an execution of a given program. Debuggers are useful
.enough to carry out a dynamic analysis since they enable an
adversary to execute the programin step-by-step manner. With
the dynamic analysis, a perpetrator has complete control of
the platform so that he may substitute hardware or system
software and may .observe any communications channel that
he wishes. In an absolute, sense, this kind of attacks is
impossible to prevent on the current. computing architecture
[I I]. Furthermore, it is impractical to consider the attacks by a
malicious host accompanying the "surface attack", i.e., denial
o f service, random modifications of the programor its output
as well as replay attacks [3].
2. I Passive Prevenfion
Pussive prevenfion is an effort to make an adversary avoid
tampering which is founded 'upon the static analysis. Obhsca-
tion [12]-[14] is a major example of passive prevention, and
it attempts to thwart reverse engineering by making it hard to
understand t he behavior of a programthrough static analysis.
Also, software watermark and fingerprint [ 15] , 1161 can be
introduced in the sohare and rendered highly undetectable
through code obfuscation transformations to allow tracking of
misused programcopies by providing an additional deterrent
to tampering. However, i t may be effective for the cases that
decompilation of binary code produces some high level of
human recognition such as Java. Moreover, the overhead of
obfuscation techniques can be significant both in terms of
- 509 -
Protecting
Mobile Agents
Tamper-Detection Ta mper-Prevention
Data Execution Active Passive
Verification Tracing Prevention Prevention
Fig. 2. Category of mobile agent protection
code size increase and execution time overhead, and they
require specialized compiler and may result in degradation of
performance. While our approach does more than obfuscation,
as it prevents illegal copying of software, we argue that hiding
part of the software is an effective way to obfuscate the
software.
2.2 Acti ve Preverdion
I) Encypied compufution: Sander and Tschudin [3] pro-
posed the concept of an encrypted fimction, named CEF
(Computation with Encrypted Function). They used a homo-
morphic cryptosystem to protect the mobile code. This method
protects computations of polynomials by encrypting constants
and transforming code to produce output in the encrypted
form; In contrast, our approach is applicable to more general
computations such as non-polynomial computations involving
complex control flow. Although CEF is very promising, no
secure and practical implementation has been proposed as yet.
2) Softwnre encryption: The basic idea is to encrypt the
software or at least parts of it. The goals of encrypting the
sohare are twofold. The first is to avoid the unauthorized
execution of the software without the key. The second is to
forbid access to the complied binary code, and it is more
useful to avoid any reverse engineering and any illegitimated
modification in the code.
The decryption key coutd be different for each user. The
decryption could take place at the installation of the software
or at each run and in the memory only, The major problem of
software encryption is to hide key in the software itself or the
secure device, i.e., hardware dongle or smart card.
3) Mobile cvprography: In [4], Volker Roth summarized
some rules and principles of good and bad practice for de-
signing cryptographic protocols to protect mobile agents from
malicious host. The conventional cryptographic protocols are
not followed thoroughly in the design of some cryptographic
protocols meant to protect mobile agents against certain at-
tacks by malicious hosts.
The current restrictions of the mobile cryptography ap-
proach are: t ) random programs cannot be used as the input
specification; currently only polynomial and rational functions
can be used for this purpose 2) the interaction model of the
agent suffers the restriction that cleartext data can be sent only
to trusted hosts.
2.3 Data Protection
It is imperative that a data collecting and encrypting mobile
agent conceals its decryption capability, thus the most re-
searches for data security in the mobile agent paradigm imply
the use of public key cryptography [17]. The gathered data is
made accessible exclusively to the owner who dispatches the
mobile agent to perform a certain task when the gathered data
is retumed to him. The corresponding private decryption key
is not contained within the mobile agent,, and is kept,secret by
the owner.
3. OUR INTEGRITY-BASED ENCRYPTION SCHEMES
3. I Basic Idea
In this paper, we propose an integrity-based encryption
scheme to protect the mobile agents against malicious hosts.
It is a variant class of an asymmetric key encryption scheme
in which the private encryption key is kept by the mobile
agent owner and the public decryption key is so computed
from the program code string as to preserve the integrity of
both the participated code fragments as a key and an encrypted
code segments. The scheme adjusts the Boneh-Franklin IBE
scheme in a natural way and the reasons of adopting the
IBE scheme for ours are twofold. First, we take advantage
of the characteristic that the TEiE makes an arbitrary string
as the encryption key. Our integrity-based encryption scheme
uses some ffaction of program code strings as corresponding
decryption key for other encrypted parts of the program code,
which is the implementation of confidential algorithm. In this
way, we can preserve the integrity of both,keyed and encrypted
parts of a program code. Second, by the inherent element of
master-key which isgenerated from KGC in IBE, we utilize
this property to improve the resiliency against several attacks.
3.2 An Integrity-Bused Encryption Scheme
Webegin by giving mme definitions similar to those given
in 171, [lS]. In our scheme, a mobile agent code is classified
into two classes, i.e., an algorithm private and an integrity
sensitive class of code, denoted by M and 1, respectively.
A plaincode M, E M is encrypted into a ciphercode C, E C
using the owners secret encryption key di . Note that two code
sets of M and C are semantically identical. The hash value
Q, of 1; E 1 isused to compute a corresponding decryption
key for dectypting C;. Di is a decryption routine for Ci and
we separate each decryption routine in order to strengthen the
security even though the code size is slightly increased.
The typical differences between IBE and our scheme are
the usage and secrecy for the key pair. In the IBE as well as
the general public key encryption schemes, the encryption key
is publicly opened to the arbitrary parties and the decryption
key is privately secured within owners environment. However,
on the contrary, we publicly throw the decryption key and
conceal the encryption key on the owner side. The reason
is that the encrypted program codes should be exposed in
decrypted form to foreign hosts due to the characteristics of
modem general-purposed computer architecture. The mobile
agent owner encrypts some part of a program code with his
- 510 -
(a! Unprotected mobile agent (d) Executable state
System ':
Memory
replacement
........ - 2'
(b) Ready-@launch
mobile agent
(c) Self-integrity cbcck
and rclf.dnryption
Fig. 3. Procedural Row and basic memory layout
secret encryption key and then, in foreign hosts, the agent
itself decrypts the encrypted code with decryption key which is
computed fromthe integrity-protected fragment of the mobile
agent code. In this manner, if a malicious host tries to modify
the protected code, the mobile agent will malhnction and he
cannot achieve his intention.
Hashing: Set MAC; =Y f ( I ~ l ~ ~ ~ ~ ~ ~ ~ I ~ j ) where I; E 2, ' 11'
denotes the concatenation of two strings and H :
{O,l }* + ' { O , l } n is the one-way and collision-
resistant hash function.
Admissible pairings: Let GI and Gz be two groups of order
q for some large prime q. Wewill call 6 an admi s-
sible pairing if C : 6 1 x GI +U& is a map with
the following properties:
(1) Bilinear: t?(aP, bQ) =?(P, Q ) O b for all P, Q E
(2) Non-degenerate: The map does not send all
(3) Computable: There is an efficient algorithm to
So u r c e set up: The mobile agent code i s classified and delim-
ited into two categories M and 1.
Encryption setup: Given a security parameter k E Zf and
G be a 3ilinear Diffie-Hellman (BDH) [7] parameter
generator, KGC runs thealgorithmas follows:
(I ) Run Q on input k to generate a prime q, two
groups GI ,& of order q, and an admissible
bilinear map C : G1 x GI + 62. Choose a
random generator P E 6 1 .
GI and all a, b E Z.
pairs in GI x Cl to the identity in Gz.
compute @( P, &) for any P, Q E Cl .
(2) Pick a randoms E Z; and set PpUb =sp.
(3) Choose a cryptographic hash function HI :
(0,l )' -+G;. Choose a cryptographic hash
function H2 : @2 4 (0,1)" for some n. The
security analysis will view HI, H2 as random
oracles.
The plaincode space is M E (0, I}". The cipher-
code space is C =G; x (0,l)". The system parame-
t er s are params =( 4, GI , Gz, 6, R., P, Ppuar H1,Ha).
The master-key is s E Z;.
Ex t r ac t : For a given string MAC; E (0,l)' the algo-
rithm does: (1) computes a decryption key Q, =
HI (MAC;) E Gy, and (2) sets an encryption key d;
to be d; =sQ, where s is the master-key.
Encrypt: As shown in Fig. 3 (a) and (b), encryption is
proceeded by external utility, which isoperated by
the agent owner. To encrypt Mi E M under the
encryption key d, do the following: (1) compute
Q, =H 1(MAC,) E C;, (2) choose a random
T f E; , and (3) set the ciphercode to be
c; =( TPpyb, Mi 69 Hz ( g: ) )
where g; =i (d,,P) E G.;
After finishing the encryption, a mobile agent is
ready to launch on network.
Decrypt: After a mobile agent is launched toward the foreign
hosts, the protection is kept by itself. Likewise, C;
which is encrypted by an external utility should be
decrypted by the self-decryption as folIows. In the
beginning of execution Ci, it has to be decrypted
into plaincode M; by agent code itself, as shown in
Fig. 3 (c) and (d). Decryption of C, is performed by
decrypting routine D; embedded in a mobile agent
program. Let C; ={V;,Vi) E C be a ciphercode
encrypted using the encryption key d i . To decrypt
C, using the decryption key Qi E S; compute:
K a3HZ( i ( Qi , l l i ) ) =Ma
This produces the original executable code M; since
; ( Qi 7 VI) =?( &i ) r ppub) i(&i? sp)'
=e(&, P)' =C(d,,P)' =g;
3.3 SeJf-Inntegrity Check
Weprovide an integrity checking method, which can be op
erated without the: extemal help. The key point of our integrity
checking method is that the checking is not explicitly formed
within the program, so an adversary will have difficulty in
analyzing the protected program. It is indeed the side effect of
an integrity-based encryption scheme since decrypting C, with
the decryption key which is extracted fromIi will naturally
help to protect the integrity of 1; by causing malfunction in
case of tampering 1,.
Before the execution of C;, it should be decrypted into
the executable plaincode M, within the memory by self-
decryption explained above, since the general-purposed CPU
cannot dispatch and execute the encrypted instruction. Due to
- 511 -
- Decrypi
--- Usdaskey
Fig. 4. ' Memory layout of the protected code
computing the decryption keys from the hash values which
are. calculated with the collision-resistant and one-way hash
function N(), it is hard to find I;, such that X( 1: ) =N( 1; ) .
Therefore, if 1; has been tampered into 1; by a malicious host,
decryption key will be Q: =Hl ( X( I i ) ) #Qi , so Ci cannot
be properly decrypted into Mi and the program execution will
be terminated. It will spontaneously disturb an adversary in his
attack and, therefore, preserve the integrity of 1i.
The decrypting routine Di is also critical component in
the security of our scheme., An attacker may discover the
important information like the boundary of 1 or the integrity
dependency of each fragment. Furthermore, after he tampers I,
into I:, he may modify Di to decrypt Ci with saved image of
I, instead of the fresh I:: The integrity of Di can be protected
by encryption or keying with other fragments of a program,
i.e., D; c C, or D; c I,,i #j, as an example of Dz which
is included in CJ in Fig. 4.
3.4 Da!a Profecrion
It is important to preserve the confidentiality and integrity
of the data acquired and carried by free-roaming agents as well
as securing the mobile code. The most common approach to
protect data is applying the public key encryption scheme with
the agent owner's public key and the digital signature with the
private signing key of the remote hosts [43, [19], [ZO] or its
variations [21]. In the model in which a mobile agent program
T proceeds the computation autonomously and independently
of the mobile agent owner 0, the message m, that is the
computation result in the remote host H, for i =1,. . . , I i s
encrypted as mi)^^with the owner's public key KO and
signed as {WL ~}~,-I with the private signing key St-' of the
host Hi.
However, without the code analysis and modification, it is
feasible for the nlalicious host H, to forge the encfyption key
by simple substitution KO with K, in order that the other hosts
may encrypt secret data with his public key since a public key
is embedded in the,mobile code as an individual data object
which is easily revealed. The following hosts H,+1,. . , , HI,
will naively encrypt their results as { m j } ~ . for z +I 5 j 5
k <1 and, by capturing, the attacker H, can acquire the
computation results from Hs+l t . . . , H h by decrypting with
his decryption key K;'.
Our concept of an integrity-based encryption method and
the identity-based encryption scheme with encryption key
X ( n ) which is the hash value of mobile agent code n solve
this situation. By identity-based encryption scheme ( ml ) x ( g )
the mobile agent can defense against the replacement of
encryption key owing to the code integrity of n by an integrity-
based encryption scheme.
4. SECURITY ANALYSIS
4.1 Threat Model
Our protection scheme protects the mobile agent against
practical threatening accompanying with the reverse engineer-
ing. To success in tampering the mobile agent, the attacker
firstly analyze the control flow of a mobile agent in casual way.
Then, in step-by-step manner, he should solve the integrity
dependency of each protected segment. Finally, he has to
disable the integrity check and recover the encrypted code.
Moreover, the secret master-key and encryption key prevent
the adversary from an adaptive-chosen-plaintext attack.
The design principle that we have focused is based on the
disturbance of reverse engineering by means of the usage of
a program code string as a decryption key. Examining the
portions of software code which are used as decryption keys
is harder than usual reverse engineering. With our scheme,
the algorithm privacy copes with a static analysis and the
execution integrity opposes against a dynamic analysis without
the support of external devices and the specialized software.
4.2 Security Properties
Our scheme provides thefollowing security properties.
Integrity. If an alteration to the guarded code is per-
ceived, the corresponding decryption routine will react
for the situation, ranging from the mildest of silently
logging the detection event, to the extreme of making
the software unusable (e.g., by halting its execution or
causing an eventual crash that will be hard to trace back to
the protecting code). If no code modification IS detected,
the program execution proceeds normafIy. It guarantees
the originality of the program code.
Confidentiality. An integrity-bascd encryption scheme
provides algorithm confidentiality by encrypting the al-
gorithm private routines which are resilient against re-
verse engineering accompanied with the static analysis.
Moreover, when the malicious modification is detected,
it helps to react in the form of unjust halting by allowing
to execute the ciphercode unintemptedly, and ultimately
results in complementary cooperation between the exe-
cution integrity and the algorithm privacy.
Responsibility management. We introduce certain cir-
cumstances under which a master-key is kept by the
owner and an encryption key is managed by the operators
who actually manage the mobile agents, so that they
- 512 -
can separate the risk of key management and hold the
responsibility.
Self-awareness. The protection needs not to be supported
from an external device or software to detect modification
and to take actions against tampering. This property is
essential since the attacker who is capable of successfully
modifying a software can easily disarmthe routine which
receives support from the outside.
Scalability. The finer granularity of guarded fragments is
fractionalized, the stronger security i s achieved. Security-
critical mobile agent can be supported with higher level
of guarding framework.
ConRgurability. Simple variation of the guarding frame-
work will effect a significant hurdle for code analysis, so
that protection is customizable and can be made as strong
as one needs.
Resiliency. The protection has no single routine to break
defense. Hence, one success of incapacitation for guard-
ing node may not help successive hits of debilitation.
5. CONCLUSrONS
We presented and discussed the techniques .for protecting
the mobile agents from the malicious hosts trying to reverse
engineer and modify the code on their own purpose. An
integrity-based encryption is introduced to guarantee the code
integrity and to promise algorithmprivacy, The techniques are
based on the identity-based encryption scheme to use arbitrary
code strings as the decryption key and the corresponding
encryption key is secured by the agent owner. The use of
code fraction as the decryption key solves the key management
problem and produces new concept of integrity preserving
technique. The inherent component of KGC helps to pre-
vent an adaptive-chosen-plaintext attack. Our schemes defend
against static analysis for algorithm privacy and dynamic
analysis for execution integrity.
However, solutions for the protection of mobile agent are
susceptible to the different kinds of attacks which are taken
with the low-level attacks reduced to denial of service, replay
attacks, or collecting sufficient data to recover essential infor-
mation about the mobile agent, instead of modification. The
ultimate answer for these kinds of invasions may come from
the social sanction.
ACKNOWLEDGEMENT
This work was supported by the Korea Science and En-
gineering Foundation (KOSEF) through the Advanced In for-
mation Technology Research Center(A1Trc) and University IT
Research Center (ITRC) Project.
REFERENCES
[ I ] D. Chess, B. Grosof, C. Harrison. D. Levine, C. Parris, and G. Tsudik,
Itinerant agents for mobile computing. IBM Zurich Research Lab.,
Rueschlikon, Switzerland, Tech. Rep. RC20010, Mar. 1995.
[ 2 ] D. M. Chess, Security Issues inMobile CodeSystems, inProceedings
of Mobile Agenfs und Security, LNCS 1419, 1998, pp. 1-14.
[3] T. Sander and C. E Tschudin. Protecting Mobile Agents Against
Malicious Hosts. inProceedings of Mobile Agenfs and Securip, LNCS
14t9, 1998. pp. 44-60.
[4] V. Roth, On the Robustness of Some Cryptographic Protocols for
Mobile Agent Protection: in Pmceedings of fhe 5th lnremafionat
Conference on Mobile Agenfs {MA 2001). LNCS 2240, 2001, pp. I -
14.
[5] D. Boneh and M. Frankin, Identify-Based Encryption fromthe Weil
Pairing, in A& in Cvpfology - Crypro 2001. LNCS 2139. 2001,
pp. 213-229.
161 A. Shamir, Identity-Based Crytosystems and Signature Schemes, in
Advances in Cryprology - Cv p ~ o 84. 1984, pp. 47-53.
[7] D. Boneh and M. Frankin, Identity-Based Encryption fromthe Weil
Pairing.SIAMJournal of Compuring. vol . 32, no. 3, pp. 58-615, 2003.
[8] H. J in and I. Lotspiech, Proactive Software Tampering Detection, in
Proceedings of 6/h International Conference on /n&nnation Securify,
[9] G.Vigna, Cryptographic Traces for Mobile Agents, inPmceadingr of
Mobile Agenrs and Securiry. LVCS 1419, 1998, pp. 137-153.
(I O] E, J. Chikofsky and J. H. C. I t , Reverse Engineering and Design
Rscovey: A Taxonomy, IEEE Softwam, vol. 7 , no. I , pp. 13-17, J an.
1990.
[I I ] D. Aucsmith, Tamper Resistant Sohare: An Implementalion. in
Proceedings of First Infemarional Workihop on Informafion Hiding.
[12] C. Collberg, C. Thomborson. and D. Low, A Taxonomy of Obfuscafing
Transformations, Depament of Computer Science,.The University of
Auckland, New Zealand, Tech. Rep. Technical Report 161, J uly 1997.
[I31 T, Ogiso, Y. Sakabe, M. Soshi,. and A. Miyaji. Software Obfuscation
on a Theoretical Basis and Its Implementation, IEICE Tram. Funda-
mm/als, vol. E86-A, no. l , pp. 176-186, Jan. 2003.
WCS 2851, 2003, PP. 352-365.
LNCS 1174, 1996, pp. 317-333.
[ 141 D. Libes, Ob&cuted C and ofher mysteries. Wiley. 1993:
[IS] 0. Esparza, M. Femandez, M. Soriano. J . L. Mufioz. and J . Forne.
Mobile Agent Watcmnarking and Fingerprinting Tracing Malicious
Hosts, in Proceedings of DEX4 2003. LNCS 2736, 2003, pp. 927-936.
[16] G. Myles and C. Collberg. Software Watermarking Through Register
Allocation: Implementation, Analysis, and Attacks, in Proceedings of
6fh Infernafiond Confcrmce on Infamarion Secwiry and Cryplology
-1CISC 2003, 2003, pp. 274 - 293.
[17] A. Young and M. Yung, Sliding Encrqption: A Clyptographic Too1for
Mobile Agents, in Proceedings of Fasf Soffwure Encrypion Wurkihop
97, WYCS 1267, 1997, pp. 23&241.
[I81 C. Gentry and A. Silverberg, Hierarchical ID-Based Cryptography,
in Advances in Ciyplology - ASIACRYPT 2002. LNCS 2501, 2002, pp.
548-566.
[I91 G. Karjoth, N. Asokan, and C. Gulcu, Protecting the Computation
Results of Free-Roaming Agents, in Proceedings of MA98. LNCS
[ 20] N. M. Kamik and A. R. Tripathi, Security in the Ajanta mobile agent
system,Sofnam, Practice und Erperience, vol. 31, no. 4, pp. 301-329,
2001.
[21] B. Lee, H. Kim, and K. Kim, Secure Mobile Agent Using Strong Non-
designated Proxy Signamre, in Pmceedings of the 6fh Ausrrahiun
Conference on Information Security und Privacy(ACISP20OI). LNCS
2119, 2001, pp. 474-486.
1477, 1998. pp. 195-207.
-513 -