Data Privacy in Mobile Agent Communication D.S. Adane, P.D.Adane S.R.Sathe Department of Information Technology Department of Computer Science, Ramdeobaba Kamla Nehru Engineering college, Visvesvaraya National Institute of Technology, Nagpur, INDIA. Nagpur, INDIA. Email: dattaadane@yahoo.com Email: srsathe@vnitnagpur.ac.in Abstract Communicating with confidential data requires special attention in a Mobile Agents environment, especially when the other hosts must be prevented from eavesdropping the communication. We propose two methods for secured communication between the agent and a host (or other agent). The first approach for an untrusted environment uses on the fly Encryption-Decryption sequence to directly convert the message or plaintext into one that is encrypted directly with the public key of receiver thus reducing the overhead of retrieving the public key of sender. The technique uses AlGamal encryption/decryption. Theoretically it is proved that this scheme indeed gives the desired result. The second approach uses a trusted central authority for supply of public keys. It uses time stamps, identity of agents and RSA algorithm to provide a secured communication. Our minimal implementation of this technique suggests that it is possible to embed the entire functionality for communication security within an agent. Finally, we also state and explain how the second approach is useful in context of mobile agents with itinerary. Keywords: Mobile Agents, AlGamal, RSA, DES, Aglets 1 INTRODUCTION As the agent technology evolves, awareness of security for this kind of technology is increasing. However, solving the security problems is a difficult challenge and adding privacy makes it even more difficult. To get an impression of the challenge, imagine an agent, owned by a user that is sent out to be executed at some foreign host. Nothing may be known about the foreign host; therefore the agent must be well protected to make the user feel comfortable in sending his agent off to such a possibly dangerous location. Compare it to a situation where a person takes its most private possessions to a location with a high chance of being attacked. The person must be very well protected and he / she must be aware of that protection to survive in such an environment. In the digital world the fear may even be bigger as one is not physically present where the agent (including the user’s personal data) is processed. From the above example, it is clear that not only an agent’s security should be guaranteed, but also its privacy such that the user’s personal data is protected. Especially the privacy aspect of agent technology is an area where not much research has been done and even the security problems are no completely solved yet. This paper describes these privacy problems and gives two solutions that contribute to provide privacy in agent technology. Shortly it can be stated that the main difference in providing privacy to a software agent and conventional it-systems is the fact that the execution environment does not belong to the user. t 2 2 APPROACH 1: SUCCESSIVE ENCRYPTION FOLLOWED BY 3 DECRYPTION : Over the years much research has been done in the area of privacy in conventional IT-systems and many good solutions have been presented. The term PET (Privacy-Enhancing Technologies) is used to describe all types of technologies that provide privacy to a user [1]. Typical cryptographic techniques that can be called PET are blind signatures [2], partial blind signatures [3] and pseudonym systems [4]. Each of these techniques have their own applications but they are all based on the assumption that the computers where the computations are performed can be completely trusted, which is not the case in a mobile agent system. Over the last few years when PET were evolving rapidly, mainly new techniques were invented in the area of network privacy. Examples are the Mix network [5], onion routing [6] and the crowds system [7,8]. Next to PET for conventional it-systems, many security techniques have been developed for mobile software agents to protect them from malicious hosts. Several schemes have been described to provide integrity of partial results [9]. Hohl [10] described a mechanism called “time limited black box security”, where the idea is to obfuscate the source code such that it takes more time to understand the code than the programmed time limit. A more cryptographic method is presented in [11] where Sander and Tschudin encrypt functions that can be executed in its encrypted form. This method works for polynomials and rational functions [12]. Our aim in this paper is to propose methods for solving the agent communication problem using conventional symmetric and asymmetric encryptions but providing the required level of security and feasibility of implementation. Next section describes the working of our first approach for secure communication followed by its advantages in context of mobile agents. This is followed by our second approach, its implementation details and results. Lastly we propose a method of solving communication problem in context of agents with itinerary using the second approach and then we state our conclusion. Problems in communicating confidential data through agents: