Niklas Borselius (2003) Multi-agent system security for mobile communication .
Full text access: Open
This thesis investigates security in multi-agent systems for mobile communication. Mobile as well as non-mobile agent technology is addressed. A general security analysis based on properties of agents and multi-agent systems is presented along with an overview of security measures applicable to multi-agent systems, and in particular to mobile agent systems. A security architecture, designed for deployment of agent technology in a mobile communication environment, is presented. The security architecture allows modelling of interactions at all levels within a mobile communication system. This architecture is used as the basis for describing security services and mechanisms for a multi-agent system. It is shown how security mechanisms can be used in an agent system, with emphasis on secure agent communication. Mobile agents are vulnerable to attacks from the hosts on which they are executing. Two methods for dealing with threats posed by malicious hosts to a trading agent are presented. The rst approach uses a threshold scheme and multiple mobile agents to minimise the eect of malicious hosts. The second introduces trusted nodes into the infrastructure. Undetachable signatures have been proposed as a way to limit the damage a malicious host can do by misusing a signature key carried by a mobile agent. This thesis proposes an alternative scheme based on conventional signatures and public key certicates. Threshold signatures can be used in a mobile agent scenario to spread the risk between several agents and thereby overcome the threats posed by individual malicious hosts. An alternative to threshold signatures, based on conventional signatures, achieving comparable security guarantees with potential practical advantages compared to a threshold scheme is proposed in this thesis. Undetachable signatures and threshold signatures are both concepts applicable to mobile agents. This thesis proposes a technique combining the two schemes to achieve undetachable threshold signatures. This thesis denes the concept of certicate translation, which allows an agent to have one certicate translated into another format if so required, and thereby save storage space as well as being able to cope with a certicate format not foreseen at the time the agent was created.
This is a Published version This version's date is: 2003 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/14d0ebc8-1f29-dc18-e2f0-f9228490c0b3/1/
Deposited by () on 14-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010
[1] 3rd Generation Partnership Project (3GPP). Mobile Station ApplicationExecution Environment (MExE), Functional description, 3GPP, 3G TS23.057, stage2 (release 1999) edition, March 2000.[2] ANSI X9.68. Digital Certicates for Mobile/Wireless and High Trans-action Volume Financial Systems: Part 2: Domain Certicate Syntax.American National Standard Institute, 2002.[3] Giuseppe Ateniese, Breno de Medeiros, and Michael T. Goodrich.TRICERT: A distributed certied e-mail scheme. In Proceedings of ISOC2001 Network and Distributed System Security Symposium (NDSS'01),pages 45{56. CA, 2001.[4] Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, AmitSahai, Salil Vadhan, and Ke Yang. On the (im)possibility of obfuscatingprograms. In J. Kilian, editor, Advances in Cryptology { Crypto 2001proceedings, number 2139 in LNCS, pages 1{18. Springer-Verlag, Berlin,2001.[5] Mihir Bellare, Oded Goldreich, and Sha Goldwasser. Incremental cryptography:the case of hashing and signing. In Y. Desmedt, editor, Ad-vances in Cryptology { Crypto '94 proceedings, number 839 in LNCS, pages216{233. Springer-Verlag, Berlin, 1994.[6] Fabio Bellifemine, Agostino Poggi, and Giovanni Rimassa. JADE: aFIPA2000 compliant agent development environment. In Jorg P. Muller,Elisabeth Andre, Sandip Sen, and Claude Frasson, editors, Proceedings ofthe Fifth International Conference on Autonomous Agents, pages 216{217.ACM Press, 2001.[7] J. Bigham, A.L.G. Hayzelden, J. Borrell, and S. Robles. Distributed controlof connection admission to a telecommunications network: Securityissues. In Alex L.G. Hayzelden and Rachel A. Bourne, editors, AgentTechnology for Communication Infrastructures, chapter 6. Wiley, 2001.[8] A. Birk. Learning to trust. In R. Falcone, M. Singh, and Y. H. Tan, editors,Trust in Cyber-societies, number 2246 in LNAI, pages 27{54. Springer-Verlag, Berlin, 2001.[9] Niklas Borselius. Mobile agent security. Electronics & CommunicationEngineering Journal, 14(5):211{218, October 2002.[10] Niklas Borselius. Security in multi-agent systems. In Y. Mun and H. R.Arabnia, editors, Proceedings of the 2002 International Conference onSecurity and Management (SAM'02), pages 31{36. CSREA Press, Nevada,2002.[11] Niklas Borselius, Namhyun Hur, Marek Kaprynski, and Chris J. Mitchell.A security architecture for agent-based mobile systems. In Proceedings{ 3G2002, Third International Conference on Mobile CommunicationsTechnologies, number 489 in IEE Conference Publication, pages 312{318.IEE, London, 2002.[12] Niklas Borselius and Chris J. Mitchell. Certicate translation. In Proceed-ings of NORDSEC 2000 { 5th Nordic Workshop on Secure IT Systems,pages 289{300. Reykjavik University, 2000.[13] Niklas Borselius and Chris J. Mitchell. Securing FIPA agent communication.In H. R. Arabnia and Y. Mun, editors, Proceedings of the 2003International Conference on Security and Management (SAM'03), Vol. 1,pages 135{141. CSREA Press, Nevada, 2003.[14] Niklas Borselius, Chris J. Mitchell, and Aaron Wilson. On mobile agentbased transactions in moderately hostile environments. In B. De Decker,F. Piessens, J. Smits, and E. Van Herreweghen, editors, Advances inNetwork and Distributed Systems Security, Proceedings of IFIP TC11WG11.4 First Annual Working Conference on Network Security, KU Leu-ven, Belgium, pages 173{186. Kluwer Academic Publishers, Boston, 2001.[15] Niklas Borselius, Chris J. Mitchell, and Aaron Wilson. Undetachablethreshold signatures. In Cryptography and Coding - Proceedings of the 8thIMA International Conference, Cirencester, UK, number 2260 in LNCS,pages 239{244. Springer-Verlag, Berlin, 2001.[16] Niklas Borselius, Chris J. Mitchell, and Aaron Wilson. On the value ofthreshold signatures. ACM SIGOPS Operating Systems Review, 36(4):30{35, October 2002.[17] Niklas Borselius, Chris J. Mitchell, and Aaron Wilson. A pragmatic alternativeto undetachable signatures. ACM SIGOPS Operating SystemsReview, 36(2):6{11, April 2002.[18] K. P. Bosworth and N. Tedeschi. Public key infrastructures | the nextgeneration. In Robert Temple and John Regnault, editors, Internet andwireless security, BTexact Communications Technology series 4, pages 95{120. IEE, London, 2002.[19] Jerey M. Bradshaw. An introduction to software agents. In Jerey M.Bradshaw, editor, Software Agents, chapter 1, pages 3{46. AAAI Press /The MIT Press, 1997.[20] Jerey M. Bradshaw, Stewart Duteld, Pete Benoit, and John D. Woolley.KAoS: Toward an industrial-strength open agent architecture. InJerey M. Bradshaw, editor, Software Agents, chapter 17, pages 375{418.AAAI Press / The MIT Press, 1997.[21] Bernard Burg. Towards the deployment of an open agent world. In Hermes,editor, Journees Francophones d'Intelligence Articielle Distribueeet de Systemes Multi-Agents (JFIADSMA2000), October 2001.[22] J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. OpenPGP MessageFormat, RFC 2440. IETF, November 1998.[23] Cristiano Castelfranchi and Yao-Hua Tan, editors. Trust and Deception inVirtual Societies. Kluwer Academic Publishers, The Netherlands, 2001.[24] David L. Chaum. Untraceable electronic mail, return address, and digitalpseudonyms. Communications of the ACM, 24(2):84{88, February 1981.[25] David Chess, Benjamin Grosof, Colin Harrison, David Levine, Colin Parris,and Gene Tsudik. Itinerant agents for mobile computing. In Michael N.Huhns and Munindar P. Singh, editors, Readings in Agents, pages 267{282. Morgan Kaufmann, San Francisco, CA, 1997.[26] David M. Chess. Security Issues in Mobile Code Systems. In GiovanniVigna, editor, Mobile Agents and Security, number 1419 in LNCS, pages1{14. Springer-Verlag, Berlin, 1998.[27] Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Privateinformation retrieval. Journal of the ACM, 45(6):965{981, 1998.[28] Joris Claessens, Bart Preneel, and Joos Vandewalle. Secure communicationfor secure agent-based electronic commerce applications. In J. Liuand Y. Ye, editors, E-Commerce Agents: Marketplace Solutions, Securityissues, and Supply and Demand, number 2033 in LNAI, pages 180{190.Springer-Verlag, Berlin, 2001.[29] Cloakware Corporation. Protecting Digital Content using Cloakware CodeTransformation Technology, white paper, 1.2 edition, 2002.[30] Bruno Crispo. Delegation of responsibility (position paper). In B. Christianson,B. Crispo, W.S. Harbison, and M. Roe, editors, Security proto-cols: 6th International Workshop, Cambridge, UK, number 1550 in LNCS,pages 118{124. Springer-Verlag, Berlin, 1998.[31] David H. Crocker. Standard for the format of ARPA Internet text mes-sages, RFC 822. IETF, August 1982.[32] Ivan Damgard and Maciej Koprowski. Practical threshold RSA signatureswithout a trusted dealer. In Birgit Ptzmann, editor, Advances inCryptology { Eurocrypt 2001 proceedings, number 2045 in LNCS, pages152{165. Springer-Verlag, Berlin, 2001.[33] Y. Desmedt. Society and group oriented cryptography. In C. Pomerance,editor, Advances in Cryptology { Crypto '87 proceedings, number 293 inLNCS, pages 120{127. Springer-Verlag, Berlin, 1988.[34] Y. Desmedt and A.M. Odlyzko. A chosen text attack on the rsa cryptosystemand some discrete logarithm schemes. In H.C. Williams, editor,Advances in Cryptology { Crypto '85 proceedings, number 218 in LNCS,pages 516{522. Springer-Verlag, Berlin, 1986.[35] T. Dierks and C. Allen. The TLS Protocol Version 1.0, RFC 2246. IETF,January 1999.[36] D. Eastlake 3rd, J. Reagle, and D. Solo. XML-Signature Syntax andProcessing, RFC 3275. IETF, March 2002.[37] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen.SPKI Certicate Theory, RFC 2693. IETF, Septtember 1999.[38] EMV 4.0 Book 2, EMV Integrated Circuit Card Specication for PaymentSystems - Book 2: Security & Key Management, Version 4.0, 2000.[39] William Farmer, Joshua Guttmann, and Vipin Swarup. Security for mobileagents: Authentication and state appraisal. In E. Bertino, H. Kurth,G. Martella, and E. Montolivo, editors, Proceedings of the European Sym-posium on Research in Computer Security (ESORICS 96), number 1146in LNCS, pages 118{130. Springer-Verlag, Berlin, 1996.[40] Jalal Feghhi, Jalil Feghhi, and Peter Williams. Digital Certicates { Ap-plied Internet Security. Addison-Wesley-Longman, 1999.[41] FIPA 98 Specication Part 10, Version 1.0, Agent Security Management.Geneva, October 1998. Obsolete.[42] FIPA ACL Message Representation in XML Specication, Document no.XC00071B. Geneva, June 2000.[43] FIPA Agent Message Transport Service Specication, Document no.XC00067D. Geneva, August 2001.[44] FIPA Agent Message Transport Service Specication, Document no.SC00067F. Geneva, December 2002.[45] FIPS PUB 186-2, Digital Signature Standard (DSS). Gaithersburg, MD,January 2000.[46] Leonard N. Foner. A Security Architecture for Multi-Agent Matchmaking.In M. Tokoro, editor, Proceedings of the Second International Conferenceon Multi-Agent Systems, pages 80{86. AAAI Press, menlo Park, CA, 1996.[47] Warwick Ford. Computer Communications Security | Principles, Stan-dard Protocols and Techniques. Prentice-Hall, New Jersey, 1994.[48] M. Genesereth and R. Fikes. Knowledge interchange format, version 3.0reference manual. Technical Report Logic-92-1, Computer Science Department,Stanford University, 1992.[49] Dieter Gollman. Computer Security. John Wiley & Sons, Chichester,1999.[50] Robert S. Gray, David Kotz, George Cybenko, and Daniela Rus.D'Agents: Security in a multiple-language, mobile system. In GiovanniVigna, editor, Mobile Agents and Security, number 1419 in LNCS, pages154{187. Springer-Verlag, Berlin, 1998.[51] Ceki Gulcu and Gene Tsudik. Mixing e-mail with BABEL. In Sympo-sium on Network and Distributed System Security (NDSS'96), pages 2{16.IEEE, 1996.[52] Colin G. Harrison, David M. Chess, and Aaron Kershenbaum. Mobileagents: Are they a good idea? Computer science research report, IBMResearch Center, New York, NY, 1995.[53] Vesna Hassler. Security Fundamentals for E-commerce. Artech House,2000.[54] Alex L. G. Hayzelden and Rachel A. Bourne, editors. Agent Technologyfor Communication Infrastructures. John Wiley & Sons, Chichester, 2000.[55] Qi He, Katia P. Sycara, and Timothy W. Finin. Personal security agent:KQML-Based PKI. In Katia P. Sycara and Michael Wooldridge, editors,Proceedings of the 2nd International Conference on Autonomous Agents,pages 377{384, New York, NY, 1998. ACM Press.[56] Fritz Hohl. A model of attacks of malicious hosts against mobile agents. InProceedings of the ECOOP Workshop on Distributed Object Security and4th Workshop on Mobile Object Systems: Secure Internet Mobile Compu-tations, pages 105{120, 1998.[57] Fritz Hohl. Time limited blackbox security: Protecting mobile agents frommalicious hosts. In Giovanni Vigna, editor, Mobile Agents and Security,number 1419 in LNCS, pages 92{113. Springer-Verlag, Berlin, 1998.[58] R. Housley. Cryptographic Message Syntax, RFC 3369. IETF, August2002.[59] IEEE P1363, Standard specications for public key cryptography, 2000.[60] Takeshi Imamura, Blair Dillaway, and Ed Simon. XML encryption syntaxand processing, W3C candidate recommendation, August 2002.[61] ISO/IEC 11770-1, Information Technology | Security techniques | Keymanagement |Part 1: Framework. Geneva, 1996.[62] ISO/IEC 13888-1. Information technology | Security techniques | Non-repudiation | Part 1: General. Geneva. 2nd edition, to be published.[63] ISO/IEC 13888-2. Information technology | Security techniques | Non-repudiation | Part 2: Mechanisms using symmetric techniques. Geneva,1998.[64] ISO/IEC 13888-3. Information technology | Security techniques | Non-repudiation | Part 3: Mechanisms using asymmetric techniques. Geneva,1997.[65] ISO/IEC 14516 / ITU-T X.842. Information technology | Security tech-niques | Guidelines for the use and management of Trusted Third Partyservices. Geneva, 2002.[66] ISO/IEC 14888-1. Information technology | Security techniques | Datasignatures with appendix | Part 1: General. Geneva, 1998.[67] ISO/IEC 14888-2. Information technology | Security techniques | Datasignatures with appendix | Part 2: Identity-based mechanisms. Geneva,1999.[68] ISO/IEC 14888-3. Information technology | Security techniques |Data signatures with appendix | Part 3: Certicate-based mechanisms.Geneva, 1998.[69] ISO/IEC 7498-2 / ITU-T X.800, Data Communication Networks: OpenSystem Interconnection (OSI); Security, Structure and Applications |Security Architecture for Open Systems Interconnection for CCITT Ap-plications. Geneva, 1991.[70] ISO/IEC 8825-1 / ITU-T X.690, Information Technology | ASN.1 En-coding Rules: Specication of Basic Encoding Rules (BER), CanonicalEncoding Rules (CER) and Distinguished Encoding Rules (DER). Geneva,1998.[71] ISO/IEC 8825-2 / ITU-T X.691, Information Technology | ASN.1 En-coding Rules: Specication of Packed Encoding Rules (PER). Geneva,1998.[72] ISO/IEC 9797-1. Information technology - Security techniques | Mes-sage Authentication Codes (MACs) | Part 1: Mechanisms using a blockcipher. Geneva, 1999.[73] ISO/IEC 9797-2. Information technology | Security techniques | Mes-sage Authentication Codes (MACs) | Part 2: Mechanisms using a hash-function. Geneva, 2002.[74] ISO/IEC 9798-3 Information technology | Security techniques | Entityauthentication mechanisms | Part 3: Mechanisms using digital signaturetechniques. Geneva, 1998. 2nd edition.[75] ISO/IEC 9798-4, Information technology | Security techniques | En-tity authentication | Part 4: Mechanisms using a cryptographic checkfunction. Geneva, 1999. 2nd edition.[76] ITU-T Recommendation X.509, Information technology | Open SystemsInterconnection | The Directory: Public-key and attribute certicateframeworks. Geneva, 2000. 4 edition, Also ISO International Standard9594-8.[77] Markus Jakobsson. Flash mixing. In The Eighteenth annual ACM sym-posium on Principles of distributed computing, pages 83{89. ACM press,1999.[78] Wayne Jansen and Tom Karygiannis. NIST Special Publication 800-19 {Mobile Agent Security. National Institute of Standards and Technology,1999.[79] N. R. Jennings, K. Sycara, and M. Wooldridge. A roadmap of agentresearch and development. Autonomous Agents and Multi-Agent Systems,1(1):275{306, 1998.[80] N. R. Jennings and M. Wooldridge. Intelligent agents: Theory and practice.The Knowledge Engineering Review, 10(2):115{152, 1995.[81] Panayiotis Kotzanikolaou, Mike Burmester, and Vassilios Chrissikopoulos.Secure transactions with mobile agents in hostile environments. InE. Dawson, A. Clark, and C. Boyd, editors, Information Security and Pri-vacy, Proceedings of the 5th Australasian Conference ACISP 2000, number1841 in LNCS, pages 289{297. Springer-Verlag, Berlin, 2000.[82] Susan K. Langford. Threshold DSS signatures without a trusted party. InD. Coppersmith, editor, Advances in Cryptology { Crypto '95 proceedings,number 963 in LNCS, pages 397{409. Springer-Verlag, Berlin, 1995.[83] O. Lazaro, J. Irvine, D. Girma, J. Dunlop, A. Liotta, N. Borselius, andC.J. Mitchell. Management system requirements for wireless systems beyond3G. In Proceedings - IST Mobile & Wireless Communications Sum-mit 2002, pages 240{244, 2002.[84] Michael Luck and Mark d'Inverno. A conceptual framework for agentdenition and development. The Computer Journal, 44(1):1{20, 2001.[85] A. Malpani, R. Housley, and T. Freeman. Simple Certicate ValidationProtocol (SCVP), Internet Draft. IETF, June 2002.[86] Gary McGraw and Edward W. Felten. Securing JAVA: Getting Downto Business with Mobile Code. John Wiley & Sons, New York, NY, 2ndedition, 1999.[87] A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of AppliedCryptography. Discrete Mathematics and Its Applications. CRC Press,1996.[88] S. Micali. Simultaneous electronic transactions. US Patent 5666420, 1997.[89] George C. Necula and Peter Lee. Safe, untrusted agents using proofcarryingcode. In Giovanni Vigna, editor, Mobile Agents and Security,number 1419 in LNCS, pages 61{91. Springer-Verlag, Berlin, 1998.[90] H. Penny Nii. Blackboard systems. In A. Barr, P.R. Cohen, and E.A.Feigenbaum, editors, The Handbook of Articial Intelligence, Volume IV,pages 1{82. Addison-Wesley, New York, 1998.[91] S. Poslad, P. Buckle, and R. Hadingham. The FIPA OS agent platform:Open source for open standards. In Jerey Bradshaw and Geo Arnold,editors, Proceedings of the 5th International Conference and Exhibitionon the Practical Application of Intelligent Agents and Multi-Agents, pages355{368, UK, 2000.[92] S. Poslad and M. Calisti. Towards improved trust and security in FIPAagent platforms. In Autonomous Agents 2000, June 2000.[93] B. Ramsdell. S/MIME Version 3 Message Specication, RFC 2633. IETF,June 1999.[94] H. Reiser and G. Vogt. Security requirements for management systemsusing mobile agents. In Proceedings of the Fifth IEEE Symposium onComputers and Communications: ISCC 2000, pages 160{165, 2000.[95] James Riordan and Bruce Schneier. Environmental key generation towardsclueless agents. In G. Vigna, editor, Mobile Agents and Security,number 1419 in LNCS, pages 15{24. Springer-Verlag, Berlin, 1998.[96] Volker Roth. Secure recording of itineraries through co-operating agents.In Proceedings of ECOOP Workshop on Distributed Object Security and4th Workshop on Object Systems: Secure Internet Mobile Computations,pages 147{154, France, 1998. INRIA.[97] RSA Laboratories. PKCS #7: Cryptographic Message Syntax Standard,1993. version 1.5.[98] Tomas Sander and Christian Tschudin. Protecting mobile agents againstmalicious hosts. In Giovanni Vigna, editor, Mobile Agents and Security,number 1419 in LNCS, pages 44{60. Springer-Verlag, Berlin, 1998.[99] Michael Schillo, Petra Funk, and Michael Rovatsos. Using trust for detectingdeceitful agents in articial societies. Applied Articial Intelligence,14(8):825{848, September 2000.[100] Fred B. Schneider. Towards fault-tolerant and secure agentry. InM. Mavronicolas and P. Tsigas, editors, Proceedings of the Eleventh In-ternational Workshop on Distributed Algorithms, number 1320 in LNCS,pages 1{14. Springer-Verlag, Berlin, 1997.[101] Security Model for the Next-Generation secure computing Base. whitepaper, Microsoft Corporation, 2003.[102] A. Shamir. How to share a secret. Communications of the ACM, 22:612{613, 1979.[103] Victor Shoup. Practical threshold signatures. In Bart Preneel, editor,Advances in Cryptology { Eurocrypt 2000 proceedings, number 1807 inLNCS, pages 207{220. Springer-Verlag, Berlin, 2000.[104] Masakazu Soshi and Mamoru Maekawa. The Saga Security system: Asecurity Architecture for open Distributed systems. In Proceedings of the6th IEEE Workshop on Future Trends of Distributed Computing Systems,pages 53{58. IEEE, 1997.[105] P F Syverson, D M Goldschlag, and M G Reed. Anonymous connectionsand onion routing. In Proceedings: IEEE Symposium on Security andPrivacy, pages 44{54. IEEE Computer Society Press, 1997.[106] Chelliah Thirunavukkarasu, Tim Finin, and James Mayeld. Secret agents- a security architecture for the KQML agent communication language.In Proceedings of the Intelligent Information Agents Workshop held inconjunction with Fourth International Conference on Information andKnowledge Management CIKM'95, pages 176{184, Baltimore, December1995. IEEE Computer Society Press.[107] Trusted Computing Group | Main Specication, Version 1.1a, 2001.[108] P.J. Turner, D.R. Basgeet, N. Borselius, E. Frazer, J. Irvine, N. Jefferies,N.R. Jennings, M. Kaprynski, O. Lazaro, S. Lloyd, C.J. Mitchell,K. Moessner, T. Song, E. Homayounvala, D. Wang, and A. Wilson. Scenariosfor future communications environments, technical report ECSTRIAM02-005. Technical report, Department of Electronics and ComputerScience, Southampton University, October 2002.[109] V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problemin distributed systems. In Proceedings: 1991 IEEE Computer Soci-ety Symposium on Research in Security and Privacy, pages 255{275, LosAlamitos, CA, May 1991. IEEE Computer Society Press.[110] Giovanni Vigna. Protecting mobile agents through tracing. In Proceedingsof the Third ECOOP Workshop on Operating System support for MobileObject Systems, pages 137{153, Finland, June 1997.[111] Michael Walker and Tim Wright. Security. In Fridhelm Hillebrand, editor,GSM and UMTS { The Creation of Global Mobile Communication,chapter 15, pages 385{406. John Wiley & Sons, Chichester, 2002.[112] WAP Forum. Wireless Application Protocol, Architecture Specication,July 2001. WAP-201-WAPArch-20010712.[113] WAP Forum. Wireless Application Protocol, Wireless Transport LayerSecurity, April 2001. WAP-261-WTLS-20010406-a.[114] Gio Wiederhold. Mediators in the architecture of future information systems.IEEE Computer, 25(3):38{49, March 1992.[115] U. G. Wilhelm, S. Staamann, and L. Buttyan. Introducing trusted thirdparties to the mobile agent paradigm. In J. Vitek and C. Jensen, editors,Secure Internet Programming: Security Issues for Mobile and DistributedObjects, number 1603 in LNCS, pages 471{491. Springer-Verlag, Berlin,1999.[116] H. ChiWong and Katia Sycara. Adding Security and Trust to Multi-AgentSystems. applied Articial intelligence, 14(9):927{941, 2000.[117] Michael Wooldridge. An Introduction to MultiAgent Systems. John Wiley& Sons, Chichester, 2002.[118] XML key management specication (XKMS 2.0), March 2002.[119] Bennet Yee. A sanctuary for mobile agents. In Jan Vitek and ChristianJensen, editors, Secure Internet Programming: Security Issues for Mobileand Distributed Objects, number 1603 in LNCS, pages 261{274. Springer-Verlag, Berlin, 1999.[120] A. Young and M. Yung. Sliding encryption: A cryptographic tool formobile agents. In Eli Biham, editor, Proceedings of the 4th InternationalWorkshop on Fast Software Encryption, FSE' 97, number 1267 in LNCS,pages 230{241. Springer-Verlag, Berlin, January 1997.[121] Philip R. Zimmermann. The Ocial PGP User's Guide. MIT Press,Boston, 1995.