A Secure Mobile Agent System Using Multi-signature Scheme in Electronic Commerce

Mobile agent is a program which can autonomously migrate from a host to another and it provides a useful framework for Electronic Commerce. But, in spite of mobile agent system’s benefits, it has been exposed to the serious security attacks from malicious hosts or agents. So, there has been a lot of works in the mobile agent’s security, and recently, Kim and Chung proposed a security protocol for mobile agent system [5]. But their protocol has some security weaknesses; i.e., it is vulnerable to intruder-in-the-middle attack and the previous agent platform can forge the multi-signature. In this paper, we show that their protocol has the security weaknesses. And then we propose a new security protocol for secure mobile agent system that solves the weaknesses of their protocol and provides the security services such as the mutual authentication, the confidentiality, the non-repudiation, and the prevention of replay attack. Our protocol is very suitable for protecting mobile agent from malicious host in the Electronic Commerce Web site that searches the best price of the products.