이동 에이전트의 데이타 보호를 위한 일회용 에이전트 키 생성 시스템

One-Time Key Generation System for Agent Data Protection in Mobile Agent Systems

  • 박종열 (광주과학기술원 정보통신공학과) ;
  • 이동익 (광주과학기술원 정보통신공학과) ;
  • 이형효 (원광대학교 정보 전자상거래학부) ;
  • 박중길 (충남대학교 컴퓨터과학과)
  • Park, Jong-Youl (Dept. of Information Communication Engineering, Gwangju Institute of Science and Technology) ;
  • Lee, Dong-Ik (Dept. of Information Communication Engineering, Gwangju Institute of Science and Technology) ;
  • Lee, Hyung-Hyo ;
  • Park, Joong-Gil (Dept. of Computer Science, Chungnam National University)
  • 발행 : 2001.09.01

초록

본 논문은 이동 에이전트 시스템에서 발생할 수 있는 보안 문제, 특히 악의를 가진 에이전트 서버로부터 에이전트의 데이타를 보호하기 위한 일회용 에이전트 키 생성시스템을 제안한다. 제안된 일회용 에이전트 키 시스템은 일방향(one-way) 해쉬함수와 연결고리(coupler) 개념을 병용한다. 먼저 일방향 함수는 에이전트 데이타의 비밀성과 무결성을 보장하기 위해서 중요한 역할을 하며, 연결고리는 에이전트의 데이타를 보호하기 위해서 연속되는 암호화키들 사이의 일정한 연관관계(key chain)를 설정하기 위해서 사용된다. 즉 모든 에이전트 키들은 한 방향의 연결고리를 형성하게 된다. 위와 같이 일회용 에이전트 키 생성시스템의 두 가지 특징은 에이전트 소유자(처음 에이전트를 생성한 사용자)만이 에이전트가 순회하면서 수집한 모든 데이타를 복호화 할 수 있도록 하며 악의를 가진 다른 사용자로부터 에이전트 데이타를 보호할 수 있다.

This paper deals with security issues in a mobile agent system, especially protecting agent data from malicious agent servers. For this purpose, one-time key generation system, OKGS in short, is proposed. In OKGS, we integrate notions of a one-way hash function and a coupler. One-way function plays a major role in ensuring confidentiality and integrity of agent data. And the notion of a coupler is used to establish inter-relationship among consecutive encryption keys for agent data, i.e. all agent keys form a unidirectional chain. With these two features of OKGS, therefore, only the agent owner, who creates the agent bearing data, can decrypt and protect all the agent data which are gathered in the itinerary.

키워드

참고문헌

  1. B.H. Tay and A.L. Ananda, 'A Survey of Remote.' Procedure calls,' Operating Systems Review, vol. 24, No.3, pp.68-79, July 1990 https://doi.org/10.1145/382244.382832
  2. W. Farmer, J. Guttman, and V. Swarup, 'security for mobile agents: Authentication and state appraisal,' the European Symposium on Research in Computer Security(ESORICS), Lecture Notes in Computer Science, September 1996 https://doi.org/10.1007/3-540-61770-1_31
  3. W. Farmer, J. Guttman, and V. Swarup, 'Security for mobile agents: Issues and requirements.' National Information Systems Security Conference, National Institute of Standards and Technology, October 1996
  4. G. Karjoth, D. B. Lange. and M. Oshima, 'A Security Model for Aglets,' IEEE Internet Computing, Vol. 1, No.4, pp.68-77, July - August 1997 https://doi.org/10.1109/4236.612220
  5. H. Peine, 'Security Concepts and Implementation in the Ara Mobile Agent System,' 7th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Stanford University, USA, June 1998 https://doi.org/10.1109/ENABL.1998.725699
  6. R. Gray, 'Agent Tel: A flexible and secure mobile agent system,' In Proceedings of the Fourth Annual Tcl/Tk Workshop, Monterey, Cal., pp.9-23, July 1996
  7. John K. Ousterhout, Jacob Y. Levy. and Brent B. Welch, 'The Safe-Tel Security Model,' TR-97-60, March 1997
  8. T. Sander and Chr. Tschudin, 'Towards Mobile Cryptography,' the IEEE Symposium on Security and Privacy, 1998 https://doi.org/10.1109/SECPRI.1998.674837
  9. J. Baumann, F. Hohl, K Rothermel, and M. Strasser, 'Mole-Concepts of a mobile Agent System,' The World Wide Web Journal, special issue on Software Agents, 1998
  10. F. Hohl, 'Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts,' Mobile Agents and Security, Springer-Verlag, pp.99-113, 1998
  11. Douglas R. Stinson, 'Cryptography theory and practice,' pp233, CRC press, 1995
  12. Jusung Baek, 'A design of a protocol for detecting a mobile agent clone and its correctness proof using Coloured Petri Nets'. technical report TR-DIC-CSL-1998-002, Information and Communications, K -JIST, 1998
  13. Jusung Baek, R. S. Ramakrishna and Dong-Ik Lee, 'A design of a protocol for detecting an Agent clone in Mobile Agent Systems and its Correctness Proof', ACM Symposium on Principles of Distributed Computing, ACM press, pp. 269, May 1999 https://doi.org/10.1145/301308.301370
  14. Neil M. Haller, 'The S/KEY One-Time Password System,' Proceedings of the ISOC Symposium on Network and Distributed System Security, San Diego, CA, February 1994
  15. L.R. Knudsen, X. Lai, and B. Preneel, 'Attacks on fast double block length hash functions,' Journal of Cryptology, Vol 11, No.1, pp. 59-72, Winter 1998 https://doi.org/10.1007/s001459900035