Malicious Cryptography: Cryptovirology and Kleptography

Other Research

Adam Young, Moti Yung, "Encryption Tools for Mobile Agents: Sliding Encryption," In proceedings of Fast Software Encryption---FSE '97, Eli Biham (Ed.), LNCS 1267, pages 230-241, 1997.
Abstract. The technology of mobile agents, where software pieces of active control and storage (called mobile agents) travel the network and perform tasks distributively, is of growing interest as an Internet technology. Similarly, smartcard holders can be considered mobile users as they access the network at various points. Such mobile processing can be employed in large scale census applications in statistics gathering, in surveys and tallying, in reading and collecting local control information, etc. This distributed computing paradigm where local pieces of data are getting accumulated in a mobile unit presents new information security challenges. Here, we point at some problems it poses and suggest solutions. The basic problem considered involves the design of a mobile agent that is capable of traversing an untrusted (curious) network while gathering and securing data from the nodes that it visits. We assume that some subset of the nodes may collaborate to track the agent, and we assume that snapshots of memory are taken at each node at times that are unpredictable to the agent. The data that is gathered must be securely stored within the agent and the adversarial nodes must remain oblivious to what is taken by the agent. In addition, the agent's movement throughout the network should be made difficult to trace. Furthermore, we assume that the agent is limited in storage capacity. To prevent the nodes from getting decryption capability, the agent must carry a public key for (asymmetric) encryption. We present an economical solution that we call “sliding encryption”. This is a new mode of operation of public key cryptosystems that allows the encryption of small amounts of plaintext yielding small amounts of ciphertext. Furthermore, the encryption is performed so that it is intractable to recover the plaintext without the appropriate private key. We also describe how to modify sliding encryption so that the resulting ciphertexts are hard to correlate, thus making it possible to have mobile agents that are not easy to trace. Sliding encryption is applicable to mobile agent technology and may have independent applications to “storage-limited technology” such as smartcards and mobile units.