Conclusion and Further Work

Three basic efforts to achieve agent security, which are currently being implemented within our multiagent infrastructure, RETSINA, are discussed in the paper: 1) establishment of external environment - agent-basic PKI; 2) internal design of security architecture; 3) extension of agent language for security inter-operations between agents. An overview of these areas is given. However, since the treatment of agent security literature has very scant, there are lots of work to be done. Some of the open problems are:

1. How to specify more completely security strategy and policy and how to implement them in agent development. Since many agents are customizable, we need to find a method for the user to configure the security characteristics for their application. Automatic checking mechanisms are also needed to verify whether the security configuration could meet their requirements. This needs a further study on formal method on verification of security protocols[29][31].

2. Is it secure for a mobile agent to carry private key for signing signature when it is visiting a remote host?

3. How to incorporate existing sophisticated cryptology technology with agent development. such as: blind signature for electronic commerce[32], zero knowledge proof for authentication[33], etc.

4. How to allow a mobile agent to do some computation on sensitive data without revealing the data?