Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

Have Usability and Security Trade-offs in Mobile Financial Services (MFS) become Untrustworthy?

The trade-off between Usability and Security has been well researched with various models proposed on how best to improve Usability without jeopardizing Security and vice visa. Usable Security has become a key factor in Mobile Financial Services (MFS), the new frontier for mobile phones utilisation. However, have the compromises gone too far? The trustworthiness of MFS system has already slowed down new adoption and impacted ongoing security trust issues and user confidence in spite of potential MFS benefits for its users. To understand this growing lack of trust with MFS, we need to comprehend the nature of Usable Security in assuring the behaviours of MFS users and determine the right trade-off to improve trust whilst facilitating future uptake. We conducted an empirical survey of 698 user’s experience of MFS and here present our findings of this investigation for further synthesis towards proposing practical control elements to assure Usable Security in MFS

Dynamics, robustness and fragility of trust

Trust is often conveyed through delegation, or through recommendation. This makes the trust authorities, who process and publish trust recommendations, into an attractive target for attacks and spoofing. In some recent empiric studies, this was shown to lead to a remarkable phenomenon of *adverse selection*: a greater percentage of unreliable or malicious web merchants were found among those with certain types of trust certificates, then among those without. While such findings can be attributed to a lack of diligence in trust authorities, or even to conflicts of interest, our analysis of trust dynamics suggests that public trust networks would probably remain vulnerable even if trust authorities were perfectly diligent. The reason is that the process of trust building, if trust is not breached too often, naturally leads to power-law distributions: the rich get richer, the trusted attract more trust. The evolutionary processes with such distributions, ubiquitous in nature, are known to be robust with respect to random failures, but vulnerable to adaptive attacks. We recommend some ways to decrease the vulnerability of trust building, and suggest some ideas for exploration.Comment: 17 pages; simplified the statement and the proof of the main theorem; FAST 200