A One-Time Pad based Cipher for Data Protection in Distributed Environments

TL;DR

This paper introduces a simple, non-interactive one-time pad based cipher designed to ensure data protection and integrity for mobile code in distributed environments, especially when encryption keys cannot be shared.

Contribution

It presents a novel OTP-based encryption scheme that guarantees data confidentiality and integrity without requiring key exchange, suitable for mobile agents in untrusted networks.

Findings

Provides data confidentiality in untrusted nodes

Ensures data integrity against malicious hosts

Enables on-the-fly data modification with protection

Abstract

A one-time pad (OTP) based cipher to insure both data protection and integrity when mobile code arrives to a remote host is presented. Data protection is required when a mobile agent could retrieve confidential information that would be encrypted in untrusted nodes of the network; in this case, information management could not rely on carrying an encryption key. Data integrity is a prerequisite because mobile code must be protected against malicious hosts that, by counterfeiting or removing collected data, could cover information to the server that has sent the agent. The algorithm described in this article seems to be simple enough, so as to be easily implemented. This scheme is based on a non-interactive protocol and allows a remote host to change its own data on-the-fly and, at the same time, protecting information against handling by other hosts.