This article describes a decentralized secure migration process of mobile agents between Mobile-C agencies. Mobile-C is an IEEE Foundation for Intelligent Physical Agents (FIPA) standard compliant multi-agent platform for supporting C/C++ mobile and stationary agents. Mobile-C is specially designed for mechatronic and factory automation systems where malicious agents may cause physical damage to machinery and personnel. As a mobile agent migrates from one agency to another in an open network, the security concern of mobile agent systems should not be neglected. Security breaches can be minimized considerably if an agency only accepts mobile agents from agencies known and trusted by the system administrator. In Mobile-C, a strong authentication process is used by sender and receiver agencies to authenticate each other before agent migration. The security framework also aims to guarantee the integrity and confidentiality of the mobile agent while it is in transit. This assures that all agents within an agency framework were introduced to that framework under the supervision and permission of a trusted administrator. The Mobile-C Security protocol is inspired from the Secure Shell (SSH) protocol, which avoids a single point of failure since it does not rely on a singular remote third party for the security process. In this protocol, both agencies must authenticate each other using public key authentication, before a secure migration process. After successful authentication, an encrypted mobile agent is transferred and its integrity is verified by the receiver agency. This article describes the Mobile-C secure migration process and presents a comparison study with the SSH protocol. The performance analysis of the secure migration process is performed by comparing the turnaround time of mobile agent with and without security options in a homogeneous environment. Copyright © 2010 John Wiley & Sons, Ltd.