TY - GEN
T1 - The layered games framework for specifications and analysis of security protocols
AU - Herzberg, Amir
AU - Yoffe, Igal
PY - 2008
Y1 - 2008
N2 - The layered games framework provides a solid foundation to the accepted methodology of building complex distributed systems, as a 'stack' of independently-developed protocols. Each protocol in the stack, realizes a corresponding 'layer' model, over the 'lower layer'. We define layers, protocols and related concepts. We then prove the fundamental lemma of layering. The lemma shows that given a stack of protocols , s.t. for every i∈ ∈{1,...u}, protocol π i realizes layer over layer , then the entire stack can be composed to a single protocol π u||...||1, which realizes layer over layer . The fundamental lemma of layering allows precise specification, design and analysis of each layer independently, and combining the results to ensure properties of the complete system. This is especially useful when considering (computationally-bounded) adversarial environments, as for security and cryptographic protocols. Our specifications are based on games, following many works in applied cryptography. This differs from existing frameworks allowing compositions of cryptographic protocols, which are based on simulatability of ideal functionality.
AB - The layered games framework provides a solid foundation to the accepted methodology of building complex distributed systems, as a 'stack' of independently-developed protocols. Each protocol in the stack, realizes a corresponding 'layer' model, over the 'lower layer'. We define layers, protocols and related concepts. We then prove the fundamental lemma of layering. The lemma shows that given a stack of protocols , s.t. for every i∈ ∈{1,...u}, protocol π i realizes layer over layer , then the entire stack can be composed to a single protocol π u||...||1, which realizes layer over layer . The fundamental lemma of layering allows precise specification, design and analysis of each layer independently, and combining the results to ensure properties of the complete system. This is especially useful when considering (computationally-bounded) adversarial environments, as for security and cryptographic protocols. Our specifications are based on games, following many works in applied cryptography. This differs from existing frameworks allowing compositions of cryptographic protocols, which are based on simulatability of ideal functionality.
UR - http://www.scopus.com/inward/record.url?scp=40249116752&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-78524-8_8
DO - 10.1007/978-3-540-78524-8_8
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:40249116752
SN - 354078523X
SN - 9783540785231
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 125
EP - 141
BT - Theory of Cryptography - Fifth Theory of Cryptography Conference, TCC 2008, Proceedings
T2 - 5th Theory of Cryptography Conference, TCC 2008
Y2 - 19 March 2008 through 21 March 2008
ER -