09/10/2009, 15:00 — 16:00 — Room P3.10, Mathematics Building
Ran Canetti, Tel Aviv University
How to Assert and Use Composable Security
In our increasingly on-line world, sophisticated cryptographic
protocols are becoming an integral part of the fabric of society.
Consequently, it is imperative to be able to rigorously specify and assert
the security properties of such protocols. Still, this task has been
frustratingly elusive. One main source of difficulty is that security
properties of protocols are very sensitive to the specific execution
environment, and in particular to the other protocols running in the same
system.
This talk presents a paradigm for specifying and asserting
composable
security properties of protocols. These are properties that remain intact
regardless of the other protocols running in the system. We review a number
of advantages of this approach, including an application that allows to
analyze the security of systems with unbounded number of protocol
instances, in an efficient and fully automated way.
