Horton Principle

The Horton Principle is a design rule for cryptographic systems and can be expressed as "Authenticate what is being meant, not what is being said".^[1] The principle is named after the title character in the Dr. Seuss children's book Horton Hatches the Egg.^[1]^[2]

The Horton Principle becomes important when using Message Authentication Codes (or MACs) in a cryptographic system. Suppose Alice wants to send a message to Bob, and she uses a MAC to authenticate a message m that was made by concatenating three data fields, where m := a || b || c. Bob needs to know what rules Alice used to create the message in order to split m back into its components, but if he uses the wrong rules then he'll get the wrong values from an authenticated message.

The problem is that the MAC is only authenticating a string of bytes, while Alice and Bob need to authenticate the way the message was constructed as well. If not, then it may be possible for an attacker to substitute a message with a valid MAC but a different meaning.

Systems can manage this problem by adding metadata such as a protocol number or by formatting messages with an explicit structure, such as XML.

References

1 2 Ferguson, N., Schneier, B. (2003). Practical Cryptography, p. 109, Indianapolis, Indiana: Wiley Publishing, Inc.
↑ Wagner, David; Schneier, Bruce (April 15, 1997). "Analysis of the SSL 3.0 Protocol". schneier.com.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[practicalcrypto109-1] 1 2 Ferguson, N., Schneier, B. (2003). Practical Cryptography, p. 109, Indianapolis, Indiana: Wiley Publishing, Inc.

[2] Wagner, David; Schneier, Bruce (April 15, 1997). "Analysis of the SSL 3.0 Protocol". schneier.com.