Horton Principle

The Horton Principle is a design rule for cryptographic systems and can be expressed as "Authenticate what is being meant, not what is being said".[1] The principle is named after the title character in the Dr. Seuss children's book Horton Hatches the Egg[1][2]

The Horton Principle becomes important when using Message Authentication Codes (or MACs) in a Cryptographic system. Suppose Alice wants to send a message to Bob, and she uses a MAC to authenticate a message m that was made by concatenating three data fields, where m := a || b || c. Bob needs to know what rules Alice used to create the message in order to split m back into its components, but if he uses the wrong rules then he'll get the wrong values from an authenticated message.

The problem is that the MAC is only authenticating a string of bytes, while Alice and Bob need to authenticate the way the message was constructed as well. If not, then it may be possible for an attacker to substitute a message with a valid MAC but a different meaning.

Systems can manage this problem by adding metadata such as a protocol number or by formatting messages with an explicit structure, such as XML.

References

  1. 1.0 1.1 Ferguson, N., Schneier, B. (2003). "Practical Cryptography" p. 109, Indianapolis, Indiana: Wiley Publishing, Inc.
  2. Wagner, David; Schneier, Bruce (April 15, 1997). "Analysis of the SSL 3.0 Protocol". schneier.com.
This article is issued from Wikipedia - version of the 3/12/2014. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.