{"id":22377,"date":"2020-12-30T00:42:19","date_gmt":"2020-12-29T19:12:19","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/cinderella-cybersecurity-fairy-tale\/22377\/"},"modified":"2020-12-30T00:42:19","modified_gmt":"2020-12-29T19:12:19","slug":"cinderella-cybersecurity-fairy-tale","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/cinderella-cybersecurity-fairy-tale\/22377\/","title":{"rendered":"Cinderella and the signature-based detection"},"content":{"rendered":"<p>In the olden days, people were not exactly <em>au fait<\/em> with technologies that wouldn\u2019t appear for centuries or even millennia, which is why the cybersecurity lessons we find in fairy tales tend to need some excavation. Encrusted in metaphor, conjecture, and literary tinsel, the original meanings of familiar <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/fairy-tales\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">fairy tales<\/a> can be distorted or lost entirely. Fortunately, Cinderella managed to escape that fate.<\/p>\n<p>The earliest version of the tale was recorded on Egyptian papyrus; Cinderella isn\u2019t just another European folk story. In short, it is about a young woman in distress who finds traditional happiness with the aid of a supernatural entity. (In the version by Charles Perrault, that entity is the fairy godmother; for the Brothers Grimm, it\u2019s a tree growing on Cinderella\u2019s mother\u2019s grave. In the ancient Egyptian rendering, the god Horus assumes the role. Such minor discrepancies need not distract from the core message.)<\/p>\n<p>The common element \u2014 and the most important aspect from a cybersecurity perspective \u2014 is the pivotal shoe\/glass slipper incident. Despite the exotic spice of the Egyptian original, we will rely on the European versions as the most familiar to the reader.<\/p>\n<h2>Fake identity<\/h2>\n<p>Let\u2019s begin. Our heroine lives in a house with her father, stepmother, and stepsisters. Tasked with menial jobs such as sorting grain, Cinderella tries to automate the drudgery by engaging the help of pigeons and doves. Even in the earliest version of the tale, this is possibly a reference to sorting not physical objects but rather huge amounts of data.<\/p>\n<p>At the same time, Cinderella dreams of going to a ball at the king\u2019s palace, but she cannot \u2014 not because of work but because she won\u2019t be allowed in. She would need a beautiful dress and a carriage, and her family refuses to help. The fairy godmother comes to her rescue, turning a pumpkin into a carriage, mice into horses, and rags into a gown.<\/p>\n<p>In essence, the fairy godmother creates a fake identity for Cinderella so she can attend the ball incognito. Remember that in days of yore the word <em>hacker<\/em> did not exist as such, and people attributed such wizardry to sorcerers and enchantresses. But never mind the days of yore \u2014 even now, hackers are portrayed in popular culture as omnipotent technoshamans!<\/p>\n<p>Access to the ball clearly doesn\u2019t require an invitation (that is, initial authentication), so all Cinderella has to do is register at the entrance. Trouble is, her original identity does not fit the selection criteria, whereas the fairy godmother\u2019s fake obviously takes them into account.<\/p>\n<h2>Digital certificate<\/h2>\n<p>The details of Cinderella\u2019s identity alteration soon become clear, when the fairy godmother warns her that her new image will disappear at midnight. When that happens, everyone will see rags, not a gown, vermin in place of horses and servants, and so on. What could form the basis of this plot device? Judging by the realities of medieval Europe, absolutely nothing. It seems instead to be some kind of artificial limitation. But let\u2019s recall what exactly happens at midnight: The date changes.<\/p>\n<p>Anyone who\u2019s ever forgotten to renew a website\u2019s SSL certificate understands this scenario very well. Literally one second ago, the certificate was valid and users were calmly browsing your site. Then the certificate expired, and browsers started displaying warnings and stubs instead of your content. The website turned into a pumpkin at the stroke of midnight.<\/p>\n<p>Certificates work roughly the same way in digital tokens \u2014 that is, access keys. They are valid for a limited time, which means that at some point they too stop working, whereupon the system instantly ends the connection (assuming everything is set up properly). All of a sudden, poor Cinderella becomes an imposter at the ball. Why the fairy godmother is unable to make a more reliable certificate is not clear, but most likely she lacks direct access to a <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/certificate-authorities\/\" target=\"_blank\" rel=\"noopener noreferrer\">certificate authority<\/a>.<\/p>\n<h2>Signature-based detection<\/h2>\n<p>Realizing that her time is running out, Cinderella runs from the palace, losing a shoe or glass slipper, the only part of her new identity that is real, in the process. The Brothers Grimm version is especially interesting here. In their interpretation, the shoe is not lost by chance, but rather because the prince smeared the stairs with pitch to obtain a fragment of the mystery girl and use it to trace her. In other words, he deployed some kind of cyberthreat-detection system. The prince then uses the shoe as a basis for a tool for detecting objects of the \u201cCinderella\u201d type and launches a global search, checking the feet of all young maidens in the land.<\/p>\n<p>That is basically how many antivirus engines work. Antivirus experts take a section of malware code, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/hashing\/\" target=\"_blank\" rel=\"noopener noreferrer\">create a \u201cshoe\u201d<\/a> from it (called a hash), and then match it against incoming data. We use this technology, called signature-based detection, in our solutions, although it hasn\u2019t been our main method of detection in quite some time.<\/p>\n<h2>Hash spoofing attempt<\/h2>\n<p>In any event, the Brothers Grimm \u2014 who, for some reason, creepily focused on blood in their early fairy tales \u2014 take this lesson one (shoeless) step further. In their version of the tale, Cinderella\u2019s stepsisters try to spoof the hash by literally cutting their feet to fit the shoe. But hash spoofing is not easy. Unsurprisingly, the sisters\u2019 hash is off the mark, and the prince\u2019s signature-analysis engine rejects it.<\/p>\n<p>Thus, using this tale and our post, you can explain to your kids such basic concepts as identity forgery, digital certificates, and signature analysis. We recommend availing yourself of this opportunity \u2014 if only to keep the efforts of such eminent cybersecurity experts as Charles Perrault and Jacob and Wilhelm Grimm alive.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\">\n","protected":false},"excerpt":{"rendered":"<p>We examine the tale of Cinderella, one of the earliest stories that attempts to teach children basic cybersecurity principles.<\/p>\n","protected":false},"author":700,"featured_media":22378,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1342],"tags":[2830,1037,2720],"class_list":{"0":"post-22377","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-fairy-tales","9":"tag-technologies","10":"tag-truth"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cinderella-cybersecurity-fairy-tale\/22377\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/17865\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/8841\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/24049\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cinderella-cybersecurity-fairy-tale\/22130\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/20804\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cinderella-cybersecurity-fairy-tale\/24477\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cinderella-cybersecurity-fairy-tale\/23654\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cinderella-cybersecurity-fairy-tale\/29903\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cinderella-cybersecurity-fairy-tale\/9191\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/38291\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cinderella-cybersecurity-fairy-tale\/16196\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cinderella-cybersecurity-fairy-tale\/16791\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cinderella-cybersecurity-fairy-tale\/14342\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cinderella-cybersecurity-fairy-tale\/26018\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cinderella-cybersecurity-fairy-tale\/26554\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cinderella-cybersecurity-fairy-tale\/23423\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cinderella-cybersecurity-fairy-tale\/28750\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cinderella-cybersecurity-fairy-tale\/28561\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/truth\/","name":"truth"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/22377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=22377"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/22377\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/22378"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=22377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=22377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=22377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}