Cinderella and the signature-based detection

In the olden days, people were not exactly au fait with technologies that wouldn’t appear for centuries or even millennia, which is why the cybersecurity lessons we find in fairy tales tend to need some excavation. Encrusted in metaphor, conjecture, and literary tinsel, the original meanings of familiar fairy tales can be distorted or lost entirely. Fortunately, Cinderella managed to escape that fate.

The earliest version of the tale was recorded on Egyptian papyrus; Cinderella isn’t just another European folk story. In short, it is about a young woman in distress who finds traditional happiness with the aid of a supernatural entity. (In the version by Charles Perrault, that entity is the fairy godmother; for the Brothers Grimm, it’s a tree growing on Cinderella’s mother’s grave. In the ancient Egyptian rendering, the god Horus assumes the role. Such minor discrepancies need not distract from the core message.)

The common element — and the most important aspect from a cybersecurity perspective — is the pivotal shoe/glass slipper incident. Despite the exotic spice of the Egyptian original, we will rely on the European versions as the most familiar to the reader.

Fake identity

Let’s begin. Our heroine lives in a house with her father, stepmother, and stepsisters. Tasked with menial jobs such as sorting grain, Cinderella tries to automate the drudgery by engaging the help of pigeons and doves. Even in the earliest version of the tale, this is possibly a reference to sorting not physical objects but rather huge amounts of data.

At the same time, Cinderella dreams of going to a ball at the king’s palace, but she cannot — not because of work but because she won’t be allowed in. She would need a beautiful dress and a carriage, and her family refuses to help. The fairy godmother comes to her rescue, turning a pumpkin into a carriage, mice into horses, and rags into a gown.

In essence, the fairy godmother creates a fake identity for Cinderella so she can attend the ball incognito. Remember that in days of yore the word hacker did not exist as such, and people attributed such wizardry to sorcerers and enchantresses. But never mind the days of yore — even now, hackers are portrayed in popular culture as omnipotent technoshamans!

Access to the ball clearly doesn’t require an invitation (that is, initial authentication), so all Cinderella has to do is register at the entrance. Trouble is, her original identity does not fit the selection criteria, whereas the fairy godmother’s fake obviously takes them into account.

Digital certificate

The details of Cinderella’s identity alteration soon become clear, when the fairy godmother warns her that her new image will disappear at midnight. When that happens, everyone will see rags, not a gown, vermin in place of horses and servants, and so on. What could form the basis of this plot device? Judging by the realities of medieval Europe, absolutely nothing. It seems instead to be some kind of artificial limitation. But let’s recall what exactly happens at midnight: The date changes.

Anyone who’s ever forgotten to renew a website’s SSL certificate understands this scenario very well. Literally one second ago, the certificate was valid and users were calmly browsing your site. Then the certificate expired, and browsers started displaying warnings and stubs instead of your

Continue reading

This post was originally published on this site