Little Red Riding Hood and the Wolf-in-the-Middle

September 18, 2019

How do you explain the concepts of information security to your children? Chances are, you simply don’t. Some give up on making information security relatable and just forbid kids from doing some things online — or even from using the Internet in general. But prohibition without explanation is counterproductive, more likely spurring children to go after the forbidden fruit.

In answer to the question “Why not talk to your children about cyberthreats and how information security works?” parents, who may not have the firmest of grasps on the concepts to begin with, tend to get frustrated and give up, and not necessarily in that order. But everything’s already been explained. You might not realize it, but numerous textbooks on cybersecurity for little ones were in fact written hundreds of years ago. You know them as fairy tales. All you need to do is refocus them a little.

We analyze the fairy tale <em>Little Red Riding Hood</em> in terms of cybersecurity

Little Red Riding Hood

Take, for example, Little Red Riding Hood. It’s a well-known European folk tale that’s been repeatedly retold by such eminent cybersecurity experts as the Brothers Grimm, Charles Perrault, and many others. The various versions of the story may differ slightly, but the basic plot is the same. Let’s take a step-by-step look at what happens.

  1. Mom sends her daughter to Grandma with a basket of treats.
  2. Little Red Riding Hood meets the wolf, who asks: “Where are you going?”
  3. Little Red Riding Hood replies: “I’m going to see Grandma and bring her a basket of treats.”

The cybersecurity implications are clear from the start — here, you can explain the handshake procedure, which is the process of establishing communication between two parties, and together observe the related threats.

Now, Little Red Riding Hood has been programmed to knock on Grandma’s door, receive a “Who’s there?” query, and respond with a passphrase about Mom sending treats so that Grandma can proceed with authorization and grant access to the house. But for some reason, she gives out the passphrase to a random request, without having received the proper “Who’s there?” query. That gives the attacker an opening to exploit.

  1. Depending on the version of the firmware fairy tale, the wolf either sends Little Red on a detour, or suggests that she pick some flowers for Grandma.

Either way, it’s a type of Denial-of-Service (DoS) attack. If the wolf tries to log in to Grandma’s house after Little Red Riding Hood’s arrival, it is unlikely to be let in; the one expected visitor is already inside. Therefore, it’s important for him to put Little Red out of commission for a while, so that she cannot complete her task on schedule.

  1. Either way, the wolf is the first to reach Grandma’s house and duly logs in, responding correctly to the “Who’s there?” query. And Grandma grants him access to the house.

This is a near-textbook version of a Man-in-the-Middle (MitM) attack using the replay attack method (although in our case, Wolf-in-the-Middle would be more accurate). The wolf taps into the communication channel between two parties, learns the handshake procedure and passphrase from the client, and reproduces both to illegally gain access to the server.

  1. The wolf gobbles up Grandma, puts on her nightgown and nightcap, and lies in her bed under a blanket.

In modern terms, he is setting up a phishing site. Everything looks authentic from the door — Grandma’s bed is there, someone resembling Grandma is lying in it.

  1. Having approached the house and received the “Who’s there?” query, Little Red Riding Hood gives the passphrase about the treats she’s brought.

This is a continuation of the MitM attack, only now the wolf, who has learned the second part of the information exchange procedure, mimics the normal behavior of the server Grandma. Little Red, spotting nothing suspicious, logs in.

  1. She enters the house and wonders aloud why Grandma has such big ears, eyes, teeth. Smart questions, but in the end, satisfied with the wolf’s inarticulate explanations, she logs in … and gets eaten.

In real life, as in this fairy tale, phishing sites are rarely 100% convincing and often contain dubious elements, like a suspicious hyperlink. To avoid problems, it pays to be attentive: If, say, Grandma’s domain name is sticking out of her nightcap, leave the site immediately.

Little Red Riding Hood sees some inconsistencies, but unfortunately, she ignores them. Here you’ll have to explain to your child that Little Red’s behavior is careless, and say what she should have done instead.

  1. Fortunately, a group of lumberjacks turn up (or hunters in some versions), cut the wolf open, and Grandma and Little Red Riding Hood pop out, miraculously safe and sound.

Admittedly, the parallels with information security are imperfect. You can’t cut open a cybercriminal to restore money, reputation, or security. Well, to be fair, we haven’t tried. And for the record, we are in no way associated with anyone who has.

Cybersecurity in other fairy tales

Fairy tales contain life lessons, and there’s bound to be some information security subtext in any fairy tale — the main thing is to expound correctly. In The Three Little Pigs, for example, we see a script kiddie who uses a huff-and-puff tool for brute-force attacks. The Snow Queen installs troll-mirror malware in Kai and takes control of him, much the way a remote-access tool (RAT) gives an insider’s level of system control to an outside criminal.

In turn, Puss in Boots is basically a detailed report on a very sophisticated APT attack, in which Puss first hijacks the ogre’s infrastructure, and then, having established a presence there, pulls off a fraudulent deal with the local government through a complex scam involving reputation services.