{"id":16367,"date":"2019-09-23T12:15:37","date_gmt":"2019-09-23T20:15:37","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/09\/23\/news-10108\/"},"modified":"2019-09-23T12:15:37","modified_gmt":"2019-09-23T20:15:37","slug":"news-10108","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/23\/news-10108\/","title":{"rendered":"The Seven Young Goats and multifactor authentication"},"content":{"rendered":"<p><strong>Credit to Author: Nikolay Pankov| Date: Fri, 20 Sep 2019 08:20:33 +0000<\/strong><\/p>\n<p>Our ancestors may not have had computers, but they certainly knew a thing or two about keeping children safe. We&#8217;ve already <a href=\"https:\/\/www.kaspersky.com\/blog\/fairy-tales-red-hood\/28707\/\" target=\"_blank\" rel=\"noopener noreferrer\">used <em>Little Red Riding Hood<\/em><\/a> as a guide to explaining <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/man-in-the-middle-attack\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">Man-in-the-Middle<\/a> attacks, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/handshake\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">handshakes<\/a>, and <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/phishing\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">phishing<\/a>. Now let&#8217;s talk about two-factor authentication (2FA) and biometric security. This time, we&#8217;ll use a somewhat less-known fairy tale called <em>The Wolf and the Seven Young Goats<\/em>.<\/p>\n<p> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/20041212\/fairy-tales-seven-young-goats-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28726\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/20041212\/fairy-tales-seven-young-goats-featured.jpg\" alt=\"We analyze the fairy tale The Wolf and the Seven Young Goats in terms of cybersecurity\" width=\"1460\" height=\"960\" \/><\/a> <\/p>\n<h2>The Wolf and the Seven Young Goats<\/h2>\n<p>The concept of authentication is clearly illustrated in the fairy tale <em><a href=\"https:\/\/en.wikipedia.org\/wiki\/The_Wolf_and_the_Seven_Young_Goats\" target=\"_blank\" rel=\"noopener noreferrer\">The Wolf and the Seven Young Goats<\/a><\/em>. For those unfamiliar with the tale, it involves a family of goats consisting of a mother and seven youngsters. When the mother leaves to get food, she tells her children not to let in the wolf (who will eat them) and teaches them to recognize the differences in their voices and fur color. She leaves and the wolf knocks on their door. Learning from the children that his voice is too low, he alters it to trick them into thinking he&#8217;s their mother. The young goats remember, then, to look under the door and see the wolf&#8217;s dark, furry feet. Again, they refuse him entry. The wolf then disguises his feet, dusting them with flour to make them look white, like the mother goat&#8217;s. Ultimately, the young goats are convinced (and eaten). This video recounts the whole tale:<\/p>\n<p><span class='embed-youtube' style='text-align:center; display: block;'><iframe class='youtube-player' type='text\/html' width='100%' height='420' src='https:\/\/www.youtube.com\/embed\/TTx8xbqyKDw?version=3&#038;rel=1&#038;fs=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent' frameborder='0' allowfullscreen='true' style=\"\"><\/iframe><\/span><\/p>\n<p>Now, cybercriminals don&#8217;t tend to eat their victims, so we&#8217;re interested in the first part, where the wolf is trying to get into the goats&#8217; house. Let&#8217;s take a step-by-step look at what&#8217;s really going on here.<\/p>\n<ol>\n<li>The mother goat goes into the forest after warning her kids not to open the door to strangers.<\/li>\n<li>The wolf approaches the house, says he is the mother goat, and asks to be let in. The young goats immediately notice the wolf doesn&#8217;t sound like their mother, and so they don&#8217;t open the door.<\/li>\n<\/ol>\n<p>This is a demonstration of biometric authentication. Even though the wolf learned the right things to say (the passphrase), knowing the correct words is not enough. In this case, to enter the goats&#8217; house, the beastly &#8220;user&#8221; needs to pass <a href=\"https:\/\/en.wikipedia.org\/wiki\/Speaker_recognition\" target=\"_blank\" rel=\"noopener noreferrer\">speaker verification<\/a>. That&#8217;s the second factor.<\/p>\n<ol start=\"3\">\n<li>The wolf alters his voice to sound softer (the methods he uses vary depending on the storyteller). Having done that, he successfully passes the speaker verification check. But the young goats again refuse him entry, because they see a gray wolf&#8217;s paw under the door.<\/li>\n<\/ol>\n<p>In other words, to get into the house, knowing the password is not enough, and even passing the voice check won&#8217;t do the trick. It&#8217;s also necessary to have the right <s><span style=\"text-decoration: line-through;\">fingerprint<\/span><\/s> paw. This is essentially another biometric factor. Even if someone manages to mimic the voice of the house owner, only a user with an additional differentiating feature is allowed to enter.<\/p>\n<ol start=\"4\">\n<li>The wolf disguises his paws using flour and again tries to gain access \u2014 and this time, he succeeds.<\/li>\n<\/ol>\n<p>This is a good example of a hacker trick for bypassing multifactor authentication. Here, the voice and paw biometric data are faked. Such scenarios are quite real and are <a href=\"https:\/\/www.kaspersky.com\/blog\/synthetic-voice-phone-fraud\/18034\/\" target=\"_blank\" rel=\"noopener noreferrer\">used by scammers<\/a> in the real world. This fairy tale not only helps explain to children what multifactor authentication is, but also shows that biometric security is in fact not as reliable as it might seem.<\/p>\n<h2>Cybersecurity tales for kids<\/h2>\n<p>As you can see, fairy tales can make an excellent cybersecurity guide for your child. Just draw the correct analogy, and wordy explanations or blanket bans won&#8217;t be needed. We&#8217;re quite sure that <em><a href=\"https:\/\/www.kaspersky.com\/blog\/fairy-tales-red-hood\/28707\/\" target=\"_blank\" rel=\"noopener noreferrer\">Little Red Riding Hood<\/a> and <em>The Wolf and the Seven Young Goats<\/em> are by no means the only fairy tales from which vital lessons about malicious tricks and ways to defend yourself in the digital world can be extracted. And while we&#8217;re at it, take a closer look at your child&#8217;s favorite cartoons\u00a0\u2014 maybe those are secretly (if not openly) about cybersecurity, too?<\/em><\/p>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"safe-kids\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/fairy-tales-seven-young-goats\/28725\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/09\/20041212\/fairy-tales-seven-young-goats-featured.jpg\"\/><\/p>\n<p><strong>Credit to Author: Nikolay Pankov| Date: Fri, 20 Sep 2019 08:20:33 +0000<\/strong><\/p>\n<p>We analyze the fairy tale The Wolf and the Seven Young Goats in terms of cybersecurity<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[10598,11517,22953,6513,22984,32,10602,714,10606],"class_list":["post-16367","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-2fa","tag-biometrics","tag-fairy-tales","tag-kids","tag-multifactor-authentication","tag-news","tag-passwords","tag-security","tag-two-factor-authentication"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16367"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16367\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16367"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}