By Justin Kosslyn, with illustrations by Dustin Harbin
On digital security you may be seeking clarity:
New ways to learn and understand ideas that often seem so bland.
Look here! See below! A parable to make the concepts bearable,
An illustrated story set in a medieval novelette
Of phishing, malware, servers too, VPNs that are tried and true,
And zero-days — all that and more wrapped in a cozy metaphor.
Dear reader if you take the time, I hope you’ll find something sublime.
Once upon a time, in a land far, far away, there was a good king. This is the story of how he lost his fortune and gained much wisdom. Yet there is more. Listen carefully, for there is a second story beneath the first, a parable for the here and now.
The good king’s fortress was black, and his scepter glowed with a soft blue light. Messengers thronged to the fortress, known as Deviche, with reports and correspondence, and issued out with edicts and replies. The good king’s brother lived in a nearby castle called Lappetep; the road between them was thick with correspondence. The brother was rich, and ensured that all knew it. The good king was not, and endeavored to hide that fact. The good king’s name — well, we will come to that later.
Our story begins on a brisk autumn day with the arrival of a messenger at Deviche. He wore the vestry of Handelsbanken, a reputable banking house. In its vaults the king had many bars of gold, from which he had been drawing to keep pace with his brother’s lavish feasting. It was not out of keeping for Handelsbanken to send a messenger. The king had been authorizing transfers, sometimes large ones, and the good bankers were justifiably cautious to confirm his intent.
And that was where our lord’s troubles began. For you see, the messenger was not from Handelsbanken. He was, in truth, not a messenger at all. He was a poor fisherman turned knave, dressed in the garb of the great banking house. With the king’s signature and the details of his accounts, the knave proceeded with all haste to Handelsbanken and withdrew gold enough to tire three oxen.
Though much of his gold was gone, much more remained. The king, upon discovering that the fisherman had cheated him, soon instituted a new protocol with Handelsbanken: knowledge of his account or signature would no longer be enough to access his vaults; only bearers carrying a special token from the king would be allowed entry. He would carefully steward those tokens; no unfamiliar messenger would ever procure one.
Alas, the good king’s troubles had only begun. The fisherman knave soon purchased entry into a den of thieves. Their vile haunt stood on a mysterious, uncharted island; only those with magic onions could find it. The fisherman possessed such a magic onion, and in discussion with fellow thieves he told of the good king’s wealth and weakness. From that moment on, Deviche was marked. Perhaps the king could no longer be impersonated at Handelsbanken, but there were other ways to squeeze him dry.
I have not yet spoken of the good king’s court. Jesters entertained. Musicians played. Secretaries handled correspondence. A chess master mostly loitered, for the king rarely played chess. New forms of entertainment were forever being welcomed in the throne room, and the good king bored easily.
A week, perhaps two after the Handelsbanken affair, an unfamiliar ware-seller presented herself at the fortress gates. She had come from Lappetep, the castle of the king’s brother. A letter of introduction from the good king’s kin recommended her to the good king.
I know, in our tale, the king sometimes may sometimes appear a bit daft, but let me assure you that in this moment he was the very model of cautious sagacity. He knew that his brother was no great fan of ware-sellers; it was out of character for him to make any such endorsement. The king carefully inspected the letter of introduction. It was in his brother’s hand, and it was vouchsafed with a DMARC seal; it was truly from him.
So the king opened his halls to the unfamiliar ware-seller, who sold a game to the good king. It was a simple exercise involving the placement of semiprecious gems on a wooden board; enjoyable enough, but hardly justifying his brother’s praise. The king went to bed.
Come morning, the king saw his error. In the dead of night, each of his courtiers had been locked in their chambers, his storerooms sealed — even his crown removed from its customary resting-place. In the cold light of day, the throne room was cavernously empty, save for the unfamiliar ware-seller.
The good king paid. Perhaps t’was a bluff, but it was most certainly a plausible one. Do not judge him; in his shoes, you would have done the same. The ransomer left that very day, leaving behind the key to unlock the castle chambers. She kept, it must be said, her word: Deviche was soon open to itself, and all were safe and sound.
The king’s brother had suffered a similar ordeal. His castle, Lappetep, had previously been infiltrated and ransomed by the ware-seller; it had taken a fair bit of coin to restore it. His letter of introduction to the good king was, of course, fake: that ransoming ware-seller had access to his book of contacts, examples of his handwriting, and his DMARC seals; she’d purloined them all. The good king was glad to hear all this: shared suffering brought them closer together, and being robbed would perhaps would diminish his brother’s prodigal tendencies.
As before, the true strength of the good king was his ability to learn and adapt. When the knavish fisherman had passed himself off as the king, the king had deployed physical authentication tokens. Now the ransoming ware-seller had gained free run of the fortress too easily, so the king would remodel Deviche to prevent this from happening again.
His chief engineer in tow, the good king prowled the twisted corridors of his keep. A wall would go up here; another there. This courtyard would be sealed off; that doorway welded shut. A single interconnected warren soon became three discrete units: first, the bowels of the fortress, where nameless servants toiled in obscurity to light the hearths, prepare the meals, and remove the refuse; second, the spires of the fortress, where courtiers and the king had residences and store-rooms; and third, the gates and walls, from which guests and messengers would be restricted. Each unit was encapsulated behind its own security. A small number of portals, tightly controlled, allowed interflow between them. No guest would sneak into the courtiers’ chambers to cause mischief, nor any messenger into the kitchens.
Excuse me while I take a sip of water, please, and contemplate the story you have heard here today. Have you discerned its deeper meaning? I applaud if you have, but do not be alarmed if you have not; time yet remains. Ahem. Let us continue.
The good king relied on the imperial postal service to correspond with his far-flung outposts. His own messengers carried parcels and packets to a nearby imperial router, who relayed them towards their destinations. The king, in his innocence, sent many a sensitive message with no seal at all; any imperial courier could read them in full. Other messages were properly sealed, but their weight and their shape betrayed their natures: this one a box, that one a bushel, and this other one a bar of bullion.
It took several weeks for the king to realize that when he mailed bearer bonds, they were not reaching their destinations. The bonds, as valuable as gold, disappeared in the mail. The imperial postal service claimed they had never been received, but the good king discerned that some imperial couriers or routers were corrupted; against all common decency, they had been reading his mail and plucking out items for themselves.
Before the wisdom of the good king, a solution soon presented itself. He would, immediately, seal all his mail — no more bearer bonds would be visible to the naked eye of any old courrier on the routes. Yet that was not enough for a marked man — indeed, the king realized that the recent spate of misfortune was no coincidence; it was evidence that he had been singled out for victimhood. Simply sealing each letter or parcel would not suffice; his mail would need to be anonymous to be truly safe.
For three days, the good king grappled with this problem. How could his mail not originate in Deviche? When his messengers carried individual parcels, it was too easy for the watchful imperial post to determine what each might contain. If they, in their corruption, were monitoring packets from Deviche, they could determine where he was sending funds and pilfer them at their destination. He could not afford to create his own mail network; there need be a simpler, cheaper answer.
It was a magician who provided the solution. Putting on an evening show, the magician stuffed his assistant into a safe, moved the safe across the room, and opened it, revealing its emptiness to rapturous applause.
The good king was struck by a thunderbolt of inspiration: he would stuff his mail into safes, send them to a busy town, and in that town the safes would be opened and the mail delivered to the imperial couriers. In the bustle of the town, nobody would know which parcels originated from Deviche; they would be simply more sealed packets in an unwatchful place.
There was a city called Veepean that was perfect for the job. The good king arranged from an employee in Veepean to receive his safes, open them up, and deliver their contents to the imperial postal router of that town. It would be a bit slower, but much safer. And, though the king’s finances had never been shakier, he was proud of this achievement.
Alas, there was to be a final travail. Though it would ruin the good king, it would also make plain the meaning of our tale.
The moat at Deviche was dug by Auntivarius, an enterprise specializing in the construction of secure moats. They deployed the same technique for every client, for it was the best. But it was not perfect; sometimes, vulnerabilities were indeed discovered. Each time a weakness was revealed, Auntivarius would send agents to Deviche to upgrade its moat — changing its angle, depth, lip, flow, or other aspects to address the discovered vulnerabilities.
Undoubtedly, Auntivarius had an ironclad protocol for handling vulnerabilities once they were discovered. It was less useful, however, for vulnerabilities that had not been made public. A member of the den of thieves knew of a weakness in the moat, and determined to make use of it.
All the good king saw was that, upon arising one morning, the last of his stash of gold was gone from the store-rooms of his fortress. Auntivarius was called in immediately while the good king kept the castle afloat on his remaining bonds. Forensics revealed that no guest or messenger had slipped in; the portals had been carefully watched, and the walls were strong. The moat, however, had a previously unknown vulnerability. Rainfall was buffered in a cistern before flowing into the moat. The cistern was also connected to the storerooms’ drainage system. When the cistern buffer overflowed, therefore, an intruder could swim through it directly to the storerooms, bypassing the walls entirely. A canny intruder could wait for heavy rains, dive into the overflowing cistern, swim up to the storerooms, and pry open the drain grates to gain access to the king’s valuables.
Auntivarius repaired the grates and upgraded them to six-inch steel, but the moat would surely have other vulnerabilities from time to time. The good king mulled, stewed, and pondered. He was ruined — that was clear — but perhaps there would be a future for him in securing the fortresses of others. He had, after all, learned so much. Yet what could have been done here?
In his younger years, the good king has served in the imperial army. A martial principle could serve him here: defense in depth. The concept, at core, is to layer defenses upon defenses — just so long as each layer does not interfere with or bypass the other layers. The king had already used this principle, defense in depth, when adding physical tokens as a requirement for Handelsbanken: the tokens complemented the requirement of his signature and his account details, defining another layer of security. The king had also used this principle when sealing his mail and then bundling it into safes for routing through the town of Veepean. Perhaps defense in depth was the answer here as well.
Once he knew the principle, the good king did not labor long to determine a specific application. He found a magical tripwire made of glass; any contact with the wire would trigger an alarm throughout the castle. The king spent the last of his funds to string this glass wire around the perimeter of the fortress: along the walls, along the moat, and through the air between the spires. Now any infiltrator would need to get through the moat, walls, or air without tripping the glass wire. It would be another layer of defense in depth.
Now poor in gold but rich in wisdom, the good king wrote a book on all that he had learned. He titled it, The Principles of Digital Security: A Parable of Phishing, Malware, Man-In-The-Middle Attacks, and Zero-Day Exploits. Instead of a black-painted device, he wrote of a fortress called Deviche. Rather than describing applications, he waxed poetic about courtiers and guests. The Internet became a network of roads and relays, messages became messengers, ransomware became ransom by a ware-seller, and so forth. It would, he hoped, be clearer that way.
Oh, and the name of the good king, ruling over his computer and all the applications therein? He was, of course, The User.
