Security Issues in Online Games - PowerPoint PPT Presentation

Loading...

PPT – Security Issues in Online Games PowerPoint presentation | free to download - id: 9df7-M2I4Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security Issues in Online Games

Description:

Game development often utilizes the cutting edge technology in computer graphics, ... also a unique solution for dealing with some cheats. Eg: scoring cheat. ... – PowerPoint PPT presentation

Number of Views:254
Avg rating:3.0/5.0
Slides: 22
Provided by: shreeg
Learn more at: http://www.cs.kent.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Issues in Online Games


1
Security Issues in Online Games
Ref Jianxinn Jeff Yan and Hyun-Jin
Choi, http//www.cigital.com/presentations/eog07/
-Gary McGraw
Presenter Sagar Panchariya
1
2
Introduction
Game development often utilizes the cutting edge
technology in computer graphics, artificial
intelligence, human computer interaction and
programming, game providers do not pay much
attention to security techniques.
The traditional target of computer game security
was mainly copy protection, however in modern
games the focus should also be to discourage
cheating to protect legitimate customer base.
2
3
Overview
  • Online games (like World of Warcraft) have
    500,000simultaneous users on six continents
  • 8,000,000 people play WoW
  • 12,000,000 play MMORPGs
  • Clients and servers are massively distributed
  • MMORPGs push the limits of software technology
    Modern distributed systems in other domains are
    evolving toward similar models SOA, Web 2.0

3
4
USD to wow Gold Conversion
4
5
Money
One game (WoW) like massively multiplayer online
role-playing game has over 8,000,000 subscribers
  • 14 8M 112M 12 1.344B

A healthy middle market exists for pretend stuff
Cheating pays off
5
6
Trinity
  • State Synchronization
  • Fat client
  • Extensibility

6
7
What is Cheating
  • There is not a generally accepted definition on
    what a cheat is.
  • Different games use different criteria to define
    cheating.
  • Difficult to distinguish between smart play using
    strategies or using some unfair advantage.
  • Example camping(sniping) behavior is fair however
    using macros to give a sniping gun rate of fire
    as of a machine gun is unfair.
  • Any behavior that a player may use to get an
    unfair advantage, or achieve a target that he is
    not supposed to is cheating.

7
8
A Taxonomy of online cheatingby Pritchard
  • Reflex Augmentation exploiting a computer
    program to replace human reaction to produce
    superior results
  • Authoritative Clients exploiting compromised
    clients to send modified commands to the other
    honest clients who blindly accept them
  • Information Exposure exploiting access or
    visibility to hidden information by compromising
    client software
  • Compromised Servers modifying server
    configurations to get unfair advantages
  • Bugs and Design Loopholes exploiting bugs or
    design flaws in game software
  • Environmental Weaknesses exploiting particular
    hardware or operating conditions

8
9
Other techniques of cheating
  • Cheating by Collusion using a group of two or
    more to cheat others.
  • Cheating by abusing procedure or policy
  • Eg escaping in ranking games whenever he/she is
    about to loose.
  • Cheating related with virtual Assets trade
    cheating have been noticed recently
  • Cheating by compromising passwords
  • Cheating related to internal misuse eg an
    insider was fired in Korea because he abused his
    privilege to generate a super-character by
    modifying the game database.

9
10
Cheating Contd.
  • Cheating by modifying game software or data Many
    tools are available for cheaters to modify either
    program file or memory.
  • Cheaters may use debuggers to reverse engineer
    game programs and customize them to get various
    unfair advantages.
  • Ex they may remove validation routines, modify
    configuration parameters, or change the weapons'
    loading time.

10
11
Cheating contd.
  • Memory scanning tools such as Game buster are
    developed to help cheaters look for critical
    variables in the memory.
  • With the help of this the cheater do have to
    modify game file however they just have to modify
    the memory values at runtime.
  • Sol could be to encrypt files and memory values
    all the time.
  • Modifying design such that some variable could be
    kept on the server.
  • Modifying security protocols to be designed to
    validate software and critical data in an
    encrypted way.

11
12
Cheating and Hacking Opportunities Summarized
12
13
Cheating mitigation
  • Mechanisms such as encryption, authentication,
    integrity checking, digital signature and
    cryptographic protocol all can find plenty of
    applications in online games.
  • A systematic approach is needed to mitigate
    online cheating.
  • Some means are required to preventing cheating
    from happening in the first place, and others
    needed for detecting cheating after it happens.
  • Pure technical mechanisms cannot provide a
    complete solution management and policy means
    are also needed.

13
14
Cheating mitigation contd.
  • Some game providers proposed to use experienced
    game developers to police their online games by
    randomly monitoring player behaviors.
  • A cheating detection engine can be designed and
    implemented as one built-in component of each
    game software.
  • A carefully designed built-in cheating detection
    engine will provide a cheap alternative.
  • Automatically detect and prevent many cheating
    behaviors by monitoring critical game events and
    variables.
  • This engine can be shared by different games,
    though triggering events may be specific to each
    game.

14
15
Cheating mitigation contd.
  • Making players be security aware
  • Game providers need to educate players about
    security, e.g., what potential security threats
    exist, and what to do when they face a potential
    security threat.
  • Fair Trading This fair-trading of virtual assets
    can be achieved by introducing a trusted third
    party (TTP). Players may negotiate deals by
    themselves, and then pass their items to the TTP

15
16
Cheating mitigation contd.
  • Bug patching approach The traditional bug
    patching approach in security still works here.
  • An active complain-response channel
  • A complain channel should be maintained, so that
    players can report new bugs, potential cheatings
    or cheaters. Game providers should provide prompt
    responses to complaints from players. Otherwise,
    the enthusiasms of players will be hurt.

16
17
Cheating mitigation contd.
  • Logging and audit trails Logging and audit
    trails provide not only good protection against
    insider cheating, but also a unique solution for
    dealing with some cheats. Eg scoring cheat.
  • Post-detection mechanisms Cheaters should be
    punished by disciplinary means, and victim's
    damage unfairly caused by cheating should be
    restored. A checkpoint mechanism can be used for
    this recovery.
  • All DDos attacks discussed before also apply here
    so those solutions also apply here.

17
18
Conclusion
  • The emergence of online games fundamentally
    changed the security requirement for computer
    games.
  • new context, copy protection is not, at least not
    the only, security issue any more.
  • Games are commonly regarded as one of distributed
    E-Commerce applications, they have their own
    unique security challenges.
  • All security mechanisms should be given serious
    thoughts, also solution's developed in this
    domain also apply to other e-commerce
    applications.

18
19
Additional References
  • http//www.cigital.com/papers/download/attack-tren
    ds-EOG.pdfhttp//www.computer.org/portal/site/se
    curity/menuitem.6f7b2414551cb84651286b108bcd45f3/i
    ndex.jsp?pNamesecurity_level1_articleTheCat100
    1pathsecurity/2007/n5fileattack.xmljsessioni
    dJ10JVBr8695GL1Gsj5nGy5dSwSgQqYWQm1Kg8MdjVvNyT47B
    JjSV!1201751879http//cubist.cs.washington.edu/S
    ecurity/2008/01/20/online-game-security/

19
20
20
21
Thank you
21
About PowerShow.com