SlideShare ist ein Scribd-Unternehmen logo

Fight Game Cheating the Easy Way

Als PPT, PDF herunterladen
Steven Davis
Steven Davis

It is actually easier to stop many game cheaters than you'd think. There is a lot more that can be done to protect your critical information. If you are interested, send me an email to steve @ free2secure.com with the subject “Cheating”. If you are interested in keeping up with the latest books, articles, and tools from me at Free2Secure send me an email steve @ free2secure.com with the subject “Subscribe”. Finally, if you have any security questions, issues, or shoot me a note to steve @ free2secure.com with the subject “Help”.

SoftwareUnterhaltung & HumorTechnologie
1 von 12
Security eBooks Fight Cheating The Easy Way Steven Davis steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Control CARRDS • The building blocks that Reference comprise a game – Control Model – Action Action – (Random) – I.e., Random the creation of random events in Rules the game – Rules – Display Elements – State State Display steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Standard Multi-player Strategy - Distributed Object Networking Control s ta te emote Action Action • State-based networking occurs ew” r “below” the game level, and Game Engine Game Engine therefore is vulnerable to raw n spoofing erify “ – Two models: State State ∆ (State)/∆Time State(time+1) y to v – Tools for re-synchronization become tools for attack No wa State(time+x) is newer, so replaces State(time) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks • Transaction-based Networking occurs at or above the game engine Distributed level • Initialization is to a known Transaction or agreed to state based on the rules of the Game Networking • Network Model: (Action,time) or (Old State, Action, time) • If the Game Engine Verifies Actions, invalid action & state injection cheating is stopped Action Action – If (Action, Time) given Control (Local Old State) is OK, then proceed Game Engine Game Engine – Transactions have to make logical sense given the previous state State State • Timing attacks can be reduced much more easily (and stopped with SecurePlay) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Distributed Object Systems vs. Distributed Transactions Systems – Summary 1 • Most networked games use a distributed object based design – Easy to program – Multi-player can be added as an “afterthought” – Numerous standard tools – Network design does not need to understand the game design – Problems • Makes attacks easy • Synchronization is inherently trusting because it occurs below the level of the game • Lack of understanding of game means it is impossible to validated remote updates • Can be limiting: Even simple games like poker will not work with a distributed object model steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Distributed Object Systems vs. Distributed Transactions Systems – Summary 2 • Distributed Transaction Systems naturally reflect games – Games are rule-based transaction systems that migrate from state to state based on player actions and random events – Does require game developers to think about game rules (at least a bit) • Change from game objects focus to game object action focus – nouns to verbs. Also more naturally supports control of information sharing – Rules & Action Validation becomes possible • Validating state differences is hard. Validating actions tends to be much easier – Time hacks are also more naturally stopped • Re-synchronization is based on rolling back to a known state or updating from a known state. Multiple updates/actions are clearly detectable – and should be verifiable. • Transaction base synchronization is as Bandwidth Efficient as state- based synchronization – Players actions are inherently narrow-band – If local or AI activities are automatic, then this is WORST CASE the same as Distributed Object approaches (RTS games with many units) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Safer Networking with Server Control Control or Action or Action Client Client Partial Partial State State Display Display Random • Push Actions to Server Rules • Let Server or Other Players Validate Server State steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Proxy Security Some online games dangerously include a SQL client and talk directly to the game server Rules Validation Data Validation Validation Message Incoming Message Database • Protecting Database from SQL injection / direct queries • Allows Rules Validation on Server or reallocation to other players steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks • How “out of synch” should players be allowed to get? – Delays -There is effectively an underlying notion of time “ticks” where The Trouble with – the game must stop Interaction – There is an important game play notion of how players are able Time to interact with each other (action/re- action) in terms of information available. • For a network game this sets a notion of Lifecycle of a Network Player “minimum duration”. Action – Interference – The interaction of – Decision – the instant at which the different player actions need to have action enters the game play engine reasonable and understandable – Commitment – the instant before consequences based on each player’s which the action will be automatically notion of state and action. aborted/changed to address new – Prediction & Confusion – The incoming information that was not interaction of the player presentation and available the actual game state can become – Success – the instant after which the complicated by poor predictions by the action has some probability of game presentation engine and the actual resolving successfully. actions of the remote player. This is a – Resolution – the instant when the problem for presentation & control action triggers consequences in the • How long does something take? game – Click-driven play fails for network games play engine. – when computers must share or – Conclusion – the instant after which coordinate state, simple physical the player is allowed to choose a interaction as a basis for temporal next action control breaks down steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Platform and Architectural Security Issues • Increasing complexity often leads to architectural compromises… often unintentional – Move from traditional games to more complicated games may undermine server-based model • Frequent examples in MMOs and casual games • Server-based model is not the only security approach – Server-based design does not necessarily address player trust issues • Why should players trust the server? • How can the operator trust the developer? • How can the regulator trust anyone? – Server-based design does not solve all threats • Distributed and Peer-based Designs have potential benefits • Developers are often the biggest “cheaters” – Implicit design decisions can have substantial, and surprising, security impacts steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416

Empfohlen

Fighting online game cheating with cryptography
Fighting online game cheating with cryptographyFighting online game cheating with cryptography
Fighting online game cheating with cryptography
Steven Davis
 
Protect Your Client Software and Identification Security
Protect Your Client Software and Identification SecurityProtect Your Client Software and Identification Security
Protect Your Client Software and Identification Security
Steven Davis
 
Protect Your Passwords, Secure Your Servers
Protect Your Passwords, Secure Your ServersProtect Your Passwords, Secure Your Servers
Protect Your Passwords, Secure Your Servers
Steven Davis
 
Game Design Principles and Inspiration
Game Design Principles and InspirationGame Design Principles and Inspiration
Game Design Principles and Inspiration
John Say
 
Protect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationProtect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data Obfuscation
Steven Davis
 
Online Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksOnline Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the Crooks
Steven Davis
 
Sogamo & Sogamo x10
Sogamo & Sogamo x10Sogamo & Sogamo x10
Sogamo & Sogamo x10
siowchuen
 
Hh 2012-mberman-sds2
Hh 2012-mberman-sds2Hh 2012-mberman-sds2
Hh 2012-mberman-sds2
Michael Berman
 

Empfohlen

Fighting online game cheating with cryptography
Fighting online game cheating with cryptographyFighting online game cheating with cryptography
Fighting online game cheating with cryptography
Steven Davis
 
Protect Your Client Software and Identification Security
Protect Your Client Software and Identification SecurityProtect Your Client Software and Identification Security
Protect Your Client Software and Identification Security
Steven Davis
 
Protect Your Passwords, Secure Your Servers
Protect Your Passwords, Secure Your ServersProtect Your Passwords, Secure Your Servers
Protect Your Passwords, Secure Your Servers
Steven Davis
 
Game Design Principles and Inspiration
Game Design Principles and InspirationGame Design Principles and Inspiration
Game Design Principles and Inspiration
John Say
 
Protect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationProtect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data Obfuscation
Steven Davis
 
Online Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksOnline Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the Crooks
Steven Davis
 
Sogamo & Sogamo x10
Sogamo & Sogamo x10Sogamo & Sogamo x10
Sogamo & Sogamo x10
siowchuen
 
Hh 2012-mberman-sds2
Hh 2012-mberman-sds2Hh 2012-mberman-sds2
Hh 2012-mberman-sds2
Michael Berman
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
proinshot.com
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
Wave PLM
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
PearlKirahMaeRagusta1
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
ComplianceQuest1
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
Mind IT Systems
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
kalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
Arshad QA
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 

Kürzlich hochgeladen (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

Empfohlen

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Empfohlen (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Fight Game Cheating the Easy Way

  • 1. Security eBooks Fight Cheating The Easy Way Steven Davis steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 2. Security eBooks Control CARRDS • The building blocks that Reference comprise a game – Control Model – Action Action – (Random) – I.e., Random the creation of random events in Rules the game – Rules – Display Elements – State State Display steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 3. Security eBooks Standard Multi-player Strategy - Distributed Object Networking Control s ta te emote Action Action • State-based networking occurs ew” r “below” the game level, and Game Engine Game Engine therefore is vulnerable to raw n spoofing erify “ – Two models: State State ∆ (State)/∆Time State(time+1) y to v – Tools for re-synchronization become tools for attack No wa State(time+x) is newer, so replaces State(time) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 4. Security eBooks • Transaction-based Networking occurs at or above the game engine Distributed level • Initialization is to a known Transaction or agreed to state based on the rules of the Game Networking • Network Model: (Action,time) or (Old State, Action, time) • If the Game Engine Verifies Actions, invalid action & state injection cheating is stopped Action Action – If (Action, Time) given Control (Local Old State) is OK, then proceed Game Engine Game Engine – Transactions have to make logical sense given the previous state State State • Timing attacks can be reduced much more easily (and stopped with SecurePlay) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 5. Security eBooks Distributed Object Systems vs. Distributed Transactions Systems – Summary 1 • Most networked games use a distributed object based design – Easy to program – Multi-player can be added as an “afterthought” – Numerous standard tools – Network design does not need to understand the game design – Problems • Makes attacks easy • Synchronization is inherently trusting because it occurs below the level of the game • Lack of understanding of game means it is impossible to validated remote updates • Can be limiting: Even simple games like poker will not work with a distributed object model steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 6. Security eBooks Distributed Object Systems vs. Distributed Transactions Systems – Summary 2 • Distributed Transaction Systems naturally reflect games – Games are rule-based transaction systems that migrate from state to state based on player actions and random events – Does require game developers to think about game rules (at least a bit) • Change from game objects focus to game object action focus – nouns to verbs. Also more naturally supports control of information sharing – Rules & Action Validation becomes possible • Validating state differences is hard. Validating actions tends to be much easier – Time hacks are also more naturally stopped • Re-synchronization is based on rolling back to a known state or updating from a known state. Multiple updates/actions are clearly detectable – and should be verifiable. • Transaction base synchronization is as Bandwidth Efficient as state- based synchronization – Players actions are inherently narrow-band – If local or AI activities are automatic, then this is WORST CASE the same as Distributed Object approaches (RTS games with many units) steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 7. Security eBooks Safer Networking with Server Control Control or Action or Action Client Client Partial Partial State State Display Display Random • Push Actions to Server Rules • Let Server or Other Players Validate Server State steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 8. Security eBooks Proxy Security Some online games dangerously include a SQL client and talk directly to the game server Rules Validation Data Validation Validation Message Incoming Message Database • Protecting Database from SQL injection / direct queries • Allows Rules Validation on Server or reallocation to other players steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 9. Security eBooks • How “out of synch” should players be allowed to get? – Delays -There is effectively an underlying notion of time “ticks” where The Trouble with – the game must stop Interaction – There is an important game play notion of how players are able Time to interact with each other (action/re- action) in terms of information available. • For a network game this sets a notion of Lifecycle of a Network Player “minimum duration”. Action – Interference – The interaction of – Decision – the instant at which the different player actions need to have action enters the game play engine reasonable and understandable – Commitment – the instant before consequences based on each player’s which the action will be automatically notion of state and action. aborted/changed to address new – Prediction & Confusion – The incoming information that was not interaction of the player presentation and available the actual game state can become – Success – the instant after which the complicated by poor predictions by the action has some probability of game presentation engine and the actual resolving successfully. actions of the remote player. This is a – Resolution – the instant when the problem for presentation & control action triggers consequences in the • How long does something take? game – Click-driven play fails for network games play engine. – when computers must share or – Conclusion – the instant after which coordinate state, simple physical the player is allowed to choose a interaction as a basis for temporal next action control breaks down steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 10. Security eBooks Platform and Architectural Security Issues • Increasing complexity often leads to architectural compromises… often unintentional – Move from traditional games to more complicated games may undermine server-based model • Frequent examples in MMOs and casual games • Server-based model is not the only security approach – Server-based design does not necessarily address player trust issues • Why should players trust the server? • How can the operator trust the developer? • How can the regulator trust anyone? – Server-based design does not solve all threats • Distributed and Peer-based Designs have potential benefits • Developers are often the biggest “cheaters” – Implicit design decisions can have substantial, and surprising, security impacts steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 11. Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 12. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416