12/13/2001CS 638, Fall 2001 Today Cheat prevention (and cheat techniques) –Great article:

Slides:

Advertisements

Similar presentations

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

Advertisements

Online Game Security - Quake III and its Hacks - (related paper: A Systematic Classification of Cheating in Online Games, Jeff Yanand and Brian Randell.

Cheat-Proof Playout for Centralized and Distributed Online Games IEEE InfoCom’01 Paper by Nathaniel E. Baughman and Brian Neil Levine CPSC 538A Presentation:

Cheat-Proof Playout for Centralized and Distributed Online Games By Nathaniel Baughman and Brian Levine (danny perry)

Anti-Cheating Mechanisms for Computer Games Michael Rudolph Jason Cook.

Stopping cheaters since By: Tigran Gasparian.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Network synchronization of Online Games Li, Zetan.

Unit 18 Data Security 1.

Prepared by: Nahed Al-Salah

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Lessons learned from a multiplayer RTS development Based on: ures/ /terrano_01.htm - accessed on 17th December.

1 New Architectures Need New Languages A triumph of optimism over experience! Ian Watson 3 rd July 2009.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Cheating David Hinton ITCS Overview When does it matters? Types of cheating Solutions to cheating.

SM3121 Software Technology Mark Green School of Creative Media.

Computer Networks IGCSE ICT Section 4.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Hands-On Microsoft Windows Server 2008

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Developing Personal Identity & Character

NetSim ZigBee Simulation Code Walkthrough in 10 steps

1 Performance Evaluation of Computer Networks: Part II Objectives r Simulation Modeling r Classification of Simulation Modeling r Discrete-Event Simulation.

Study Guide For Test Chapter 5, 6,& 7 Test is Friday, May 15th.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

Computer Security and Penetration Testing

Introduction of Internet security Sui Wang IS300.

Data and its manifestations. Storage and Retrieval techniques.

Art 315 Lecture 5 Dr. J. Parker AB 606. Last time … We wrote our first program. We used a tool called GameMaker. The program we wrote causes a ball to.

Art 315 Lecture 6 Dr. J. Parker. Variables Variables are one of a few key concepts in programming that must be understood. Many engineering/cs students.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

ICOM 6115: Computer Systems Performance Measurement and Evaluation August 11, 2006.

Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.

Term 2, 2011 Week 1. CONTENTS Problem-solving methodology Programming and scripting languages – Programming languages Programming languages – Scripting.

12/09/03CS679 - Fall Copyright Univ. of Wisconsin Last Time More collision detection packages Time critical collision detection Introduction to.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

(a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always the same. So please give three examples.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Security CS Introduction to Operating Systems.

INTERNET SAFETY FOR KIDS

AI Evaluation David Nowell CIS 588 2/14/05 Baldur’s Gate.

1 Software. 2 What is software ► Software is the term that we use for all the programs and data on a computer system. ► Two types of software ► Program.

Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

CHAPTER 14 Classes, Objects, and Games XNA Game Studio 4.0.

Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

The single most important skill for a computer programmer is problem solving Problem solving means the ability to formulate problems, think creatively.

Lecture VIII: Software Architecture

M1G Introduction to Programming 2 2. Creating Classes: Game and Player.

Busta’ Sandwich Life Cycle Architecture. Specifications.

A Partial Survey of the Perfect Digital Watermark Problem.

BUGSWORLD It CAME from Aaron Shbeeb – Eugene Talagrand Building a better bug – by any means necessary.

Computer System Structures

3.6 Fundamentals of cyber security

DNS Security Advanced Network Security Peter Reiher August, 2014

Web Hacking: Beginners

Graph Coverage for Specifications CS 4501 / 6501 Software Testing

Crisis and Aftermath Morris worm.

Presentation transcript:

12/13/2001CS 638, Fall 2001 Today Cheat prevention (and cheat techniques) –Great article: Evaluations

12/13/2001CS 638, Fall 2001 Why Care About Cheats? Online gaming is big business Cheats can achieve financial advantage: –Competitive games with prizes are the obvious example (casinos) –Also consider EverQuest: People play the game, build good characters, and then auction them on Ebay. If they can cheat to obtain good characters, they are achieving unfair financial advantage Cheats can ruin the game for everyone: –Players tend to have a strong sense of fairness –If they believe they are being cheated, they will not play, and you will not make any money Single player cheaters typically only affect themselves, so you don’t care

12/13/2001CS 638, Fall 2001 Sources of Cheats Reflex augmentation: Use a cheat to improve some aspect of physical performance, such as the firing rate or aiming Authoritative clients: Clients issue commands that are inconsistent with the game-play, or mimic the server Information Exposure: Clients obtain information that should be hidden Compromised servers: A hacked server biases game-play toward the group that knows of the hacks Bugs and Design Loopholes: Bugs are found and exploited, or parts of the program intended for one purpose are used for another Environmental Weakness: Differences or problems with the OS or network environment are exploited

12/13/2001CS 638, Fall 2001 Observations About Cheating Brewer’s rule: The only way to make a system 100% secure is to completely isolate it (Eric Brewer, 1996) Pritchard’s Rules (Gamasutra article): –If you build it, they will come - to hack and cheat –Hacking attempts increase as a game becomes more successful –Cheaters actively try to control knowledge of their cheats –Your game, along with everything on the cheater’s computer, in not secure - not memory, not files, not devices and networks –Obscurity is not security –Any communication over an open line is subject to interception, analysis and modification –There is no such thing as a harmless cheat –Trust in the server is everything in client-server games –Honest player would like the game to tip them off to cheater, hackers hate it

12/13/2001CS 638, Fall 2001 Reflex Augmentation Aiming proxies intercept communications, build a map of where people are, and automatically shoot them Rapid-fire proxies take each “shoot” packet and replicate it Fix #1: The server validates player actions - if they are too good the player is considered a cheat and kicked out –Problem is calibration: You have to find the cheats while not penalizing excellent players Fix #2: Make it difficult to insert non-valid packets –Encrypt the packets, but your encryption must be cheap, and cheap encryption can be broken –Make the encryption depend on the game state or other time-dependent “random” value. Hard to do with UDP –If using guaranteed delivery (TCP) serialize packets with a unique sequence of numbers - cannot then replicate or insert extra packets

12/13/2001CS 638, Fall 2001 Authoritative Clients Occurs when one player’s game informs everyone else that a definitive event has occurred: e.g. I just got a power-up Hacked clients can be created in many ways: change the executable, change game data in other files, hack packets Fix is to insert command request steps: –Player request an action, its validity is checked, it is sent out on the network, and added to the player’s pending queue –Incoming actions also go on the pending queue –Actions come off the pending queue, are validated again, and then are implemented Sometimes validation is hard to get right, so try synchronization –Occasionally send complete game state around, and compare it –Actually, send something derived form complete game state

12/13/2001CS 638, Fall 2001 Information Exposure Some classics: Modify the renderer to make walls transparent, modify maps to remove the fog of war Basically, display variables must be modified in memory, or read out and displayed elsewhere –Hackers are very good at finding the locations of key data in memory, and modifying them transparently Fixes: –Check that players agree on the value of certain variables, and the validity of actions - synchronization again Note that you can look for actions that cannot be valid with the correct display –Compile statistics on drawing, and see of they look off (eg # polygons drawn) –Encrypt data in memory to avoid passive attacks

12/13/2001CS 638, Fall 2001 Compromised Servers Many servers have customization options, and the community is encouraged to modify the server –This is completely legal However, as a game become popular, naïve people start to play the game –They do not have the skills or knowledge to check that the server they are playing on is “pure” –They will grow frustrated, blame the developer, and complain to their friends Some modifications can be very insidious, and may not be legal. For example, hack the serve to do different damage for opponents, and small differences add up Solution is to warn people when they connect to the server, and about any other non standard properties (found through validation)

12/13/2001CS 638, Fall 2001 Bugs and Design Issues Some bugs enable cheating, such as a bug that enables fast reloading, or one that incorrectly validates commands Some design decisions make cheating easier: –Embedding cheats codes in single player mode makes it easy for a hacker to track down the variables that control cheats –Poor networking or event handling can allow repeat commands or other exploitations Age of Empires and Starcraft example: all resource management is done after all events for a turn are processed. Poor networking allowed multiple cancel events on the queue, which restored multiple resources Solution is to avoid bugs and think carefully about the implications of design decisions on hacking

12/13/2001CS 638, Fall 2001 Environmental Weaknesses Facilities to deal with the OS or network may leave you vulnerable to some forms of attack –Interaction with the clipboard can introduce non-printable characters –Interaction with almost any scripting language may leave you open to hacks not related to the game itself (ie your game could be a way in) –Network connection drops or overloading can cause problems Some cheats destroy the game for every player (tip the board) which can be useful if you are losing Others knock off a specific player (your worst enemy, one assumes)

12/13/2001CS 638, Fall 2001 The Moral of the Story You can’t win, you just try to make cheating as hard as possible and contain the damage