Schneier on Security
A blog covering security and security technology.
« John Walker and the Fleet Broadcasting System |
| Fixing Airport Security »
June 24, 2009
Research on the Security of Online Games
The May/June 2009 issue of IEEE Security and Privacy contains five articles about the security of online games. Unfortunately, the articles are all behind paywalls.
Posted on June 24, 2009 at 3:33 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I get access through my University. They look interesting and I have a vested interest as I am a indie game developer.
I have assumed that cheating is a big problem while "piracy" is something that's not worth worrying about.
The problem is that prevention and detection is "easy" but response....
Well we are going for a CD key for a unique identifier with "privacy" in that we can't bind it directly to a person without secondary data. We can then ban that from online games.
However it gets legally difficult to do. But if cheating doesn't cost money there is no incentive to stop... banning a login does not work.
Aside from the issues mentioned in the free article and the abstracts of the rest, the risk these companies present is huge.
The other day I made a typo when creating the Parental Controls on my son's WoW account. Luckily the account was in my name, but have a look at the "required" information had the account been in his name:
If the account in question is under the name of the **MINOR** please email the following as an attachment to AccountServices@Blizzard.com using the account login name as the subject line:
1.) A legible photocopy of the identification of the current registered account user. Acceptable forms of identification for the child are: Birth Certificate, Passport, or any other government issued ID which displays the date of birth. (School IDs are *not* accepted.)
2.) A legible photocopy of the identification of the account user's guardian. Only a government issued photo ID or Birth Certificate will be accepted for the guardian.
Never mind my Drivers License, they are confidently asking for stewardship of my child's Birth Certificate. I can only assume they have quite a collection, and I have no way of knowing with a certainty they aren't stored in a shoebox on Blizzard's back porch.
If its behind a Paywall then please don't feature or promote the article. It's like saying "neener neener you can't see this awesome thing." It's rude for you to do that and it feeds their outdated business model.
The Journal method of research attestation should be replaced by a decentralized system of peers endorsing research papers individually by signing it with their Peer Review key and attaching a signature block to the bottom of the paper.
A lot scientific articles are behind paywalls of some kind. Yes it would be nice if it was all free and I try to submit my papers to open access jornals.
But it does not reduce the intrest or importance of the work. There is no childish "neerner neerner" intentions here. You can always ignore such threads.
I can't access the above papers, but I co-authored a research paper that formalizes online cheating and provides a distributed protocol with anti-cheating guarantees. (I am now pursuing my own game development.)
Cheat-Proof Playout for Centralized and Peer-to-Peer Gaming.
Nathaniel E. Baughman, Marc Liberatore, and Brian Neil Levine. IEEE/ACM Transactions on Networking, pages 1--13, February 2007.
Typically all research papers can be obtained by emailing the author or via the author's web page.
greg: Yes, it does reduce the interest or importance of the work. For those of us not inside the academy, it may as well not exist.
I understand the historical reasons why these paywall exists, but it's wasteful to pretend things behind a paywall matter.
I am one of the authors of "Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games" and a regular reader of this blog. While I'm not sure that I'm legally allowed to share the article, I can share the attack examples in the article. It's been public for some time, even Slashdotted last year. The AO video is pretty funny if you have a minute to watch it:
Anarchy Online & Age of Conan: http://www.securityevaluators.com/ao
Second Life: http://www.securityevaluators.com/sl
Its not worth paying to get behind the walls. I was initially excited by the subject matter of this issue and some of the articles were good (include Gabriel's) but too much of it was thought experiments with no basis in reality. Don't get me started on the works of the guest editor, black hats who position themselves as defenders of justice whilst exploiting their findings for profit are my favorite kind of hypocrites.
Do you make the same claim about non free books too?
The source code for the Quake 1 game was released under the GNU General Public License. Concerns arose that cheating had been facilitated by this release. Eric S. Raymond wrote about the issue in the writing "The Case of the Quake Cheats":
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.