Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Defending Intellectual Property. Agenda Hacker Anatomy Risks Categories of Security Tools.

Similar presentations

Presentation on theme: "Security Defending Intellectual Property. Agenda Hacker Anatomy Risks Categories of Security Tools."— Presentation transcript:

1 Security Defending Intellectual Property

2 Agenda Hacker Anatomy Risks Categories of Security Tools

3 Anatomy of a Hacker Motives Challenge / Fame Disgruntled Gamer Cost / experience Profit Skill Novice Knows how to copy a disk or get hacks off the net Geek Knows how to get at bits Knows how to use/write hacking tools Professional Has $$$ == hardware, software & Geeks

4 Security Risks Logical Theft of Art Assets Make own game or modifications to your game Use for other purposes (web) Disk Copying Make copy and pass around for free/pay, return original to store. Cheating Online game economy. User experience Server Attacks Bring down servers Essentially make servers unavailable. Billing/Identity theft $$$ == Legal Liability User experience

5 Security Risks Physical CD Copy Protection Schemes Slow Broken in weeks (i.e., unreliable against Pro) Expensive (req. special mastering) Executable Encrypted Exists somewhere unencrypted in memory. Slow Patch unfriendly Encrypt parameters sent to your DLLs. Convolution of runtime Heap moving Strip symbols Dont expose entry points in DLLs. Periodic memory checksums Check for hacker tools (running debuggers, shims, …) Art Encrypt or convolute into special format. Combine all into one file. (performance issues both good and bad) Net Traffic Encrypt Checksum Validity check all variables Authentication CPU Hit, adds latency and Bandwidth (i.e., increases packet size)

6 Categories of Security Copy Protection Cryptography Network Intrusion

7 Copy Protection Securing Intellectual Property CDROM copy protection CD Keys Makes casual user search for keygen cracks Warez Aware Avoid easy exclusion of large data files. Require hex hack to.exe and.dlls Add Many Aversions (i.e. Convolutions) Watermark Assets

8 Cryptography Goals / Services Privacy Keep others from seeing your data Message Integrity Keep others from changing you data unbeknownst to you Authentication Verify Identity

9 Cryptography Algorithms Secret Key Both encrypt & decrypt with same key Requires initial secure key exchange Manual (in person, or through some other media) Hardware (key FOB) Other Secure Transmission Public Key Trap door a.k.a. one-way function Cant decrypt without other key Related to Prime Factorization Encrypt with destinations public key Destination decrypts with private key Message Digest Keyless hash using one-way function to produce checksum

10 Cryptography Message Digest MD (e.g. The popular MD5) 128 bit SHA (Secure Hash Algorithm) 160 bit Fast Not really security (tamper proofing) Fancy Checksum

11 Public Key Encryption (Asymmetric - Key Pairs) RSA (Rivest, Shamir & Adelman) Used by PGP (Pretty Good Privacy) Much slower than secret key algorithm Fast encrypt, Slow decrypt To slow for real-time game messages Use when you need the best security Exchange Secret Session keys via Public Key Encryption Public key distribution via. x.509 digital certs Trusted 3 rd party verifies you are who you say

12 Secret Key Encryption (Symmetric - Same Key) AES (Advanced Encryption Standard) 128, 192, 256 bit keys Considered current best Secret Key algorithm Endorsed by U.S. Gov (November 2002) Algorithm name Rijndael DES (Data Encryption Standard) 56 bit keys Developed by IBM Endorsed by U.S. Gov (expired with intro of AES) Most widely used encryption Used by Kerberos Created to run on special hardware Blowfish – variable up to 448 bit keys Faster than DES (created to run on PCs) Faster than public key algorithms Requires exhaustive key-space search to hack Increasing CPU speed has put this algorithm on the edge of compromise

13 Secret Key Encryption Standard Modes Block Ciphers ECB (Electronic Cookbook) Single Block, no feedback (Good for Datagrams) CBC (Cipher Block Chaining) Integrates prior message Stream Ciphers CFB (Cipher Feedback) OFB (Output Feedback Mode)

14 Cryptography Not For Export ITAR – US International Traffic and Arms Regulations Limits exportability of military munitions. Export a program using encryption, get busted for arms smuggling Cant make cryptography too strong. Based on Key bit size and algorithm. Each country has their own regulations in regards to crypto strength.

15 Network Intrusion Firewalls Pass on or drop packets. 3 Techniques Packet Filtering Concerned with packet headers Port Filtering Stateful protocol inspection Circuit Gateways Sets up a secure session. Doesnt car about contents. SSL, Socks5, VPN, Tunneling Application Proxies Concerned with packet data Antivirus run on FTP or SMTP

16 Network Intrusion Brute Force Internet Attacks Denial Of Service (a.k.a. DOS Attacks) Saturate bandwidth Consume Server CPU time Blow out router Address Cache (basically CPU bind the router for a period of time) IP Spoofing MAC Address Slightly more difficult (act as a bridge with 2 NICs) IP Address Reverse Tunneling, DNS Rebinding

17 Tools Satan Detect vulnerabilities Server Audit logs After the fact Debuggers (Soft Ice and similar) Dissemblers DLL Shims O/S Emulators Hardware Sniffers Memory Tools : Difference engines

18 In Game File & RAM crc checkers Heap Hopper Remove debug symbols on release build Code Obfuscator (Important for.NET) Data Bluffing Rigorous Packet Validation Action Validation Clock Validation

19 Game Tools Punkbuster Scans for known: Cheat programs Cheating APIs File and memory check sums Player voting Hardware banning Exe Encryption

20 References Books Internet Security – Professional Reference Wide range of general security protocols Applied Cryptography – Bruce Schneier General introduction to all cryptography Security Organizations CERT, FIRST, 8LGM, IACR, RSA, NSA, Microsoft, IBM…

21 Reference Links General Security Encryption (blowfish, DES, MD5 lib)

Download ppt "Security Defending Intellectual Property. Agenda Hacker Anatomy Risks Categories of Security Tools."

Similar presentations

Ads by Google