Cheat-Proofing P2P Online-gaming Albert Lee Spring 2008 Comp 424

Overview Introduction Terminology and Architecture Comparing Server vs. P2P Networks Problems with P2P Networks Example of Cheating Cheat-Proof / Anti-Cheating Measures Conclusion References

Introduction Focus on Multiplayer Online Games ◦ MMORPG ◦ FPS Common Cheating Techniques Protection ◦ Anti-cheat Techniques ◦ Cheat Detection Techniques

Terminology The game state is the set of information that describes the game at any time, which is composed of entity An entity is an in-game objects that is controlled by a player. A player is a person playing a game as well as the objects that person controls in the game

Terminology Ping is a network tool that measures the round trip of a packet (measured in ms) Latency is the amount of time it takes a packet to travel from source to destination Bandwidth is the amount of data that can be transmitted in a fixed amount of time

Architecture: Client-Server Server maintains all the game entity states Server computes game states based on client’s inputs Client (player) request for the server to change the entity state Client informs the server of decisions the player makes Server resolves any interactions between in-game objects and global game state

Architecture: P2P P2P (Peer-to-Peer) or Serverless Clients becomes host Each host Maintains its own entity state in the game Decisions are updated to the other hosts Resolves any interactions

Comparison Client-Server P2P High Cost to operate High Bandwidth Required for the server Not Scalable Easier to Secure Reduce cost to operate Distributes bandwidth among clients Scalable Very difficult to secure ◦I◦I ssue with Trust

Problems with P2P Misplaced Trust ◦ Software and data are stored player machines. Susceptible to manipulation. Exploiting Lack of Secrecy ◦ Compare to Client-Server networks, additional protection is needed Collusion ◦ Groups of ‘host’ can cheat together

Cheating in P2P Networks Messages (Packages sent to other host) ◦ Forged- Not sent from a honest sender ◦ Aberrant – Legal but deviating message ◦ Omitted- Not sending a message Manipulating Data ◦ Changing data in Local Memory Hack Programs ◦

Example of Cheating Data Manipulation of a Game Simple example of modifying memory for Solitaire Game using “ArtMoney”

Example of Cheating (cont) HACKS Hard Coded – Manipulated game files External – External program that gives an unfair advantage OpenGL Hack- Altered Video Drivers Client Hook – Client Loader that injects code into the games memory

Cheating Detection Time Stamp ◦ A trusted entity that provides signed hashed messages Observer Service ◦ receives secret information via secure channels ◦ verifies it real-time Encrypting / Signed Data ◦ Confidentiality of sensitive data ◦ Data can be identified by player

Cheat-Proof: Time Stamp Send Message to Time Stamp server and other player. The Signed Hashes are exchanged for Action verification Using the other player’s time hashes to look for cheating Assumption Time-Stamp server is trusted No communication break-down Minimal Latency Packet travel time l is only the time from one player to another

Anti-cheating Software PunkBuster Real-time scanning of memory Searches for known hacks/cheats Randomly check players Punkbuster (Mainly FPS: Call of Duty 4) Punkbuster Warden (WOW/Blizzard products) Warden GameGuard (MMORPGs) GameGuard DMW Anticheat (FPS: Medal of Honor) DMW Anticheat Value Anti-Cheat (Steam Product) Value Anti-Cheat

Encrypting / Signed Data Encrypting Local Data ◦ Maintains security of sensitive data that is shared between host machines ◦ Observer Services protects from memory manipulation Signed Data ◦ Maintains a history and responsibility on messages ◦ Discourage cheating

Conclusion Why not P2P Networks? ◦ Cost effective ◦ Not implemented because of security issues The Secret is Game Design ◦ Security ◦ Cheat Detection

References (Articles) Time-Stamp Service makes Real-Time Gaming Cheat-Free Shunsuke Mogaki, Masaru Kamada, Tatsuhiro Yonekura, Shusuke Okamoto, Yasuhiro Ohtaki, Mamun Bin Ibne Reaz Department of Computer Science, University of Massachusetts Amherst Network and System Support for Games, Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games 2007 Cheat-proof playout for centralized and peer-to-peer gaming Nathaniel E. Baughman, Marc Liberatore, Brian Neil Levine IEEE/ACM Transactions on Networking (TON) Volume 15, Issue 1 (February 2007) Supporting P2P gaming when players have heterogeneous resources Aaron St. John, Brian Neil Levine International Workshop on Network and Operating System Support for Digital Audio and Video 2005 Challenges in peer-to-peer gaming Christoph Neumann, Nicolas Prigent, Matteo Varvello, Kyoungwon Suh ACM SIGCOMM Computer Communication Review Volume 37, Issue 1 January 2007 Design of a cheat-resistant P2P online gaming system Patric Kabus, Alejandro P. Buchmann ACM International Conference Proceeding Series; Vol

References (Websites) mmo/

Questions?