2006. 2. 9 a taxonomy of online game attacks and defenses presentation computer and communication...
TRANSCRIPT
2006. 2. 9
A Taxonomy of Online Game Attacks and DefensesPresentation
Computer and Communication Security Laboratory
Korea University
Copyright © 2005 CCS lab., All rights reserved 2ㅊ
CONTENTS
INTRODUCTION
RESEARCH TREND
MOTIVATION
A TAXONOMY OF ONLINE GAME ATTACKS
RESPECTIVE ATTACKS AND DEFENSES MECHANISMS
EVALUATION
CONCLUSION
Copyright © 2005 CCS lab., All rights reserved 3ㅊ
The shining star area people are enjoying enthusiastically
The emergence of online game cheating
INTRODUCTION
Sensational game popularity in Korea An example of game cheating
Copyright © 2005 CCS lab., All rights reserved 4ㅊ
J.J. Yan and Ying-Chieh etc. : Classifying some key security issues(International Conference on Information Technology: Coding and Computing, 2005.)
Matt Pritchard : Patterning online game hacker’s rules out(Information Security, 2001.)
Brian Neil Levine, etc. : Secure online game network architecture (Global Telecommunications Conference Workshops, 2004.)
Brenda Harger etc. : Secure online game interface design(International Conference on Entertainment Computing 2004)
Christopher Ruggles etc. : The external factor of online game security(International Federation for Information Processing 2005)
RESEARCH TREND
Copyright © 2005 CCS lab., All rights reserved 5ㅊ
Classifying online game attacks with respect to vulnerable spots
to know what threats exist in online game
Analyzing the principles of respective attack
Proposing defense mechanisms
Evaluating applied defense mechanisms to online games
MOTIVATION
Copyright © 2005 CCS lab., All rights reserved 6ㅊ
A definition of game cheating
I I+1
Game variable set GS = {Memory, File, Time, Event, Packet}
J
Game cheatingNormal play
J ≠ I+1
Copyright © 2005 CCS lab., All rights reserved 9ㅊ
Server attacks
Session server
Database server
Game state computation
server
Update server
FTP server
Server directory attack Buffer overflow attack Inadequate parameter
attack SQL injection attack Backdoor attack
Game server group
Top Five Server Attack Techniques
Copyright © 2005 CCS lab., All rights reserved 10ㅊ
Server countermeasure
Item IDItem max
transfer valueItem max
transaction number
User 1
User 2 … … …
… … … …
Copyright © 2005 CCS lab., All rights reserved 12ㅊ
Network attacks
Game client
Proxy server
Game client (An attacker)
Game server group
Packet fabrication attack for game packet analysis
Packet pace attack for game packet speed or acceptance control
Packet flooded attack (DDoS) for game service interruption
Controlling packet
Clienttraffic control
Appling Random Pseudo Number
to game packet for
PACKET DISIMMILIARITY
Copyright © 2005 CCS lab., All rights reserved 16ㅊ
Memory alteration countermeasure
VirtualAllocMemory
OpenProcess
ReadMemory
WriteMemory
Memory access functions
Access denied by moving function execution pointers
Copyright © 2005 CCS lab., All rights reserved 17ㅊ
File fabrication attack
A file fabrication attack made the target mark more accurate form.
Copyright © 2005 CCS lab., All rights reserved 18ㅊ
File fabrication countermeasure
Game client Game server group
The latest file checksum inspection when running a game
Copyright © 2005 CCS lab., All rights reserved 20ㅊ
Time frame-up attack countermeasure
timeGetTime
QueryPerformanceCounter
Timer functions
Access denied by moving function execution pointers
Time synchronization check between server and client
Copyright © 2005 CCS lab., All rights reserved 23ㅊ
Event faking countermeasure
MouseEvent
KeyEvent
Check repetition actions by using simple data structure
Event functions
Checking events and access denied to event class
Copyright © 2005 CCS lab., All rights reserved 24ㅊ
Fraud
Social engineering
Internal absurdity
Collusion
User attacks
Copyright © 2005 CCS lab., All rights reserved 27ㅊ
The contribution of an attack classification
The importance of identifying attack mechanisms
Building up the defense mechanisms focusing the anomaly the
attacker provokes
Future work : Developing more accurate and reliable
anomaly-detection solutions to online games
Conclusion