[MUD-Dev] Security in MUDs - MMORPGs

Sean Kelly sean at ffwd.cx
Fri Jun 8 09:44:20 CEST 2001 

From: "Adam Martin" <amsm2 at cam.ac.uk>

>   "You are developing a multi-user computer game, and wish to make
>   it harder for players to cheat.

>     (a) Discuss the possible benefits of using:

>       (i) encryption/authentication

This really depends on the code.  The theory of encryption is fine
but implementation is often poor.  Still, encrypting communications
between the client and server would make sniffing to determine the
protocol difficult to impossible and quickly force the cheater to
find other means to cheat (since he has the client program he has a
lot of options).

>       (ii) virus detection techniques

Sorry this one makes little sense to me.  Unless you want to provide
some means to authenticate that the client programs have not been
modified (say via an MD5 checksum), but since you're relying on the
player's computer to tell you, this is a shaky proposition at best.

>       (iii) intrusion detection techniques

If you limit what a player can see and do by what information the
server sends them and what commands the server accepts, who cares if
a player writes his own client program?  Or is the issue more that
you want to prevent players from hacking the server/server's network
some other way (say obtaining root on a machine in the network and
using it to modify player data by directly manipulating the data
cache)?

>     (b) What might be the advantages and disadvantages of issuing
>     players with a smartcard and reader?"

Advantage: none.  Disadvantage: cost, and a false sense of security.
Read Bruce Schneier's latest book if you haven't already.  The
problem with smartcard, biometric, and other remote authentication
techniques is that the server is ultimately relying on the client to
tell them the information.  A sufficiently motivated/skilled client
can just lie.  If this game were offered in an arcade or some other
venue where you control the smartcard reader, then security is much
better but there is still the risk that the player will either be
playing with a stolen smartcard or have screwed with the card itself
to get it to provide fake information.  Ultimately, it's a matter of
motivation and resources -- all known smartcard-like devices can be
defeated given enough time and money (they have the card in the
posession and can screw with it as much as they want in the privacy
of their own home, or an advanced laboratory for that matter).

> Although I was tempted to answer with "The benefits are: not much,
> really - you can't trust the client at all", I wasn't prepared to
> fail because of a flippant answer :). Sadly, we can't discuss the
> relevance/well-foundedness of the question with the resident
> professor of Security, because he's also the chief examiner this
> year, which effectively censors him.

So track him down after the exams have been graded.

Sean

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list