OpenConflict: Preventing Real Time Map Hacks in Online Games - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

OpenConflict: Preventing Real Time Map Hacks in Online Games

Description:

OpenConflict: Preventing Real Time Map Hacks in Online Games Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne, Dan Boneh (Stanford University) IEEE Symposium on ... – PowerPoint PPT presentation

Number of Views:135
Avg rating:3.0/5.0
Slides: 49
Provided by: Luc164
Category:

less

Transcript and Presenter's Notes

Title: OpenConflict: Preventing Real Time Map Hacks in Online Games


1
OpenConflict Preventing Real Time Map Hacks in
Online Games
  • Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne,
    Dan Boneh
  • (Stanford University)
  • IEEE Symposium on Security and Privacy 2011

2
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

3
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

4
Real-Time Strategy(RTS)
  • Online gaming includes 64 of gamers
  • RTS - 35.5
  • First person shooter 10.1
  • RTS games
  • Player compete on a two-dimensional map divided
    in to cells
  • Starcraft II normally 24000 36000 cells

5
RTS Game
6
Cheating in RTS games
  • Abusing the resource system
  • Find the location of resource value in memory
  • Hacking the unit list
  • Tampering with the map visibility
  • Map hacking
  • Hardest to perform
  • Fully passive
  • Note push approach v.s. pull approach

7
Map Hacking
8
Related Work
  • Battle of Botcraft fighting bots in online games
    with human observational proofs.
  • ACMCCS (Nov, 2009)
  • Hacking world of warcraft An exercise in
    advanced rootkit design.
  • Black Hat (2006)
  • Visual reverse engineering of binary and data
    files.
  • Visualization for Computer Security (2008)

9
Contribution
  • Presenting a generic attack tool
  • Kartograph
  • A generic defense against passive attacks in RTS
    games
  • OpenConflict
  • Analyzed 1000 Starcraft II games

10
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

11
Adversarial Game Instrumentation(AGI)
  • Past approaches debugger/decompiler
  • Memory attacks on virtually every game

12
Map Data
  • Easiest

13
Map Hacking
  • Based on memory changes
  • The memory that contains unit positions only
    changes when units move
  • Reducing Memory Space
  • Finding the visibility map
  • Understanding the visibility map

14
Reducing Memory Space
  • Step1
  • Launch the game
  • Read all memory pages of the processs main
    module which are marked as
  • ReadWrite, Commit and Private
  • Step2
  • Move the camera, trigger actions
  • Without discovering any new parts of the map!
  • Eliminate all the memory blocks that changed

15
Reducing Memory Space(cont.)
  • Step3
  • Scout an unknown area in game
  • Keep only the memory blocks that changed
  • Step4
  • Same as Step2

16
Finding the Visibility Map
  • Use visualization techniques
  • Create a nonlinear scouting pattern
  • Heat map representation
  • Difficulty
  • Data types, Align

17
Visualization
18
Visualization(cont.)
19
Understanding the Visibility Map
  • How the structure works?
  • Diff-map analysis
  • Snapshot do something

20
Diff-Map with Heat Map
21
Unit Hacking and Network Analysis
  • Unit Smaller and more complex structure
  • Produce units and observe memory
  • Network Analysis
  • D Diff map
  • F Fixed value
  • C Counter value
  • D Random value

D
F
C
R
22
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

23
Game Hacking with Kartograph
  • Take lots of memory
  • Twice games memory size
  • Work on 64-bit windows only
  • Test 15 games
  • Data structures changed radically

24
Map information
  • Bitmap
  • Composite

25
Using the Game as a Map Hack
26
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

27
Preventing Passive Map Hacks
  • Threat model passive eavesdropping adversaries
  • Assume P2p architecture
  • Pull approach
  • Cryptographic protocols?
  • Challenge imperceptible latency!

28
Cast Study Starcraft II
  • Wrote a crude game engine
  • Analyzed 1000 Starcraft II replays(Top players)
  • High number of actions per minute(APM)
  • Map size 24320 36864 cells
  • Playable size 15180 24640 cells
  • Game duration

29
Cast Study Starcraft II(cont.)
  • Analyzed 1000 Starcraft II replays(Top players)
  • Visibility

30
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

31
Our Approach
  • Prevent the passive map hack
  • Pull approach
  • Each players machine only stores information
    that the player is authorized to see
  • Use an oblivious intersection protocol

32
Intersection Protocol
  • Def
  • M be the set of all cells on the map
  • Each cell may contain units(including builds and
    other objects)
  • Each unit has a visibility radius
  • Union of all of Alices visibility regions gives
    the set of cells that Alice can see
  • denote the set of map cells containing Bobs
    unit
  • for some data domain D

33
Intersection Protocol(cont.)
cell
cell
UA
B2
A1
B1
VA
UB1, also VAnUB
34
Intersection Protocol(cont.)
  • 1. Bob should learn nothing about VA
  • 2. Alice should learn nothing about Ub other than
    VAnUB
  • 3. Alice learns the value of fB on VAnUB but
    nothing about UB\VA

35
Oblivious Function
  • G A group of prime order q
  • Bob chooses a secret key k in 1,q-1
  • ,
  • Alice chooses a random integer r in 1,q-1
  • Start
  • Alice send H1(v)r
  • Bob responds with H1(v)rk
  • Alice computes H1(v)k H1(v)rkr-1
  • Computational Diffie-Hellman assumption tells
    that it is secure!

36
Compute VAnUB
37
Compute VAnUB (cont.)
  • (Bob)
  • For each u in UB a key ku H2(H1(u)k)
  • Encrypt fB(u) using the key ku (authenticated
    encryption, AE)
  • (Alice)
  • Alice obtain H1(v)k for all v in Va
  • Computes kv H2(H1(v)k) for all v in Va
  • Test if one of the ciphertexts received from Bob
    decrypts correctly with kv

38
Hypergrids
cell
cell
UA
B2
A1
B1
VA
UB1, also VAnUB
38
39
Hypergrids(cont.)
40
Chaff and Multiplayer
  • Basic protocol
  • leaks to Bob the number cells in Alices
    visibility set VA
  • Leaks to Alice the sum of the lengths of fB(u)
    for u in Ub
  • The queries H1(v)r are independent of the player
    being queried broadcast
  • Compute H1(v)k is the only per-opponent work

41
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

42
Basic protocol
  • Core i5 660 dual-core hyperthreaded processor
    running at 3.33 GHz
  • Standard NIST elliptic curves
  • 200 visibility hypertiles and 150 units per
    player
  • A single exponentiation a millisecond
  • gt 750 milliseconds per play
  • Unacceptable!

43
Elliptic Curve
  • Montgomery curve
  • Because p is a Mersenne prime
  • Very efficient implementation, 11-12us for
    exponentiations on this curve

44
Security
  • Need to remain secure for an hour
  • Best known algorithms take O( ) time to solve
    discrete logarithms
  • p 261-1
  • 12 sec
  • p 289-1 (speed up OpenConflict by 33)
  • 72 machine-days
  • p 2127-1 (OpenConflict)
  • 3,200 machine-years

45
Measurements
  • v visible grid hypertiles (about 30us)
  • u units (about 15us)

46
OUTLINE
  • Introduction and Related Work
  • A Generic Tool for Map Hacking
  • Game Hacking with Kartograph
  • Preventing Passive Map Hack
  • Case Study Starcraft II
  • Defending against Map Hacking
  • OpenConflict
  • Discussion and Conclusion

47
Preventing Active Attacks
  • Detecting active attacks after the game
  • Every client logs network traffic/actions and
    then sends to other players periodically
  • Upload to a central server to verify
  • Random number generator?
  • Commit a seed for a pseudorandom generator at the
    beginning of the game
  • A central server to verify

48
Conclusion
  • Map hacking and a defense system for RTS games
  • Kartograph and OpenConflict
  • Security in online games is a fruitful area of
    research!
Write a Comment
User Comments (0)
About PowerShow.com