1 / 48

OpenConflict: Preventing Real Time Map Hacks in Online Games

OpenConflict: Preventing Real Time Map Hacks in Online Games. Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne, Dan Boneh (Stanford University) IEEE Symposium on Security and Privacy 2011. OUTLINE. Introduction and Related Work A Generic Tool for Map Hacking Game Hacking with Kartograph

ezra-merrill
Download Presentation

OpenConflict: Preventing Real Time Map Hacks in Online Games

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenConflict: Preventing Real Time Map Hacks in Online Games Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne, Dan Boneh (Stanford University) IEEE Symposium on Security and Privacy 2011

  2. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  3. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  4. Real-Time Strategy(RTS) • Online gaming includes 64% of gamers • RTS - 35.5% • First person shooter – 10.1% • RTS games • Player compete on a two-dimensional map divided in to cells • Starcraft II: normally 24000 – 36000 cells

  5. RTS Game

  6. Cheating in RTS games • Abusing the resource system • Find the location of resource value in memory • Hacking the unit list • Tampering with the map visibility • Map hacking • Hardest to perform • Fully passive Note: pushapproach v.s. pullapproach

  7. Map Hacking

  8. Related Work • Battle of Botcraft fighting bots in online games with human observational proofs. • ACMCCS (Nov, 2009) • Hacking world of warcraft: An exercise in advanced rootkit design. • Black Hat (2006) • Visual reverse engineering of binary and data files. • Visualization for Computer Security (2008)

  9. Contribution • Presenting a generic attack tool • Kartograph • A generic defense against passive attacks in RTS games • OpenConflict • Analyzed 1000 Starcraft II games

  10. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  11. Adversarial Game Instrumentation(AGI) • Past approaches: debugger/decompiler • Memory attacks on virtually every game

  12. Map Data • Easiest

  13. Map Hacking • Based on memory changes • The memory that contains unit positions only changes when units move • Reducing Memory Space • Finding the visibility map • Understanding the visibility map

  14. Reducing Memory Space • Step1 • Launch the game • Read all memory pages of the process’s main module which are marked as • ReadWrite, Commit and Private • Step2 • Move the camera, trigger actions • Without discovering any new parts of the map! • Eliminate all the memory blocks that changed

  15. Reducing Memory Space(cont.) • Step3 • “Scout” an unknown area in game • Keep only the memory blocks that changed • Step4 • Same as Step2

  16. Finding the Visibility Map • Use visualization techniques • Create a “nonlinear” scouting pattern • Heat map representation • Difficulty: • Data types, Align

  17. Visualization

  18. Visualization(cont.)

  19. Understanding the Visibility Map • How the structure works? • Diff-map analysis • Snapshot & do something

  20. Diff-Map with Heat Map

  21. Unit Hacking and Network Analysis • Unit: Smaller and more complex structure • Produce units and observe memory • Network Analysis D: Diff map F: Fixed value C: Counter value D: Random value C R D F

  22. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  23. Game Hacking with Kartograph • Take lots of memory: • Twice game’s memory size • Work on 64-bit windows only • Test 15 games • Data structures changed radically

  24. Map information • Bitmap • Composite

  25. Using the Game as a Map Hack

  26. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  27. Preventing Passive Map Hacks • Threat model: passive eavesdropping adversaries • Assume: P2p architecture • Pullapproach • Cryptographic protocols? • Challenge: imperceptible latency!

  28. Cast Study Starcraft II • Wrote a crude “game engine” • Analyzed 1000 Starcraft II replays(Top players) • High number of actions per minute(APM) • Map size: 24320 ~ 36864 cells • Playable size: 15180 ~ 24640 cells • Game duration

  29. Cast Study Starcraft II(cont.) • Analyzed 1000 Starcraft II replays(Top players) • Visibility

  30. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  31. Our Approach • Prevent the passive map hack • Pull approach • Each player’s machine only stores information that the player is authorized to see • Use an oblivious intersection protocol

  32. Intersection Protocol • Def: • M be the set of all cells on the map • Each cell may contain units(including builds and other objects) • Each unit has a visibility radius • Union of all of Alice’s visibility regions gives the set of cells that Alice can see • denote the set of map cells containing Bob’s unit • for some data domain D

  33. Intersection Protocol(cont.) cell cell UA B2 A1 B1 VA UB1, also VA∩UB

  34. Intersection Protocol(cont.) 1. Bob should learn nothing about VA 2. Alice should learn nothing about Ub other than VA∩UB 3. Alice learns the value of fB on VA∩UB but nothing about UB\VA

  35. Oblivious Function G: A group of prime order q Bob chooses a secret key k in [1,q-1] • , Alice chooses a random integer r in [1,q-1] Start: • Alice send H1(v)r • Bob responds with H1(v)rk • Alice computes H1(v)k = H1(v)rkr-1 Computational Diffie-Hellman assumption tells that it is secure!

  36. Compute VA∩UB

  37. Compute VA∩UB (cont.) (Bob) For each u in UB : a key ku = H2(H1(u)k) Encrypt fB(u) using the key ku (authenticated encryption, AE) (Alice) Alice obtain H1(v)k for all v in Va Computes kv = H2(H1(v)k) for all v in Va Test if one of the ciphertexts received from Bob decrypts correctly with kv

  38. Hypergrids cell cell UA B2 A1 B1 VA UB1, also VA∩UB 38

  39. Hypergrids(cont.)

  40. Chaff and Multiplayer • Basic protocol • leaks to Bob the number cells in Alice’s visibility set VA • Leaks to Alice the sum of the lengths of fB(u) for u in Ub • The queries H1(v)r are independent of the player being queried: broadcast • Compute H1(v)k is the only per-opponent work

  41. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  42. Basic protocol • Core i5 660 dual-core hyperthreaded processor running at 3.33 GHz • Standard NIST elliptic curves • 200 visibility hypertiles and 150 units per player A single exponentiation = a millisecond => 750 milliseconds per play Unacceptable!

  43. Elliptic Curve • Montgomery curve • Because p is a Mersenne prime • Very efficient implementation, 11-12us for exponentiations on this curve

  44. Security • Need to remain secure for an hour • Best known algorithms take O( ) time to solve discrete logarithms • p = 261-1 • 12 sec • p = 289-1 (speed up OpenConflict by 33%) • 72 machine-days • p = 2127-1 (OpenConflict) • 3,200 machine-years

  45. Measurements • v: visible grid hypertiles (about 30us) • u: units (about 15us)

  46. OUTLINE • Introduction and Related Work • A Generic Tool for Map Hacking • Game Hacking with Kartograph • Preventing Passive Map Hack • Case Study Starcraft II • Defending against Map Hacking • OpenConflict • Discussion and Conclusion

  47. Preventing Active Attacks • Detecting active attacks after the game • Every client logs network traffic/actions and then sends to other players periodically • Upload to a central server to verify • Random number generator? • Commit a seed for a pseudorandom generator at the beginning of the game • A central server to verify

  48. Conclusion • Map hacking and a defense system for RTS games • Kartograph and OpenConflict • Security in online games is a fruitful area of research!

More Related