Transcript Security
Security Defending Intellectual Property Agenda Hacker Anatomy Risks Categories of Security Tools Anatomy of a Hacker Motives Challenge / Fame Disgruntled Gamer Cost / experience Profit Skill Novice Knows how to copy a disk or get hacks off the net Geek Knows how to get at bits Knows how to use/write hacking tools Professional Has $$$ == hardware, software & Geeks Security Risks Logical Theft of Art Assets Disk Copying Online game economy. User experience Server Attacks Make copy and pass around for free/pay, return original to store. Cheating Make own game or modifications to your game Use for other purposes (web) Bring down servers Essentially make servers unavailable. Billing/Identity theft $$$ == Legal Liability User experience Security Risks Physical CD Copy Protection Schemes Executable Encrypted Heap moving Strip symbols Don’t expose entry points in DLL’s. Periodic memory checksums Check for hacker tools (running debuggers, shims, …) Art Exists somewhere unencrypted in memory. Slow Patch unfriendly Encrypt parameters sent to your DLL’s. Convolution of runtime Slow Broken in weeks (i.e., unreliable against Pro) Expensive (req. special mastering) Encrypt or convolute into special format. Combine all into one file. (performance issues both good and bad) Net Traffic Encrypt Checksum Validity check all variables Authentication CPU Hit, adds latency and Bandwidth (i.e., increases packet size) Categories of Security Copy Protection Cryptography Network Intrusion Copy Protection Securing Intellectual Property CDROM copy protection CD Keys Warez Aware Makes casual user search for keygen cracks Avoid easy exclusion of large data files. Require hex hack to .exe and .dlls Add Many Aversions (i.e. Convolutions) Watermark Assets Cryptography Goals / Services Privacy Message Integrity Keep others from seeing your data Keep others from changing you data unbeknownst to you Authentication Verify Identity Cryptography Algorithms Secret Key Both encrypt & decrypt with same key Requires initial secure key exchange Public Key Trap door a.k.a. one-way function Manual (in person, or through some other media) Hardware (key FOB) Other Secure Transmission Can’t decrypt without other key Related to Prime Factorization Encrypt with destinations public key Destination decrypts with private key Message Digest Keyless hash using one-way function to produce checksum Cryptography Message Digest MD<n> (e.g. The popular MD5) 128 bit SHA (Secure Hash Algorithm) 160 bit Fast Not really security (tamper proofing) Fancy Checksum Public Key Encryption (Asymmetric - Key Pairs) RSA (Rivest, Shamir & Adelman) Much slower than secret key algorithm Fast encrypt, Slow decrypt To slow for real-time game messages Use when you need the best security Used by PGP (Pretty Good Privacy) Exchange Secret Session keys via Public Key Encryption Public key distribution via. x.509 digital certs Trusted 3rd party verifies you are who you say Secret Key Encryption (Symmetric - Same Key) AES (Advanced Encryption Standard) 128, 192, 256 bit keys DES (Data Encryption Standard) 56 bit keys Considered current best Secret Key algorithm Endorsed by U.S. Gov (November 2002) Algorithm name “Rijndael” Developed by IBM Endorsed by U.S. Gov (expired with intro of AES) Most widely used encryption Used by Kerberos Created to run on special hardware Blowfish – variable up to 448 bit keys Faster than DES (created to run on PCs) Faster than public key algorithms Requires exhaustive key-space search to hack Increasing CPU speed has put this algorithm on the edge of compromise Secret Key Encryption Standard Modes Block Ciphers ECB (Electronic Cookbook) CBC (Cipher Block Chaining) Single Block, no feedback (Good for Datagrams) Integrates prior message Stream Ciphers CFB (Cipher Feedback) OFB (Output Feedback Mode) Cryptography Not For Export ITAR – US International Traffic and Arms Regulations Limits exportability of military munitions. Export a program using encryption, get busted for arms smuggling Can’t make cryptography too strong. Based on Key bit size and algorithm. Each country has their own regulations in regards to crypto strength. Network Intrusion Firewalls Pass on or drop packets. 3 Techniques Packet Filtering Concerned with packet headers Port Filtering Stateful protocol inspection Circuit Gateways Sets up a secure session. Doesn’t car about contents. SSL, Socks5, VPN, Tunneling Application Proxies Concerned with packet data Antivirus run on FTP or SMTP Network Intrusion Brute Force Internet Attacks Denial Of Service (a.k.a. DOS Attacks) Saturate bandwidth Consume Server CPU time Blow out router Address Cache (basically CPU bind the router for a period of time) IP Spoofing MAC Address Slightly more difficult (act as a bridge with 2 NICs) IP Address Reverse Tunneling, DNS Rebinding Tools Satan Server Audit logs Detect vulnerabilities After the fact Debuggers (Soft Ice and similar) Dissemblers DLL Shims O/S Emulators Hardware Sniffers Memory Tools: Difference engines In Game File & RAM crc checkers Heap Hopper Remove debug symbols on release build Code Obfuscator (Important for .NET) Data Bluffing Rigorous Packet Validation Action Validation Clock Validation Game Tools Punkbuster Scans for known: Cheat programs Cheating API’s File and memory check sums Player voting Hardware banning Exe Encryption References Books Internet Security – Professional Reference Applied Cryptography – Bruce Schneier Wide range of general security protocols General introduction to all cryptography Security Organizations CERT, FIRST, 8LGM, IACR, RSA, NSA, Microsoft, IBM… Reference Links General Security www.microsoft.com/security www.ibm.com/security Encryption www.rsasecurity.com/rsalabs/faq www.cryptopp.com (blowfish, DES, MD5 lib) www.counterpane.com/blowfish.html