[MUD-Dev] Trusting the client, encrypting data

ceo ceo at grexengine.com
Thu Dec 11 10:20:18 New Zealand Daylight Time 2003

Jessica Mulligan wrote:
> At 12:01 PM 11/27/2003 olag at ifi.uio.no (Ola Fosheim Grøstad) wrote

>> However, this can easily be solved by (symmetrically) encrypting
>> data on a cell-by-cell basis using unique keys for each cell. The
>> problem is then reduced to sending the decryption key in a timely
>> fashion.

> I don't think any kind of encryption scheme for client data is
> going to survive for long.

Since one of the standard requirements for any encryption scheme is
that 100% knowledge of the algorithm + process + etc provides 0%
advantage in decrypting it, this shouldn't be an issue. The problem
with the majority of games and encryption is the standard
industry-independent one - encryption is seen as a magic panacea,
rather than a fairly small and fragile tool.

Because of the "client in hands of enemy" cliche, you have to accept
that as soon as a decryption takes place that data is now known,
everywhere, by everyone. You may be able to limit that in practical
terms to "in most places by some people".

AFAICS Ola's method is starting from these assumptions and sensibly
attempting to build a data-disseminating system on top of the
fundamentals of encryption, rather than trying to "secure" a
client-server by "encrypting everything" (the naive approach sadly
adopted by so many people in so many fields, which we've all seen
before no matter how often we explain it's a bad idea ;)).

By the very nature of MOG's old data is exponentially more useless
over time. So long as the encryption of data at time T is completely
independent of the values of the plaintext data at time T - x (where
x is anything greater than 0), then there's no particular reason why
the scheme can't work.

But, of course, there is a long way to go from a "basic scheme that
works" to a "practical system which supports the many features of a
real game"; I've been lurking to see if anyone had any bright ideas
in making the transition (devil's in the detail, etc).

Looking in that direction, IMHO this is very similar to the secure
systems that P2P evangelists have been proposing for games, except
that most of the P2P people's suggestions have fallen down at this
point - they come up with schemes that e.g. rely upon majority
voting (known not to work), which people often then attempt to patch
by adding more and more hysteresis (e.g. building "trust"
networks). All clever stuff, but makes me think of "hack it till it
works" design, which I believe to be very inefficient in this area.

I've had an idea for possibly making Ola's scheme work for any MMOG,
although it's still just an incomplete theory. I've asked our patent
lawyer to do a search on it, because I suspect the security
community has already come up with it and that some big security
company has a patent on it already (hate patents :(). I know there's
a lot of smart people who've been working on security between
untrustworthy clients (e.g. stuff like the cocaine auction etc), and
I imagine a general-purpose scheme for working with a vast number of
untrustable clients in real time would be rather desirable!

> If you do come up with a method that works reliably and stays
> unbroken, you'll be a very rich and sought-after man and American
> women will want to have your babies.

Well. People like Secureplay would probably appreciate such


Adam M
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list