[MUD-Dev] Trusting the client, encrypting data
amanda at alfar.com
Thu Dec 18 00:54:58 New Zealand Daylight Time 2003
On Dec 17, 2003, at 2:30 PM, Alex Chacha wrote:
> Since the environment of the client program can be considered
> hostile, the only way to have a completely secure system against
> an attacker is to run the client code inside a secure co-processor
> with FIPS 140-1 level 4 certification (like IBM 4758:
> or similar) where the hardware is completely secure and any
> attempt at tampering will cause it to self destruct and destroy
> its private key along with the rest of the code.
OK, I just snorted coffee through my nose at the idea of a game that
requires a 4758. Those things are not cheap.
Sheer amusement aside, though, this doesn't matter.
(digs out communications security professional hat and puts it on
-- I'm an amateur MUD designer, but now we're getting into areas
where I do this for a living)
The problem is not the cryptosystem. You can use any cryptosystem
you want, implemented on a FIPS 140 approved hardware cryptographic
module, whatever. It won't matter.
The problem is the PC (which MS understands, hence the TCPA
program). The problem on a consumer PC (and probably soon the Xbox)
is that the traffic and the client's state are accessible on the red
(unencrypted) side. SoftICE on a Windows box can look at anything,
interpose code anywhere, and generally make mincemeat out of the
code that is talking to the crypto engine. A hacker doesn't have to
break the cipher algorithm--in fact, he/she probably wants to use it
Many 3rd party game hacks work by directly reading and writing
memory locations in the client process. They don't even bother
trying to reverse engineer the network traffic (ShowEQ being a major
exception). For example, Asheron's Call had an entire programming
framework written around this technique (called "Decal").
MUD-Dev mailing list
MUD-Dev at kanga.nu
More information about the MUD-Dev