Sign in to follow this  
lazyworm

Should MMORPGs use encryption?

Recommended Posts

lazyworm    100
Hello gamedev:

First of all,
do those successful commercial MMORPGs use encryption for game data transmission?

I got an impression that many developers tend to not use encryption, because it can not prevent reverse engineering for cheating and making private server, but doesn't it effectively reduce the number of those?

Encryption also impacts performance, even just a little.

Good encryption does prevent network sniffering and man-in-the-middle, are these important for MMORPGs?

How about protecting chat messages for privacy concern?

How do you think?

PS: I'm talking about game data, not user/password, auth info need to be encrypted for sure.

[Edited by - lazyworm on November 29, 2010 1:59:58 PM]

Share this post


Link to post
Share on other sites
WhiteCrane    154
As far as I know, yes they do use encryption, to minimise the effective use of auto-trainers and impersonation, for example(especially if a man-in-the-middle sends messages that can display text as if it came from another player or game staff). You'll be surprised what some people will do in order to get an in-game item.

Not just hacking the mechanics, but definitely encrypt the messaging system too, because some players will use this as readily as the likes of Windows Live Messenger, which an eavesdropper can easily skim useful information from.

Share this post


Link to post
Share on other sites
Imgelling    222
Quote:
Original post by WhiteCrane

Not just hacking the mechanics, but definitely encrypt the messaging system too,


If you plan on keeping the game in the US, that will work. Otherwise, it is against federal law to send encrypted "plain" text to destinations outside of the US. Which was a problem in the first XNA Game Studio as it would encrypt text. Now there is a flag to mark it as text so it won't encrypt it.


Share this post


Link to post
Share on other sites
stonemetal    288
If you plan on people from outside the US being able to play your game then pass on encryption. I really doubt you want to try to get an export license to ship encryption outside the US. This will be required for any encryption strong enough to make it worth using. Good encryption should prevent man in the middle, and network sniffing. No offense but game data is low value, getting between me and my ISP or between my ISP and the server is a costly proposition, and the costs don't justify the pay off.

It doesn't do anything for prevention of reverse engineering, end user cheating or making private servers. User cheating isn't impacted because they can hook your program before things get encrypted and inject data there then you happily encrypt it. As far as Reverse engineering and private servers go, it may take them a while to figure out which encryption protocol you use but with the ability to control what gets encrypted by the client makes it fairly easy to figure out.

I don't think I would bother with encrypting chat. It is a game, people aren't going to be using it to chat about their bank account details.

Share this post


Link to post
Share on other sites
Quote:
Original post by Imgelling
If you plan on keeping the game in the US, that will work. Otherwise, it is against federal law to send encrypted "plain" text to destinations outside of the US. Which was a problem in the first XNA Game Studio as it would encrypt text. Now there is a flag to mark it as text so it won't encrypt it.
Wait, are you saying that Amazon Inc is breaching federal law if I buy a book from them? Because the messages exchanged in confirming my delivery address and credit card etc. are SSL encrypted.

EDIT: And, thinking about that, so is all traffic when I check my mailbox at googlemail.com.

Share this post


Link to post
Share on other sites
TheBuzzSaw    143
Yeah, I'm not sure about these supposed anti-encryption laws to other nations. Citation? For one thing, how would the government even know that a particular encrypted message is plain text and not technical game data?

Share this post


Link to post
Share on other sites
Katie    2244
It certainly used to be the case that it was illegal to ship "high-grade" encryption software out of the US -- it was considered a munition and restricted. For a long time this meant that web-browsers were limited to 40-bit encryption because Netscape couldn't send the 128 bit version to anyone.

The simple solution was to develop the encryption part outside the US... which is what everyone did.

After 2000, the US de-restricted quite a lot of encryption. Anything open source is legal to export for example. Anything which uses encryption as authentication only (as in digital signing) is exempt from controls.

The remainder is restricted over certain keylengths -- IIRC 128 bit is fine but larger is still restricted.


However, export to a certain few countries (you can probably imagine which ones) is still illegal in case they use the encryption for terrorism.

Share this post


Link to post
Share on other sites
Spodi    642
Using encryption is fine, and something I'd definitely recommend. Though use it with the intention of obfuscation, and don't ever rely on it actually hiding anything. From all standpoints of the development, you should continue to assume your messages sent over the network are 100% readable (as in understandable) by everyone.

Even something simple like a bitwise XOR encryption with a predefined set of rotating keys (or a single, mutating key) would work well enough to prevent the basic packet replaying, which is a pretty common form of basic hacking in multiplayer games. There is a huge step in technical difficultly between replaying packets and deciphering the encryption and sending encrypted packets. You won't stop the dedicated cheaters, but you will be able to stop most of the "script kiddies".

Though there are a few occasions where you actually want to encrypt for the sake of privacy. A common place is user credentials (namely the password). For this, if you want to keep it secure (which you should if its really a "massive" online game), use existing asymmetric key encryption techniques.

The reason you won't want to just set up asymmetric encryption for the whole session is because the encryptions are serving two totally different purposes in this case. The general encryption is intended to be cheap and introduce minimal (or preferably no) inflation, and has the purpose of obfuscating data for everyone. Encrypting private information, such as account credentials, has the purpose of hiding data from everyone eavesdropping - it isn't intended to hide anything from either of the endpoints.

Encryption can also be useful for authentication. For instance, if you have an in-game cash shop that can be purchased from at any time, some jerk might just start sending the "buy from shop" message to the server while pretending to be a different client. If they get lucky, then can make someone buy something by "injecting" that network message. But it will take more than a simple rotating key to protect against this.

Share this post


Link to post
Share on other sites
hplus0603    11347
Cheaters will, generally, have access to the raw memory of your game. They can read/write any quantity in the memory, which means that your game will happily encrypt and send whatever data they tell it to.

Encryption may be useful to prevent man-in-the-middle attacks, assuming key management is done right. The main cause for concern here is wireless access points, where anyone with the right key can read all traffic, pretty much. This leads to exploits like session hi-jacking for Facebook, Twitter, etc (and, if your game is big enough, your game).

The best solution for encryption is SSL. If you absolutely cannot use TCP for your game, you could log in using SSL, which creates a random, 256-bit AES key, which you then use for encrypting your UDP packets, using some nonce schedule to reduce the surface for known-plaintext attacks.

Pop quiz: If you send 25 kilobytes per second, and your memory bandwidth is 25 gigabytes per second, how many percent of available memory bandwidth is used by the encryption stage? You're allowed to use 1,000 for "kilo" and 1,000,000,000 for "giga."

Share this post


Link to post
Share on other sites
frob    44904
We encrypt all game traffic as it crosses the wire. It takes place transparently within the networking libraries, not within game code.

Encryption in the networking libraries is only turned on in final builds, as it is a PITA to debug issues that require monitoring the wire on a hub. It is also increasingly difficult to find a non-switched hub these days. :-)

We do it for legal reasons and publisher requirements, not because we are trying to stop cheaters.

Share this post


Link to post
Share on other sites
Shinkage    595
Quote:
Original post by Imgelling
Quote:
Original post by WhiteCrane

Not just hacking the mechanics, but definitely encrypt the messaging system too,


If you plan on keeping the game in the US, that will work. Otherwise, it is against federal law to send encrypted "plain" text to destinations outside of the US. Which was a problem in the first XNA Game Studio as it would encrypt text. Now there is a flag to mark it as text so it won't encrypt it.


This is only partially true. I speak from the experience of personally developing and selling in foreign countries a piece of software that employs encryption. Sending encrypted text isn't illegal at all--that wouldn't defeat the whole the point of having the technology. What's illegal is exporting software that employs encryption (can't let those commies get a hold of our glorious technology), and it's only illegal if you don't file certain paperwork and get the government's permission first. The paperwork can be a big pain though, let me tell you (and to be fair it's not entirely ensured that you'll get that permission, but it's quite likely if it's just some simple run-of-the-mill encryption).

Share this post


Link to post
Share on other sites
hplus0603    11347
Quote:
We do it for legal reasons and publisher requirements, not because we are trying to stop cheaters.


Note that certain jurisdictions (France? I forget) actually *forbid* encryption of "cleartext" communications. This means that Xbox Live! networking has features where you can mark certain packets as containing "cleartext" so that they won't be encrypted, so that you can sell in France.

Quote:
It is also increasingly difficult to find a non-switched hub these days


You should look up-market instead. Try a managed switch, which will allow you to turn on port snooping/replication on any or all ports.
Or do your network testing over WiFi.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
Note that certain jurisdictions (France? I forget) actually *forbid* encryption of "cleartext" communications.
I think that pretty much no country[1] forbids encrypted communications since when France dropped this in 1999. Which, admittedly, was a totally moronic restriction in the first place, since business transactions (most of which go over the internet these days) are practically impossible without encrypted communication. Unless you own the dedicated wire that the communication goes through, and even then it's not great.
If you're for example a car parts manufacturer, it is already annoying enough if U.R. Gay orders 20,000 injection pumps to be delivered to 123 Fake Road every other week, but if someone is actually able to order parts under a legitimate client's name with a legitimate client's credentials, simply because communications are not safe, you're in some really serious trouble.

Though of course, in many countries, you can probably still get in trouble, whether there's a law or not. Without any doubt, any encrypted abroad communication is automatically logged, deciphered and scanned for keywords (that's what you pay tax for, after all).
And, law or not, I assume you might very well end up in one of those torture camps that don't exist in eastern Europe if you're having regular encrypted communications from the USA to Iran, or Cuba, or Pakistan.


[1]Other than maybe China? Obviously, I wouldn't know, but I could imagine since they're kind of well-known for censoring everything that goes in and out with this "Big Chinese Firewall" or what it's called, they wouldn't like seeing you encrypt your traffic. But even then, I'm not sure about that. This would effectively make business impossible. Or maybe they have some kind of key escrow.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this