On the limits of engine analysis for cheating detection in chess

The integrity of online games has important economic consequences for both the gaming industry and players of all levels, from professionals to amateurs. Where there is a high likelihood of cheating, there is a loss of trust and players will be reluctant to participate — particularly if this is likely to cost them money. Chess is a game that has been established online for around 25 years and is played over the Internet commercially. In that environment, where players are not physically present “over the board” (OTB), chess is one of the most easily exploitable games by those who wish to cheat, because of the widespread availability of very strong chess-playing programs. Allegations of cheating even in OTB games have increased significantly in recent years, and even led to recent changes in the laws of the game that potentially impinge upon players’ privacy. In this work, we examine some of the difficulties inherent in identifying the covert use of chess-playing programs purely from an analysis of the moves of a game. Our approach is to deeply examine a large collection of games where there is confidence that cheating has not taken place, and analyse those that could be easily misclassified. We conclude that there is a serious risk of finding numerous “false positives” and that, in general, it is unsafe to use just the moves of a single game as prima facie evidence of cheating. We also demonstrate that it is impossible to compute definitive values of the figures currently employed to measure similarity to a chess-engine for a particular game, as values inevitably vary at different depths and, even under identical conditions, when multi-threading evaluation is used

Round length optimisation for P2P network gaming

The Referee Anti-Cheat Scheme (RACS) increases the scalability of Client/Server (C/S) games by allowing clients to exchange updates directly. Further, RACS maintains the security of C/S as the trusted referee (running on the server) is the game authority, simulating all client updates to validate the simulation. In RACS time is divided into rounds, and every player generates one update per round. The round length d is bounded by dmax which is specified by the game developer. The referee may reduce d to increase game responsiveness for players. Existing approaches to adjust d require purely distributed algorithms as they do not have a trusted central authority. These algorithms are slow and use considerable bandwidth. In this paper we propose a delay model for RACS, and two centralised algorithms to calculate d for maximum responsiveness - an optimal brute force approach and an efficient voting algorithm. We use simulation to show that the voting algorithm produces nearly optimal results, and analytical analysis to show that its processing requirements are far lower than the brute force approach

Enhanced mirrored servers for network games

The Mirrored Server (MS) architecture uses multiple mirrored servers across multiple locations to alleviate the bandwidth bottleneck in the Client/Server (C/S) architecture. Each mirror receives and multicasts player updates to the others, simulates the game, and disseminates the new game state to players. However, keeping the game state consistent between mirrors in the presence of network delay, and maintaining game responsiveness requires each server in MS to simulate the game multiple times for each game update, and additional times in the event of costly rollbacks. In this paper we propose the Enhanced Mirrored Server (EMS) architecture. Like in the Peer-to-Peer architecture, EMS allows peers to exchange updates directly, resulting in a higher tolerance to delay at the mirrors. We propose using bucket synchronization in the mirrors so that each server in EMS simulates the game only once for each update and does not require rollbacks. The server disseminates updates to clients only in the event of inconsistency, and thus its outgoing bandwidth is lower than in MS. Our EMS uses cryptographic techniques to provide security equivalent to C/S, and prevents the timestamp cheat possible in MS. Our analytical analysis and simulations show the advantages of EMS over MS

Cheating in networked computer games: a review

The increasing popularity of Massively Multiplayer Online Games (MMOG) - games involving thousands of players participating simultaneously in a single virtual world - has highlighted the scalability bottlenecks present in centralised Client/Server (C/S) architectures. Researchers are proposing Peer-to-Peer (P2P) architectures as a scalable alternative to C/S; however, P2P is more vulnerable to cheating as it decentralises the game state and logic to un-trusted peer machines, rather than using trusted centralised servers. Cheating is a major concern for online games, as a minority of cheaters can potentially ruin the game for all players. In this paper we present a review and classification of known cheats, and provide real-world examples where possible. Further, we discuss counter measures used by C/S architectures to prevent cheating. Finally, we discuss several P2P architectures designed to prevent cheating, highlighting their strengths and weaknesses

A survey on network game cheats and P2P solutions

The increasing popularity of Massively Multiplayer Online Games (MMOG) - games involving thousands of players participating simultaneously in a single virtual world - has highlighted the scalability bottlenecks present in centralised Client/Server (C/S) architectures. Researchers are proposing Peer-to-Peer (P2P) game technologies as a scalable alternative to C/S; however, P2P is more vulnerable to cheating as it decentralises the game state and logic to un-trusted peer machines, rather than using trusted centralised servers. Cheating is a major concern for online games, as a minority of cheaters can potentially ruin the game for all players. In this paper we present a review and classification of known cheats, and provide real-world examples where possible. Further, we discuss counter measures used by C/S game technologies to prevent cheating. Finally, we discuss several P2P architectures designed to prevent cheating, highlighting their strengths and weaknesses

Playing Safe in Online Games: Determinants of Player Acceptance of Account Security Technology

Online security is a major problem for networked games worldwide. Specifically, account hijacking is on the rise. To fight against the security issue, game vendors are offering specific security services, such as account protection technology. The purpose of this paper is to validate an augmented Technology Acceptance Model (TAM) for the online gaming context. This research aims to investigate how players are influenced by perceived enjoyment and perceived security jointly with the traditional TAM instrument. It is hoped to explain online gamers’ behaviour toward newly emerging account security technology. The paper proposes a research model that describes the causal relationships between perceive usefulness, perceived enjoyment, perceived ease of use, perceived security, and the usage intentions for account protection technology in the most popular online game World of Warcraft. After the measurement assessment, the hypothesised model is statistically tested. The findings suggest that perceived enjoyment and perceived security jointly with two traditional TAM constructs have a positive influence on intention to use. While perceived ease of use positively affects perceived usefulness and perceived enjoyment, perceived security does not seem to affect both of them. This study contributes to the ongoing literature by formulating and validating a proposed research model to explore determinants of player adoption of security technology in the virtual gaming environment. It also provides useful information for both academia and industry

Referee-based architectures for massively multiplayer online games

Network computer games are played amongst players on different hosts across the Internet. Massively Multiplayer Online Games (MMOG) are network games in which thousands of players participate simultaneously in each instance of the virtual world. Current commercial MMOG use a Client/Server (C/S) architecture in which the server simulates and validates the game, and notifies players about the current game state. While C/S is very popular, it has several limitations: (i) C/S has poor scalability as the server is a bandwidth and processing bottleneck; (ii) all updates must be routed through the server, reducing responsiveness; (iii) players with lower client-to-server delay than their opponents have an unfair advantage as they can respond to game events faster; and (iv) the server is a single point of failure.The Mirrored Server (MS) architecture uses multiple mirrored servers connected via a private network. MS achieves better scalability, responsiveness, fairness, and reliability than C/S; however, as updates are still routed through the mirrored servers the problems are not eliminated. P2P network game architectures allow players to exchange updates directly, maximising scalability, responsiveness, and fairness, while removing the single point of failure. However, P2P games are vulnerable to cheating. Several P2P architectures have been proposed to detect and/or prevent game cheating. Nevertheless, they only address a subset of cheating methods. Further, these solutions require costly distributed validation algorithms that increase game delay and bandwidth, and prevent players with high latency from participating.In this thesis we propose a new cheat classification that reflects the levels in which the cheats occur: game, application, protocol, or infrastructure. We also propose three network game architectures: the Referee Anti-Cheat Scheme (RACS), the Mirrored Referee Anti-Cheat Scheme (MRACS), and the Distributed Referee Anti-Cheat Scheme (DRACS); which maximise game scalability, responsiveness, and fairness, while maintaining cheat detection/prevention equal to that in C/S. Each proposed architecture utilises one or more trusted referees to validate the game simulation - similar to the server in C/S - while allowing players to exchange updates directly - similar to peers in P2P.RACS is a hybrid C/S and P2P architecture that improves C/S by using a referee in the server. RACS allows honest players to exchange updates directly between each other, with a copy sent to the referee for validation. By allowing P2P communication RACS has better responsiveness and fairness than C/S. Further, as the referee is not required to forward updates it has better bandwidth and processing scalability. The RACS protocol could be applied to any existing C/S game. Compared to P2P protocols RACS has lower delay, and allows players with high delay to participate. Like in many P2P architectures, RACS divides time into rounds. We have proposed two efficient solutions to find the optimal round length such that the total system delay is minimised.MRACS combines the RACS and MS architectures. A referee is used at each mirror to validate player updates, while allowing players to exchange updates directly. By using multiple mirrored referees the bandwidth required by each referee, and the player-to mirror delays, are reduced; improving the scalability, responsiveness and fairness of RACS, while removing its single point of failure. Direct communication MRACS improves MS in terms of its responsiveness, fairness, and scalability. To maximise responsiveness, we have defined and solved the Client-to-Mirror Assignment (CMA) problem to assign clients to mirrors such that the total delay is minimised, and no mirror is overloaded. We have proposed two sets of efficient solutions: the optimal J-SA/L-SA and the faster heuristic J-Greedy/L-Greedy to solve CMA.DRACS uses referees distributed to player hosts to minimise the publisher / developer infrastructure, and maximise responsiveness and/or fairness. To prevent colluding players cheating DRACS requires every update to be validated by multiple unaffiliated referees, providing cheat detection / prevention equal to that in C/S. We have formally defined the Referee Selection Problem (RSP) to select a set of referees from the untrusted peers such that responsiveness and/or fairness are maximised, while ensuring the probability of the majority of referees colluding is below a pre-defined threshold. We have proposed two efficient algorithms, SRS-1 and SRS-2, to solve the problem.We have evaluated the performances of RACS, MRACS, and DRACS analytically and using simulations. We have shown analytically that RACS, MRACS and DRACS have cheat detection/prevention equivalent to that in C/S. Our analysis shows that RACS has better scalability and responsiveness than C/S; and that MRACS has better scalability and responsiveness than C/S, RACS, and MS. As there is currently no publicly available traces from MMOG we have constructed artificial and realistic inputs. We have used these inputs on all simulations in this thesis to show the benefits of our proposed architectures and algorithms

Cyber security threats and challenges in collaborative mixed-reality

Collaborative Mixed-Reality (CMR) applications are gaining interest in a wide range of areas including games, social interaction, design and health-care. To date, the vast majority of published work has focused on display technology advancements, software, collaboration architectures and applications. However, the potential security concerns that affect collaborative platforms have received limited research attention. In this position paper, we investigate the challenges posed by cyber-security threats to CMR systems. We focus on how typical network architectures facilitating CMR and how their vulnerabilities can be exploited by attackers, and discuss the degree of potential social, monetary impacts, psychological and other harms that may result from such exploits. The main purpose of this paper is to provoke a discussion on CMR security concerns. We highlight insights from a cyber-security threat modelling perspective and also propose potential directions for research and development toward better mitigation strategies. We present a simple, systematic approach to understanding a CMR attack surface through an abstraction-based reasoning framework to identify potential attack vectors. Using this framework, security analysts, engineers, designers and users alike (stakeholders) can identify potential Indicators of Exposures (IoE) and Indicators of Compromise (IoC). Our framework allows stakeholders to reduce their CMR attack surface as well understand how Intrusion Detection System (IDS) approaches can be adopted for CMR systems. To demonstrate the validity to our framework, we illustrate several CMR attack surfaces through a set of use-cases. Finally, we also present a discussion on future directions this line of research should take

Batota e segurança em jogos online: Recolha e análise de comunicações do counter-strike: Global offensive

Tem havido crescimento em jogos online competitivos com recompensas monetárias, onde a segurança pode ser comprometida para se obter vantagens injustas. Assim, há necessidade de compreender melhor as vulnerabilidades de jogos e consequentes falhas de segurança, que levam a batota. Uma taxonomia simplificada de métodos de batota, baseada em tentativas passadas de outros autores, é fornecida. Para encontrar possíveis falhas de segurança, as comunicações em rede do Counter- Strike: Global O ensive, tanto em ambiente de laborat orio como real, foram capturadas e analisadas. Os dados obtidos, que incluíram uma falha nas comunicações do CSGO, foram reportados. Foram propostos possíveis mecanismos de segurança para proteger a integridade do jogo, baseados na informação derivada da captura de comunicações