[gameprogrammer] Re: Scoreboard functionality across internet

lol i love that idea that they would have to have the game run for
months to be able to get the 78 trillion points

On 11/28/06, Bob Pendleton <bob@xxxxxxxxxxxxx> wrote:

On Tue, 2006-11-28 at 13:03 -0800, Alan Wolfe wrote:
> Thats a neat idea
>
> I could see a one time pad being used too for the sequence numbers, or
> maybe one of those chaotic functions that are sensitive to initial
> conditions and just keep pumping the current sequence number through
> the equation to get the next sequence number.
>
> I wonder what a reasonable level of security is.

That is the key question and I can't really address it. But I do see two
different ways to approach the problem. How do you prevent cheating and
how do you detect cheating?

You prevent cheating by making it hard to cheat. Many people will cheat
if all they have to do is record some packets and play them back. Very
few people will cheat if they have to write custom code to do it. But,
some will cheat no matter what you do. So, you need a way to detect
cheating as well as prevent it. One way to do that is to profile
players. No one jumps on a new game and scores 78 trillion points in the
first day. The other thing is that if you put a time stamp in the score
messages you can keep track of the average time between scoring points
and compare what the message says with the actual arrival times of the
messages. That way to fake the messages you have to fake the expected
distribution of scoring times. That is something the cheater can not
know and does not know about. If they do figure it out it still forces
cheat programs to run at the same rate as normal play. So, to score 78
trillion points you have to run the program for months. Any game that
runs for more than a few days is clearly not being played by one human
being.

This is fun.

       Bob Pendleton


>
> IE is it likely someone will take the time to break a game if it uses
> a sequence number on each packet that starts at 0?

>
> if so, what about the server telling the client the first sequence
> number, does that make it statistically more safe or is it still
> pretty likely to be cracked?
>
> If it's likely to be cracked does a "chaotic function" which generates
> new sequence numbers add on enough complexity to make it that much
> more safe?
>
> and encryption etc...
>
> it seems like you can pretty much go forever with security but how
> secure is secure enough?
>
>
> On 11/28/06, Bob Pendleton <bob@xxxxxxxxxxxxx> wrote:
> > On Wed, 2006-11-22 at 00:29 -0800, Alan Wolfe wrote:
> > > that is a really neat technique.
> > >
> > > that sure makes it computationally expensive to fake the high score
> >
> > How about this. Every time the player scores a message is sent to the
> > server. The game keeps a sequence number that is incremented for each
> > message and sent along with the score information. The start of the
> > sequence number can be retrieved from the server at the start of each
> > game or it can be stored in the low order bits of an image file so it is
> > hard to find on the disk and is maintained and updated each time the
> > game is run. The server keeps track of the sequence number. The score
> > messages are encrypted based on the sequence number. The idea is to make
> > the sequence number very hard to fake. Plus, the server can not even
> > read messages with bad sequence numbers.
> >
> >                Bob Pendleton
> >
> > >
> > > On 11/21/06, Dave Slutzkin <daveslutzkin@xxxxxxxxxxx> wrote:
> > > > On Tue, 21 Nov 2006 18:29:55 -0800, "Alan Wolfe" <alan.wolfe@xxxxxxxxx>
> > > > said:
> > > > > Hey you guys,
> > > > >
> > > > > I'm thinking of trying to implement a global scoreboard for a game.
> > > > >
> > > > > The game itself is a standard desktop game where you have the exe and
> > > > > files needed on your computer (ie its not a web based game or flash or
> > > > > anything) and the scoreboard i want to reside on a web page.
> > > > >
> > > > > Doing the web and database thing isn't a problem but I was wondering,
> > > > > are there any techniques to make this process secure?
> > > >
> > > > You could send the server the entire run of the game - the start state
> > > > and every piece of input in between it and the end state.  The server
> > > > could then run through the game itself and generate the score that way.
> > > > This sounds like a lot of data but if stored efficiently and then
> > > > compressed it might be all right, depending on the application.
> > > >
> > > > It'd still be possible to hack this but much harder, cause each bit of
> > > > input affects the state after it and so changing one may actually
> > > > invalidate later pieces of input - at which point the server could throw
> > > > the log away.
> > > >
> > > > Dave.
> > > > --
> > > >  Dave Slutzkin
> > > >  Melbourne, Australia
> > > >  daveslutzkin@xxxxxxxxxxx
> > > >
> > > >
> > > > ---------------------
> > > > To unsubscribe go to http://gameprogrammer.com/mailinglist.html
> > > >
> > > >
> > > >
> > >
> > > ---------------------
> > > To unsubscribe go to http://gameprogrammer.com/mailinglist.html
> > >
> > >
> > >
> > --
> > +--------------------------------------+
> > + Bob Pendleton: writer and programmer +
> > + email: Bob@xxxxxxxxxxxxx             +
> > + web: www.GameProgrammer.com          +
> > + www.Wise2Food.com                    +
> > + nutrient info on 7,000+ common foods +
> > +--------------------------------------+
> >
> >
> >
> > ---------------------
> > To unsubscribe go to http://gameprogrammer.com/mailinglist.html
> >
> >
> >
>
> ---------------------
> To unsubscribe go to http://gameprogrammer.com/mailinglist.html
>
>
>
--
+--------------------------------------+
+ Bob Pendleton: writer and programmer +
+ email: Bob@xxxxxxxxxxxxx             +
+ web: www.GameProgrammer.com          +
+ www.Wise2Food.com                    +
+ nutrient info on 7,000+ common foods +
+--------------------------------------+



---------------------
To unsubscribe go to http://gameprogrammer.com/mailinglist.html





---------------------
To unsubscribe go to http://gameprogrammer.com/mailinglist.html

Other related posts: