Find the answer to your Linux question:
Results 1 to 5 of 5
Dear linux fans! My topic is not strictly related to linux, but I still turn to this forum in hope to get some insight. I know they say in security ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2008
    Posts
    7

    Client-side authentiation


    Dear linux fans!

    My topic is not strictly related to linux, but I still turn to this forum in hope to get some insight.

    I know they say in security contexts "never trust the client". I am in a situation where I think I might have to:

    I am making a game (for Android) and I want people to be able to upload high-scores. How would I go about making sure the high scores cannot be tampered with?

    I though about making the client (my game) do some hashing with a key, but since it's actually ran on the phone I guess it can always be cracked - correct?

    Are there any known methods for attacking such problems? The anti-cheat systems used in larger games seem just a little over-kill...


    Thanks guys!
    Kris

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Using Public / Private Keys to encrypt your data will help you with this

    Hope that helps.
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    Quote Originally Posted by kristianlm View Post
    My topic is not strictly related to linux, but I still turn to this forum in hope to get some insight.

    I know they say in security contexts "never trust the client". I am in a situation where I think I might have to:
    If you trust the client,meaning you trust the person to be noble and honest, there is no problem. Just appeal on their sportsmanship. Make clear that when they cheat, they cheat on themselves.

    If you don't trust the client, well, then you can't trust them. Really, you can't.
    Public key encryption only help you to make sure the client is who he pretends to be.
    But this does not make it impossible to lie. (Maybe it makes it less likely though. Who wants to become known as untrustworthy?)

    You see, this issue is more a problem to be solved on a social level rather than on a technical level.
    Debian GNU/Linux -- You know you want it.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2008
    Posts
    7

    I guess you're right

    Yeah, having though about it, I guess you're right about it being a social problem. The more I think of it, more clearer it becomes that you cannot trust the client - from a technical point of view - ever.

    I though about hashing the executing process and hashing that hash the the high score content. That way you'd have to be running the original client in order for it to work. But of course, if you know what's going on, you could make a new client which does the same (but hashes the original client instead of the running). Whatever ideas I come up with, there's always a way around it.

    RobinVossen:
    Asymmetric keys would certainly help keep track of who submitted which score - but as Gnu-Fan says, they could still submit modified scores.

    I guess I will do something simple, just to make cheating impractical - and just double-check that my high-scores don't have any bugs instead!

    Thanks for the in-sights!
    Kris

  6. #5
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well I know about that issue as I RCE a lot of Code that use Asymmentric code for my job. But its a thing that keeps people away..

    But yea what you can do.. and is mostlikey the best way is make a 'server' for Highscore play Where the client only draws and accepts input.. But that might not be exactly what you want / can afford.

    Or use ways MMORPGs work.. with Memory Matching etc and just making it to 'complex' for skiddies to cheat. And therefor reduce cheaters.. =)

    Hope I still helped you a bit
    New Users, please read this..
    Google first, then ask..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •