Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments

In the computer gaming industry, large-scale simulations of realistic physical environments over the Internet have attained increasing importance. Networked virtual environments (NVEs) are typically based on a client-server architecture where part of the simulation workload is delegated to the clients. This architecture renders the simulation vulnerable to attacks against the semantic integrity of the simulation: malicious clients may attempt to compromise the physical and logical rules governing the simulation, or to alter the causality of events. This paper initiates the systematic study of semantic integrity in NVEs from a security point of view. We present a new provably secure semantic integrity protocol which enables the server system to audit the local computations of the clients on demand.

[1]  Bruce Schneier,et al.  Remote auditing of software outputs using a trusted coprocessor , 1997, Future Gener. Comput. Syst..

[2]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[3]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[4]  Muthucumaru Maheswaran,et al.  A fair synchronization protocol with cheat proofing for decentralized online multiplayer games , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[5]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[6]  Andrew Rosenbloom,et al.  Introduction , 2003, CACM.

[7]  Stephen Boyd Davis Why Cheating Matters: Cheating, Game Security, and the Future of Global On-line Gaming Business , 2001 .

[8]  Mark Lentczner,et al.  Second Life , 2007, USENIX Annual Technical Conference.

[9]  Michael Zyda,et al.  Networked virtual environments - desgin and implementation , 1999 .

[10]  Sandeep Kishan Singhal,et al.  Effective remote modeling in large-scale distributed simulation and visualization environments , 1996 .

[11]  Christian Schallhart,et al.  Transaction Processing for Clustered Virtual Environments , 2003 .

[12]  Jeff Yan,et al.  Security design in online games , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[13]  Brian Neil Levine,et al.  Cheat-proof playout for centralized and distributed online games , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Rory Stuart,et al.  Design of Virtual Environments , 2001 .

[15]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[16]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[17]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[18]  Chris Joslin,et al.  Collaborative virtual environments: from birth to standardization , 2004, IEEE Communications Magazine.

[19]  Robert E. Strom,et al.  Optimistic recovery in distributed systems , 1985, TOCS.

[20]  Hyun-Jin Choi,et al.  Security issues in online games , 2002, Electron. Libr..

[21]  Pieter H. Hartel,et al.  Secure Audit Logging with Tamper-Resistant Hardware , 2003, SEC.