Connection encryption

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Bax, Lapo, rjgtav

Connection encryption

Postby Lapo » 24 Jun 2010, 20:28

Hello,
we have recevied a couple of questions about encryption (using TLS/SSL or similar) using SFS2X. Since this seems to be a "hot topic" we would like to discuss the details here and gather some feedback and suggestions.

SmartFoxServer 2X uses a highly efficient binary protocol which is already designed and ready to support encryption, so we think to support it eventually, although maybe not in the first releases.
However in the course of the last years we have done lots of research and built several encryption prototypes and have found that, in actuality, encryption uses quite a bit of resources and doesn't seem to add remarkable security improvements.

Even a super secure and super encrypted connection can be prone to cheating and misuse if the server side code doesn't sanitize input correctly or if it doesn't apply strong validation. More in general the whole system (server, framework, api, custom server side code) must be all inherently secure to guarantee a certain amount of real safety. In this list of priorities we don't feel that the connection encryption stands in the first positions in terms of importance.

Let's start from some basic things: multiplayer game users are connected via a persistent socket. The possibility that someone spies on the game connection and hijacks it to inject bad data and make the User loose is highly unlikely. If someone did that to me it would mean that my whole system is compromised and remotely controllable. Not only this is difficult to perform but can't be done "en masse", plus the idea that the system is in the hand of someone else would have ramifications that would go far beyond the multiplayer cheating.

Don't get me wrong we're still interested in implementing the feature but after a long analysis we have decided to move it to a lower priority.

Ok, someone would say "And the competition?" Sure maybe the competition is boasting about some "encryption superpowers" but I would really like to understand what it really boils down to. In our research we have found very few ideas. Most of the stuff we've seen is just marketing hype.

Finally also please consider that the idea of running multiplayer apps and games over a full SSL session is unreal because the protocol is quite heavy and much slower, plus many of the server updates (room counts, users coming/going, room join...) don't contain any sensible data, so there would be significant resource waste.

I have many more doubts as regards the real efficacy of SSL-like encryption for game servers but I'll stop here and wait for your feedback.

The real purpose of this this is to hear the reasons why you think it would make a difference and in which scenario(s) you would use it.

Thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Zanpher » 24 Jun 2010, 21:21

Federal Contracts and some State Contracts require SSL for any communications between two end points. SSL is also required any kind of monetary transaction :)

Besides the above ... :)

I understand that SSL is still suspectible MitM attacks but besides that, secure (as in nobody can ease drop easily) text, audio and video communications would be one.

I wasnt thinking about game applications, more of the above :)

From what I understand, if the url in which the flex application is hosted in is HTTPS, then any communications it has outside is https?

I know that AIR 2.0 comes with the securesocket class just for SSL. And if the Flex does SSL via https addy, then this leaves the server side.

Besides Flex, and Java in which i use on my day job. I use C#, PB, and Java at home. At least with Java, I use a library called Socket Tools for my SSL communications. The license is quiet cheap too ....

Might be possible to integrate with that ... I only do so because the library is used by me across different languages. But from what I understand, from Java 1.6, SSL libraries are in the SDK.

(edit): to summerize:

The Federal and State governments have bought into the hype of SSL being considered secure. As thus, their contracts require SSL for any communication of sensitive data.

In order to be considered to provide services, my company would have to adhere to the requirements. In these cases, I was not thinking about gaming but more of the non-gaming area.

For instance, providing a communication log and opening the application outside of the intranet. This would allow people to access said application from their home computers if they were working from home.

In some cases, we would use SVPN access, but in other cases, that is over kill :)
Zanpher
 
Posts: 93
Joined: 05 Oct 2009, 23:15

Postby NateDog » 24 Jun 2010, 22:54

I can't imagine anyone is going to use SSL for a game with SFS. As you say, any multiplayer game is going to have to rely on it's own system to validate all client requests. The weight of ssl just wouldn't be worth it for a game.
NateDog
 
Posts: 52
Joined: 26 Jun 2006, 13:25

Postby Zanpher » 25 Jun 2010, 01:19

Aah, for game wise, the only reason i can think of is anti-theft of protocol. Some companies are fiercely protective of their user's information and don't want any illegal clients connecting to their servers.
Zanpher
 
Posts: 93
Joined: 05 Oct 2009, 23:15

Postby Lapo » 25 Jun 2010, 05:54

Federal Contracts and some State Contracts require SSL for any communications between two end points. SSL is also required any kind of monetary transaction

It's unlikely that you will run money transactions under SmartFoxServer itself. The transaction will be run between the SFS server, where your game code resides, and the payment provider (e.g. PayPal)
Of course this transaction will be fully SSL protected and the system will be perfectly secure.

From what I understand, if the url in which the flex application is hosted in is HTTPS, then any communications it has outside is https?

Well this is true for HTTP traffic, but SmartFox doesn't use HTTP.

Also, as you said, the "man in the middle" attack requires that you use SSL certificates from an Certification Authority which makes things even more complicated, at least for the gaming part... it's obviously necessary for the payments.

It seems to me that we are agreeing on the same point. TLS/SSL with certification is the only way to protect payment transactions. SmartFoxServer does not handle these transactions directly, it acts as a client towards a payment server using a secure HTTPS connection.

Any thoughts?

Oh... btw, all logins in SFS2X use a secure authentication mechanism, so no one can spy your password.
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Gnoll » 25 Jun 2010, 09:25

My only concern is the ease of packet editing these days, even a basic encryption knocks out a lot of 'script-kiddies'.

I suppose we can encrypt the data before passing it to SFS if no encryption support is available, but it would be a handy feature so we don't need to hack around it.
Gnoll
 
Posts: 128
Joined: 10 Mar 2009, 10:14

Postby Initsil » 25 Jun 2010, 11:22

If this feature was even implemented, it would waste a lot of resources like Lapo mentioned. Each game or something designed with SmartFox runs threw packets, if the developer of the application can choose what packets to be encrypted it would be stop quite a bit of people from cheating using simple packet editors.
Initsil
 
Posts: 18
Joined: 28 Jul 2009, 02:29

Postby Lapo » 25 Jun 2010, 14:10

My only concern is the ease of packet editing these days, even a basic encryption knocks out a lot of 'script-kiddies'.

For starters the protocol is fully binary and compressed, unless you reverse engineer and study the API code for a week or two you won't be able to understand squat :)

Second thing, this is only valid for the user himself.
In other words... I am a script kiddie, I reverse engineer the API, study the protocol, build a tool for decompressing the data from the socket, edit it and re-compress it ... phew :D
At that point I have gained the ability to send customized data to the server.

Good... but if the game developer is not a fool and his Server Extension does all the necessary checks and sanitization of the input, so no harm is done to the game and other players.

See what I mean? The script kiddie has spent days of his time for nothing and in the end what really counts is not how readable the protocol is.
Plus in the case of SFS2X the protocol is definitely unreadable :D
Last edited by Lapo on 25 Jun 2010, 14:43, edited 1 time in total.
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Lapo » 25 Jun 2010, 14:33

Initsil:
if the developer of the application can choose what packets to be encrypted it would be stop quite a bit of people from cheating using simple packet editors.

Exactly. This is the idea: selective encryption only when needed.

However we're still not convinced that this can really add an extra layer of protection. Again the security strength of the system is at the Extension level.

Suppose I can send a "broken" value to a Game Extension that allows me to gain points in an "illegal" way. In other words the server extension has a weakness/bug that the developers haven't discovered yet which allow me to cheat.

The game protocol is not encrypted so with a bit of sweating and late nights I am able to figure out where's the data that I need to hack in order to cheat.

Apparently an encryption system would have delayed if not completely avoided the issue, but actually there are more ways around this. I could simply use a memory editor, change the value that is going to be transmitted in an encrypted form and be able to cheat even behind an encrypted connection.

Also I think it would be probably easier, in general, to mess with the data in memory than with the protocol at the network level.

Thanks for the feedback so far. Keep it coming :)
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Zanpher » 25 Jun 2010, 14:44

Ok, I was just wondering if it was on track or gonna mix x2 :) I mean, it would be just another feature to get more users (contractors :)), entirely optional?
Zanpher
 
Posts: 93
Joined: 05 Oct 2009, 23:15

Postby Lapo » 25 Jun 2010, 14:51

Hmmm... didn't get it, sorry :)
You are asking if we're going to include encryption or not in SFS2X?
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Zanpher » 25 Jun 2010, 23:12

Nono, in the SSL thread before, you mentioned that SSL will be in the next major version, which happens to be X2. I was asking if you were still going to do that or drop it all together.

Anyway, I would assume it would be a feature that can be enabled or disabled if you are still following through ;)
Zanpher
 
Posts: 93
Joined: 05 Oct 2009, 23:15

Postby Lapo » 26 Jun 2010, 05:48

As I said in the introduction after some analysis we have found that the real benefits of this feature are arguable, therefore we thought that this is not a high priority. BUt there's no intention to drop the idea.

Additionally we wanted to confirm or disconfirm our hypothesis by starting a discussion in the forums and hearing comments, use cases etc...
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby rav » 21 Dec 2010, 07:31

Lapo, is there any news about SSL implementation in SFS2X?
rav
 
Posts: 82
Joined: 06 Dec 2010, 13:14

Postby Lapo » 21 Dec 2010, 13:52

Sorry, no updates on this front. We already built a prototype during our research a while ago and I don't see particular problems including the feature.
At the moment there are other priorities so I am not able to predict when it will be added.

Also I am conducting a personal research on this so I have to ask:
what is your specific use case?
Lapo
--
gotoAndPlay()
...addicted to flash games
User avatar
Lapo
Site Admin
 
Posts: 15680
Joined: 21 Mar 2005, 09:50
Location: Italy

Next

Return to SFS2X Questions

Who is online

Users browsing this forum: No registered users and 2 guests