Fighting Piracy & Fraud with Duplicate Detection

Uploaded on

Digital Data is trivial to duplicate. A bit is a bit. This module gives an overview of a cryptographic strategy for detecting duplicates online. It is applicable to games, movies, music, ebooks, …

Digital Data is trivial to duplicate. A bit is a bit. This module gives an overview of a cryptographic strategy for detecting duplicates online. It is applicable to games, movies, music, ebooks, license enforcement, piracy detecting, and digital fingerprints. This is part 5 of my game security course. For the rest of this course, visit You may also want to check out my book "Protecting Games" - see for details.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • http


  • 1. Security eBooks Cryptographic Duplicate Detection For Access Management, Piracy Protection, and More Steven Davis steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 2. Security eBooks Protocols not Players or Computers That’s all you see online steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 3. Security eBooks Traditional Identification & Authentication Methods are very weak for verifying actual identities • Name/Password can be shared & compromised • ID/Key can be shared or compromised • “Digital Fingerprints” can be duplicated steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 4. Security eBooks• Powerful white list of good platforms• Improve association of players with platforms• Identifying problem platforms• Can be a very powerful technique Detecting to fight server piracy / ghost servers Duplicate• Support legitimate Identities sharing and backups steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 5. Security eBooks Core Idea Why not change identities AND keys at every session (or more frequently)? steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 6. Security eBooks Active Identity System - General Flow tic sta • Initialization be to – Done in a variety of ways ve ha – Identity can even be verified retroactively ot • Verify Current Identity/Key Pair sn doe • Update Identity/Key Pair e • Verify Update alu tit yV • Continue Operations en Id • OPTION - use “rolling update” to operate smoothly during identity changes • add an “A” or “B” Flag to messages • Send “rollover” command message steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 7. Security eBooks Server-Push Identity Player posts ID to server ID(x) Server returns Challenge Phrase Challenge(IDx)) Player posts encrypted Challenge Phrase ID(x),E(Key(x),Challenge(IDx)) Server validates Response Server creates updated ID & Key Server sends updated ID & Key encrypted in old key E(Key(x+1),ID(x+1),SessionID) Player decrypts new ID & Key Player sends validation message to Server SessionID,E(Key(x+1),SessionID) • Client gets new ID/Key pair from server • Server knows underlying identity of client • If duplicate made of client info, server can create an “Identity Fork” or take other action • You know a duplicate has been made, not which copy is a duplicate • Can be done with symmetric keys or public (asymmetric) key systems steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 8. Security eBooks Collaborative Identity Generation 1 Player creates new ID(cx+1), Transform of new ID, and Challenge1 Player creates new DH random z and computes b z mod p Player posts Challenge Phrase to server ID(x),E(Key(x),T(ID(cx+1)), b z mod p,Challenge1) Server decrypts Challenge Phrase Server creates new ID(sx+1), Transform of new ID, and Challenge2 Server creates new DH random y and computes b y mod p * Server creates new DH key Key(x+1) = (b z ) y mod p Server posts Challenge Phrase to Client ID(x),E(Key(x),T(ID(sx+1)), b y mod p,Challenge1, Challenge2, H(Key(x+1)) Client decrypts Challenge Phrase and validates Challenge1 • Sample using Diffie-Hellman style key generation • Could easily be adapted to other public key algorithms steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 9. Security eBooks Collaborative Identity Generation 2 (from previous page) Client decrypts Challenge Phrase and validates Challenge1 * Client creates new DH key Key(x+1) = (b z ) y mod p Client validates new DH key with received hash Client sends new ID(cx+1) to Server with hash of new Key and Challenge2 ID(x),E(Key(x),ID(cx+1),H(Key(x+1)),Challenge2) Server validates new ID against previously received Transform and validates Key(x+1) hash * Server computes new ID ID(x+1) = ID(cx+1)+ ID(sx+1) Server sends new ID contribution to Client ID(x),E(Key(x),ID(sx+1) * Client computes new ID ID(x+1) = ID(cx+1)+ ID(sx+1) Client and sever use new ID(x+1), Key(x+1) pair • Active Identity System is really a temporary pairwise identity with a remote entity • Does not need to be client-server, could be peer-to-peer steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 10. Security eBooks Active Identity is Part of an Overall Identity & Access Management Solution To Str en an gth d O en nli Pla ne tfo Se rm • Digital Fingerprints cu i d rity en • User Name/Passwords tity • Security Tokens • IP Address • Platform IDs • Active ID steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 11. Security eBooks Fighting Server Piracy • Client can detect server duplicates as server won’t have current identity/key pair – Can prevent connection to pirate server • Even if real server identity/key database gets compromised, clients will rapidly rekey to new identity/key pairs • Can also be used for traditional computer piracy detection system steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 12. Security eBooks What next? • Don’t give up! • More security presentations at: • Check out my book “Protecting Games” – Additional information at • You can “win” the security game steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
  • 13. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise • Worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at . – Join me there, ask questions, challenge assumptions, let’s make things better. steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416