• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
[KGC 2013] Online Game Security in China
 

[KGC 2013] Online Game Security in China

on

  • 523 views

Online Game Security in China, 온라인 게임 보안, 중국에서

Online Game Security in China, 온라인 게임 보안, 중국에서

Statistics

Views

Total Views
523
Views on SlideShare
523
Embed Views
0

Actions

Likes
5
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    [KGC 2013] Online Game Security in China [KGC 2013] Online Game Security in China Presentation Transcript

    • In China 신승민 CTO ㈜윈디소프트 Online Game Security Case Study
    • How to protect Game Client Server Network
    • BRUCE SCHNEIER Security is a process, not a product.
    • 중국에서 온라인 게임 서비스, “어디서 부터 시작하는 것이 좋을까?” “중국에서 해킹은 막을 수 없어?” “중국만의 무언가 특별한 것이 있을까?” “중국에서 사설 서버는 어쩔 수 없는 거야?” Questionnaire● Really?
    • IDEA What do you get today?● Action Plan
    • Books●
    • Books●
    • Game Client Reverse Engineering Hack toolkits Network Packet Analyze Game Server Reverse Engineering Private Server Vulnerability of Online Game Service●
    • Game Client Online Game Service Security Case Study In China, 2013年 Network 게임과 보안, 암호 알고리즘과 프로토콜 설계, 2010年 Game Server Online Game Server Architecture Case Study, 2012年 Vulnerability of Online Game Service●
    • X Online Game System● Billing System X Online World2 W3 W4 W5 WEB 1 . 1 World1 2 . 2 3 . 4 30 3 6 0 Lobby Instance Dungeon Game DB MCU 20,000名 1 2 3 4 Gateway
    • X Online Game System● 결제SV Backend DBMS Backup gdbc DBMS Backup logsv ldbc authsv Frontend Internet loginsv lobby1 msgsv dungeon1 pvp1 cli cli cli 프로세스 관계도○
    • Mind Map Set to work● Check List
    • How to protect● Network○ “매우 안젂하게 외부 접속을 지웎하고자 한다면?” “안젂한 게임 클라이언트 – 서버 간 프토로콜 설계하려면?” “네트워크 구성이 너무 복잡하다면?” “방화벽은 꼭 필요한 부분에, 네트웍 보안은 ACL 만으로” “VPN 用 OTP(One Time Password) 솔루션 사용” “SSL과 같이 검증 받은 프로토콜을 이용, 대칭킹 암호 알고리즘은 128 비트의 Stream Cipher를 사용”
    • General network structure● View of high availability○ Public Switch L3 Public Switch L3 Public Switch L3 Public Switch L2 Public Switch L2 Public Switch L3 Game A Game B Public Switch L2 Public Switch L2 Firewall Master Firewall Slave WEB Management Complexity
    • General network structure● Decrease complexity○ Firewall Master Firewall Slave Public Switch L3 Public Switch L3 Public Switch L3 Public Switch L2 Public Switch L2 Public Switch L3 Game A Game B Public Switch L2 Public Switch L2 WEB Management
    • Build a new game server architecture● Simple is better○ Public Switch L3 Public Switch L3 Public Switch L2 Public Switch L2 Game A Game B Public Switch L2 Public Switch L2 WEB Management ACL 10000~10020 20000~20020 80, 443 22, 1433, 3389 Web Firewall
    • Build a new game server architecture● Simple is better○ Private Switch L3 Private Switch L3 Private Switch L2 Private Switch L2 Game A Game B Private Switch L2 Private Switch L2 ACL WEB Management OTP VPN 22, 10000~10020 22, 20000~20020 22 22, 1433, 3389 Firewall
    • Block Cryptography, “first with AES and that with Serpent or Twofish ” Suggestion …● Mode, “random IV CBC mode” Hash function, “in the short term, SHA-224, SHA-256, SHA-384 or SHA-512 ” MAC, “HMAC-SHA-256 ” LANGUAGE, “Specifically don’t use C or C++ ” From Book, “Cryptography Engineering”○
    • SHA-3● http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/index.html○
    • SHA-3 WINNER● • NIST announced Keccak as the winner of the SHA-3 Cryptographic Hash Algorithm Competition and the new SHA-3 hash algorithm in a press release issued on October 2, 2012. Keccak was designed by a team of cryptographers from Belgium and Italy, they are: – Guido Bertoni (Italy) of STMicroelectronics, – Joan Daemen (Belgium) of STMicroelectronics, – Michaël Peeters (Belgium) of NXP Semiconductors, and – Gilles Van Assche (Belgium) of STMicroelectronics. Where do we get?
    • About Crypto++● • Crypto++ Library 5.6.2, update 2/20/2013 – http://www.cryptopp.com – Crypto++ Library is a free C++ class library of cryptographic schemes. • What’s new? – changed license to Boost Software License 1.0 – added SHA-3 (Keccak) – updated DSA to FIPS 186-3 (see DSA2 class) – fixed Blowfish minimum keylength to be 4 bytes (32 bits) – fixed Salsa validation failure when compiling with GCC 4.6 – fixed infinite recursion when on x64, assembly disabled, and no AESNI – ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0
    • Hash function● MD5("The quick brown fox jumps over the lazy dog") = 0x 9e107d9d372bb6826bd81d3542a419d6 MD5("The quick brown fox jumps over the lazy dog.") = 0x e4d909c290d0fb1ca068ffaddf22cbd0 http://en.wikipedia.org/wiki/Md5○
    • Hash function● Keccak-224("The quick brown fox jumps over the lazy dog") = 0x 310aee6b30c47350576ac2873fa89fd190cdc488442f3ef654cf23fe Keccak-224("The quick brown fox jumps over the lazy dog.") = 0x c59d4eaeac728671c635ff645014e2afa935bebffdb5fbd207ffdeab http://en.wikipedia.org/wiki/SHA3○ Keccak-256("The quick brown fox jumps over the lazy dog") = 0x 4d741b6f1eb29cb2a9b9911c82f56fa8d73b04959d3d9d222895df6c0b28aa15 Keccak-256("The quick brown fox jumps over the lazy dog.") = 0x 578951e24efd62a3d63a86f7cd19aaa53c898fe287d2552133220370240b572d
    • Hash function● Keccak-224("") = 0x f71837502ba8e10837bdd8d365adb85591895602fc552b48b7390abd Keccak-256("") = 0x c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 Keccak-384("") = 0x 2c23146a63a29acf99e73b88f8c24eaa7dc60aa771780ccc006afbfa8fe2479b2dd2 b21362337441ac12b515911957ff Keccak-512("") = 0x 0eab42de4c3ceb9235fc91acffe746b29c29a8c366b7c60e4e67c466f36a4304c00f a9caf9d87976ba469bcbe06713b435f091ef2769fb160cdab33d3670680e Compare SHA3○ MD5("") = 0x d41d8cd98f00b204e9800998ecf8427e Compare MD5○
    • Where would we use SHA-3?● md5(password) SHA-3[ SHA-3{md5(password)} || passcode ] In database○ password SHA-3(password)
    • Protocol of X-Crypto● Choose Crypto type Game Client Game Server GetEncryptedSessionKey() SetEncryptedSessionKey() GetEncryptedIV() Transfer Encrypted IV Using by Session Key Finish an initialization SetEncryptedIV() IntializeClient() Transfer Session Key Using by Server’s Public Key Start Crypto-system Using by Session Key & IV Secure Socket Layer○ 128bit 1024bit Stream Cipher: Panama, Sosemanuk, XSalsa20
    • Crypto++ Algorithms● algorithm type name authenticated encryption schemes GCM, CCM, EAX high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20 AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256 other block ciphers IDEA, Triple-DES (DES-EDE2 and DES-EDE3), Camellia, SEED, RC5, Blowfish, TEA, XTEA, Skipjack, SHACAL-2 block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR) message authentication codes VMAC, HMAC, CMAC, CBC-MAC, DMAC, Two-Track-MAC hash functions SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA- 512), SHA-3, Tiger, WHIRLPOOL, RIPEMD-128, RIPEMD- 256, RIPEMD-160, RIPEMD-320 public-key cryptography RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN padding schemes for public-key systems PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5 key agreement schemes Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV insecure or obsolescent algorithms retained for backwards compatibility and historical value MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
    • How to protect● Game Server○ “윈도우 게임 서버 보호는 너무 힘들다고 느낀다면?” “dll 인젝션 공격처럼 게임 서버 공격을 알 수는 없을까?” “사설 게임 서버를 막으려면?” “라이선스 관리 서버와 코드 낙독화 사용” “Windows Server 로그인 用 OTP 솔루션 사용” “모듞 것은 로그로 부터 시작합니다.”
    • Gateway Lobby Dungeon PvP DBC SentinelHASP SentinelHASP DB License Server In Korea How it works license server?● Online Key Expire time 1~3month Online Key Expire time 1~3month SentinelHASP○
    • dll injection attack● “DLL 인젝션 이란 ‘실행중 인 다른 프로세스에 특 정 DLL 파일을 강제로 삽입 시키는 것’이라 말할 수 있다. 조금 더 기술적으로 표현하 자면, 다른 프로세스에게 LoadLibrary() API를 스 스로 호출하도록 명령 해 사용자가 원하는 DLL을 로딩(Loading) 하는 것이다.”
    • Gateway Lobby Dungeon PvP DBC DB Hack to game server● 관리자 실수 웹 서버 ACL/Firewall Hole 관리자 PC
    • Gateway Lobby Dungeon PvP DBC Packer Packer DB Will it be able to defend?● Packer or SentinelHASP○
    • Gateway Lobby Dungeon PvP DBC Packer Packer DB Mail Syslog Will it be able to defend?● File integrity check○
    • Multi authentication system●
    • Gateway Lobby Dungeon PvP DBC SentinelHASP DB Windows AD 1st Authentication Multi authentication system● PIN Safe 2nd Authentication
    • Build a new authentication architecture● 2nd Authentication: PIN Safe○
    • 라이선스 관리 솔루션이 도움이 됩니다. 한국에서부터 시작해야 합니다. Conclusion …● 모듞 데이터를 암호화하세요. 서버 사용 기간을 설정하십시오. 안젂하게 게임 서버를 보호하기 위하여○ 게임 서버도 패커로 보호해야 합니다!
    • How to protect● Game Client○ “온라인 게임을 위한 게임봇 탐지 및 대응은?” “실시간으로 dll injection 공격 확인하려면?” “Hack tool 에 대응하려면?” “Anti 해킹 솔루션과 코드 난독화 사용” “ETRI 2014년 수행 완료 과제” “로그 관리 솔루션 사용”
    • 다중 클라이언트 Hack● 캐릭터 무적 상태 맵 젂체 몬스터 소홖/제거 맵 젂체 아이템 줍기 쿨 타임 제거 Functions○ 이동 속도 증가 랭크, 피격 횟수 설정 던젂 레벨 제한 없이 입장 던젂 무제한 입장 보스 방으로 바로 진입
    • 계정 자동 생성 게임 자동 접속 캐릭터 자동 생성 지정 던젂 자동 클리어 아이템 자동으로 경매장 등록 우편 자동 확인으로 아이템, 골드 획득 Hack● Functions○
    • How do can be detected in real time? Everything begins with log!
    • What will happens in OS ?●
    • Event log●
    • One More Thing…
    • “보안은 사슬과 같아서 가장 약한 고리만큼만 안젂하다. 공격자가 가장 약한 고리를 찾아 공격하듯이 방어자는 가장 약한 고리부터 보완해야 한다.” Security is a process, not a product.●
    • 해킹은 게임 영역이 아니라 보안 젂문 영역이므로 보안 젂문가와 함께 대응해야 합니다. Conclusion …● 철저히 대비하고 퍼블리셔와 긴밀히 협의 한다면 중국에서건 어디에서건 해킹은 막을 수 있습니다! 게임 보안을 위하여 제품도 필요하지만 실제 어떻게 적용되어 운영되고 있는지를 살피는 것이 중요합니다. 게임 로그에는 운영을 위한 로그도 있지만, 보안 관리를 위한 로그가 별도로 필요합니다. Ignorance begets sin.○