The document discusses using game history proofs to secure game achievements and prevent cheating. A history proof system would record all relevant game actions and states with a digital signature. A validation service would verify the game history is consistent when checking for achievements. This prevents cheaters from altering their local save data or manipulating game states.

1. Secure Gaming
How to protect achievements & game state
through history proofs
Ferdinand Schober
Microsoft Corporation

2. Talk Outline
Game State Attacks
History Proof Overview
History Proof System Design
History Validation
Implementation Notes
Optimizations
Summary

3. Talk Outline
Game State Attacks
History Proof Overview
History Proof System Design
History Validation
Implementation Notes
Optimizations
Summary

4. Game State Attacks
 Attacks against game state or data
 Cheater alters game state or uses exploits
game flow
 Primarily aimed at gaining an advantage in
the game
 Impacts:
 Achievements and player information
 Multiplayer
 Content purchases

5. Game State Attacks
 Attacks fall in two categories:
a. Passive Exploits
Cheater exploits glitches in game state, flow
or game service
b. Active Alteration
Cheater actively alters local game state,
modifies game data or changes game flow
Cheater impersonates game for service
connections

6. Game State Attacks
a. Passive Exploits
 Exploit existing glitches
Exploit Area Example
Local Game Timing Exploit
Network Offline Mode/Packet Loss
Service Disconnect Exploit
Functionality Game Design Exploit
Ecosystem Social Engineering

7. Game State Attacks
a. Passive Exploits
 Exploit existing glitches
Exploit Area Example
Local Game Timing Exploit
Network Offline Mode/Packet Loss
Service Disconnect Exploit
Functionality Game Design Exploit
Ecosystem Social Engineering

8. Game Timing Exploit
 Exploiting timing flow in game
 Timing of save game writes
 Cheater can repeat unique challenges
 Cheater can filter out failures
 Timing of in-game actions
 Often due to bugs
 Traditionally used for cheating
 “Power cycling”
 Long-standing, simple exploit
 “Gold Duplication”
 In-game asset duplication

9. Disconnect Exploit
 Exploiting disconnect behavior of services
 Disconnect before action is sent to service
 Cannot complete non-atomic service operations
on disconnect
 Often used with network throttling
 Traditionally used for cheating
 “Cloud Save Blocking”
 Disconnect before cloud save is completed
 “Incomplete Player State Update”
 Disconnect before global player state can be updated

10. Game State Attacks
b. Active Exploits
 Active changes by attacker
Exploit Area Example
Local Save Data Manipulation
Network Traffic Shaping
Service Game Impersonation
Functionality Game Data Manipulation
Ecosystem Social Engineering

11. Game State Attacks
b. Active Exploits
 Active changes by attacker
Exploit Area Example
Local Save Data Manipulation
Network Traffic Shaping
Service Game Impersonation
Functionality Game Data Manipulation
Ecosystem Social Engineering

12. Save Data Manipulation
 Manipulation of game save file
 File edits on disc
 Modification of save data files
 Traditionally used for cheating
 “Save Editors”
 Long-standing history
 E.g. set player health, level, etc. of save state
 “Save Game Databases”
 Save game files from other players
 Can unlock achievements quickly

13. Game Data Manipulation
 Manipulation of game executable or
assets
 Memory modification (hot-patching)
 Code or data is replaced in-memory
 Done through administrative rights or VM
or
 Code insertion/edits on disc
 Modification of on-disc binaries or data files
 Modification of configuration files

14. Attack Mitigations
 Mitigation Strategies

Effective Mitigations
Logic-free Game Client
Signed Local Content
Remote Signing
Cloud Storage
History Proof
Secure Storage System
Ineffective Mitigations
Obfuscated Data Layout
Custom Encryption
Weak Signing
Flow Testing

15. Talk Outline
Game State Attacks
History Proof Overview
History Proof System Design
History Validation
Implementation Notes
Optimizations
Summary

16. History Proof Overview
 Mitigate game and save manipulation
 Goals:
 Limit cheating impact
 Detect past manipulations
 Detect game glitches and inconsistencies
 Detect shared game saves

17. History Proof Overview
 Observations
 Cheats result in inconsistent game history
 E.g. unique monster not killed, but loot obtained
 Game history varies by player
 Unlikely to match for multiple players
 Insight
 Use game history as proof
 Validate game history for achievements

18. History Proof Overview
 Game History Creation
 History stores past game actions
 Stored with save game state
 Identity included with game action
 Unique to each player
 History signed and validated by service
 Local signature and verification not sufficient
 Does not require stateful service

19. History Proof Overview
 Game History Proof
 Game history required for achievements
 No achievement granted without validation
 Services validate game history consistency
 Verify identity in game history
 Blocks impersonation
 Save files are signed from service
 Local signature and verification is not sufficient
 Signing does not require stateful service

20. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary

21. History Proof Design
 Game History Actions
 Basic Design
 Data signed by 3rd party that can verify claims
 Peers in multiplayer game
 Observing service
Base State
General Action
Critical Action
Non-critical actions
Starting Game State
Critical and unique actions

22. History Proof Design
 Validation components
 Signing & Verification Service
 Creates verified and signed game history
 Game Service
 Validates game history proof
Signing & Verification Service Securely Signed
Securely Signed
Game Service

23. History Proof Design
 Local Game Client
 Adds all relevant game actions to queue
 Queue appended to existing history
 Submitted to signing & validation service
 No permanent online connection requirement
 Signed game history stored with game state
 Optimization: cloud storage
Signing & Verification Service Securely Signed

24. History Proof Design
 Signing & Verification Service
 Validation authority for game history
 Simulates and verifies game history actions
 Asynchronous, lightweight history validation
 Confirms latest history state
 Includes identity and adds signature
Signing & Verification Service Securely Signed

25. History Proof Design
 Achievement Game Service
 Requires game history for achievements
 Optimization: history & pending actions
 Verify signature and identity
 Verify history state before execution
 Quick logic check on history
 Deeper check on pending history actions
Securely Signed
Game Service

26. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Example
Summary

27. Design Example (RPG)
 Game History Actions
 Basic Design
 Stored with user identity, timestamp
Base State
General Action
Critical Action
General Monster Kill, simple store sell action, …
Starting Character Properties
Unique Loot Drop, Level-up, duel action, …

28. Design Example (RPG)
 Signing & Validation Service
 Validates attached player identity
 Validates player state
 Lightweight gameplay logic simulation
 Logic checks on player state
 Signs and attaches user identity
 Secure digital signature over history and final
state

29. Design Example (RPG)
 Game History Digest
 Initial creation
Base State Kill Loot Store
Boss Battle
(critical)
Store
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Digest
Raw
Securely Signed
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Final
User 215
Signing & Verification Service
Final State

30. Design Example (RPG)
 Game History Digest
 Appending to history
Existing History Store Kill
Unique Loot
(critical)
Kill
Digest
Raw
Securely Signed
Final
User 215
Signing & Verification Service
Existing History
Unique Loot
(critical)
Action
Summary
Existing History
Unique Loot
(critical)
Action
Summary Final State

31. Design Example (RPG)
 Achievement Game Service
 Require game history proof
 Grant achievement on correct history state
 Validate game history asynchronously
 Other Game Services
 Leaderboards
 Validate game history proof before adding entry
 Multiplayer Matchmaking
 Periodically verify history proofs

32. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary

33.  Signing & verification flow
Game History Validation
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Digest
Securely Signed
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Final
User 215
Signing & Verification Service
Base State
Action
Summary
+
Boss Battle
(critical)
+ Action
Summary
+
User 215
= Final State
service
Final State
client
Final State

34. Game History Validation
 Achievement Service
 Uses the game history to grant achievement
 Verifies signature and user
 Uses Final state in game history as proof for
triggering achievement
 Optional: Verify pending actions
 Reduces load on Signing & Verification Service

35.  Achievement Validation flow
Game History Validation
Securely Signed
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Final
User 215
Achievement Service
Final State
Securely Signed
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
User 215
Final State
State Value
Condition: property 2 ==
Achievement: Value == 2!

36. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary

37. Implementation Notes
 Integration into existing game
 Identify relevant actions for game state
 Select metadata for game actions
 Categorize critical vs. standard actions
 Prune existing game simulation for game state
 Integrate user identity and signature
Identify Game History Actions & State
Create Validation Simulation

38. Implementation Notes
 Integration into existing game
 Optimize simulation for asynchronous checks
 Optimize state comparison
 Optional: Include cloud storage for game history
 Include into game services
 Create game history forensic tools
Optimize Validation Simulation
Integrate with Services & Forensics Tools

39. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary
Example

40. Implementation Example
 Role Playing MMO Game
 PvE & Coop Game Modes
 Monster killing & looting
 Special bosses
 In-game auction house (in-game gold)
 Player item trade possible
 DLC game quest content
 Premium game items
 Achievements

41. Implementation Example
 Game History Actions
 Game State
Identify Game History Actions & State
Base State
General Action
Critical Action
Monster Kill, Monster Loot, Generic Item Pickup
Starting Character Inventory, Level, Gold &
Attributes
Unique Item Pickup, Level-up, Boss Kill,
Auction House Action, Item Trading,
Quest Start/End, Premium Item Pickup/Use
Game State Character Quest State, Inventory, Level, Gold &
Attributes

42. Implementation Example
 Select Metadata
…
Identify Game History Actions & State
Monster Kill
Boss Kill
Item Type, Count, Condition, Location
Monster Level, Type, Location, Loot
Boss Type, Location, Battle Duration, Loot
Item Pickup
Auction House
Action Action Type (buy/sell/bid), Timestamp, Item
Type, Value, Bidding Players
Level-up Starting/Remaining Experience, Points Spent

43. Implementation Example
 Simplify Game Simulation
 Create logic flow for each game action
 Create validation for results
Create Validation Simulation
Monster Kill
+ XP (range)
+ Kill Count
Fixed Result
Optional Result
+ Quest Progress
+ Item pickup Boundary Check
Can kill based on level?
Can kill based on quest?
Correct loot, location?

44. Implementation Example
 Integrate User Identity & Signature
 Require user authentication
 E.g. Account Login-System
 Submit user identity and allow one game state
 Select practical signature algorithm
 E.g. HMAC_SHA256 + per-user secret key
Create Validation Simulation

45. Implementation Example
 Performance optimization on simulation
 Eliminate invalid actions early
 Caution: Avoid side-channel attack through timing
 Allow for different simulation levels
 Detailed vs. simple
 Parallel evaluation support
 Optimize state comparison for achievements
 Check user & signature first
 Compare only relevant data for achievements
Optimize Validation Simulation

46. Implementation Example
 Include in services and player reputation
 Update player reputation on cheating attempt
 Game history provides logging functionality
 Save game history snapshot to cloud storage
 Keep multiple history versions to allow forensics
 Create forensic tools
 Visualization of user history
 Analysis of user behavior
Integrate with Services & Forensics Tools

47. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary

48. Optimizations
 Services caching of Game History
 Require full game history only on first call
 Use secure ID for subsequent calls
 Use lookup with cloud storage
First Call Existing History Store Kill
Unique Loot
(critical)
Kill
Subsequent Calls ID Loot
Cloud Storage
Existing History Store Kill
Unique Loot
(critical)
Kill Final State

49. Optimizations
 Checkpoint-based Game History
 Create verified checkpoints
 Limits game history size but looses data
Base State
Action
Summary
Boss Battle
(critical)
Action
Summary
Digest
Securely Signed
Checkpoint State
Boss Battle #21
Action
Summary
Final
User 215
Signing & Verification Service
Final State

50. Optimizations
 Lazy Service Evaluation
 Services only validate game history proofs
for subset of users
 Based on reputation or prior issues
 Validation is performed asynchronously
 In-depth validation for forensic analysis

51. Optimizations
 Handling Randomness
 Client-based randomness allows cheating
 E.g. client can increase rare loot drop rate
 Solution: Service-based randomness
 Client queries service for random number seed
 Service can reproduce based on seed value
 New action:
Random Random seed action

52. Optimizations
 Item History
 Lighter alternative to game history
 Store action history for unique, valuable item
 Service-side only
 Permits simpler tracking of item flow
 Allows for quick forensics on item
Loot Drop Repair Upgrade Repair
Item
1223 User 215
Trade
User 215 User 215 User 215 User 007

53. Talk Outline
Game State Attacks
History Proof Overview
History Proof Design
History Validation
Implementation Notes
Optimizations
Summary

54. Summary
 Game history system
 Provides a game history for validation
 No permanent online connection required
 Game history proof
 History validation ensures game service integrity
 Game history limits cheating impact
 Worst-case attacker behaves like good player
 Game history allows detailed forensics
 Identify issues after they occurred
 Know cheaters

55. Q&A
Ferdinand Schober
Microsoft Corporation
Thank You! ありがとうございました。