Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

The Good, the Bad, and

The Crooks

Game Security

Steven Davis

Security eBooks


What is security?Encryption?Firewalls?Access Control?

Etc.Etc.Etc.

Security eBooks


Not b

eing

in th

e New

s!

Not losing money

Usually

Security is…

Security eBooks


Security is doing whatever it takes to make your game secure

Business, Game Design, Technology…Anything

Security eBooks


Security is People, not Security is People, not TechnologyTechnology

Security eBooks


The Bad Guy wants The Bad Guy wants to Win!to Win!

• Make MoneyMake Money• Get Free StuffGet Free Stuff• Stroke Ego –Stroke Ego –

– High Score/LeaderboardHigh Score/Leaderboard– Compete/CheatCompete/Cheat– Fame as HackerFame as Hacker

and he doesn’t care howand he doesn’t care how

Security eBooks


Play

ers

play

ing

“Diff

eren

tly”

Play

ers

play

ing

“Diff

eren

tly” – Play with Friends Play with Friends

(your level restrictions (your level restrictions & character & character equipment may make equipment may make this impossible)this impossible)

– Limited TimeLimited Time– Your Game is Boring!Your Game is Boring!

““I want the good stuff”I want the good stuff”

The Customer is often Right!

Security eBooks


• Onerous security procedures

• Security is not their job!

• If people break If people break security, it is security, it is OUR fault, not OUR fault, not theirstheirsIts hard to be goodIts hard to be good

Security eBooks


Crooks

• Want to make money… no matter how– Identity theft– Credit card fraud– Break into email and other accounts– Steal your stuff & sell it– Steal accounts … if

th

ere

is v

alu

e in

yo

ur

bu

sin

ess,

th

ere

is a

th

ief

wh

o

will

hap

pily

loo

t it

.

Security eBooks


Stop Crooks• They may be making more money

from your business than you do– You may be protecting the wrong

things– A stolen ID is worth $1 to $12 or more

• … what is an account worth to you?• … are you protecting that kind of

value?• Sony PSN was not concerned about

identity theft– … nor was Valve– … nor was Riot Games– … nor was LinkedIn– … nor was TJX

• They are deadly serious. You need to stop them. They can ruin your business.

One of these days, the One of these days, the government is going to government is going to make you responsible for make you responsible for security.security.

Your customers certainly do Your customers certainly do today.today.

Security eBooks


How does security help make more money?

Goal:

Move players from “Bad” and “Different” to Good and PAYING!

Change our perspective and relationship with our players

•Don’t ban•Create communities of like players •Stopping bad guys is only part of the answer… And may not be an answer at allW

e may have to

change

We m

ay have to change

how we w

ork

how we w

ork

Bring in more Revenue.Reduce Costs

Security eBooks


Security Systems are everywhere…

….We don’t even notice them as security systems anymore (and we get in trouble when we don’t)

“If your re

ceipt is wrong, y

our purchase is fre

e”

Double entry

accounting &

audit trails

…they evolved over time…

Security eBooks


Why is Security so difficult today?• “Security” used to mean…

– Law Enforcement– Alarm Systems

• New businesses and business models

• New ways of interacting• Radical change in scale• All are changing faster and faster

• … and security takes a while to catch up

• We can’t wait for solutions to evolve slowly anymore

The world is changing

Security eBooks


Security is the problem

Essential misunderstanding of security

Problem Exists Between Keyboard And Chair Fallacy

Broken security business modelsCheap companies

Security eBooks


Security Today – The Good

Disney fights Piracy with Prizes & Holograms

• Disney fights counterfeit products by using a promotion– Customers send in Proof of

Purchase w/holograms to enter contest

– Disney uses entries to identify locations where counterfeit goods are sold and made

• Turn customers into security partners

• Security gets paid for out of Marketing Budget!

Security eBooks


(Mis)Understanding Audit

• Famous security case based on discrepancy between 2 audit trails

• Too many systems confuse having an “audit log” with multiple independent audit records

• RESULT – continued difficulty identifying security breaches

• LESSON – Independent Systems & Real Analysis

Security Today – The Bad

Security eBooks


CheapCheapWhat do good security solutions look like?

Independent Systems and Layers … “Security Mesh”

Imperfekt

Imperfekt

Recoverable/

Recoverable/

Repaira

ble

Repaira

ble

Reliable

Reliable

Security eBooks


Strive for simple security“security shims”

“naturally secure”

Security eBooks


Security is as much about making it

easy to do something right as hard to

do something wrong

Security eBooks


How do you win?

Security JudoAuthority, Trust, Efficiency

Specific, Practical Measures

Security eBooks


What next?• Don’t give up!

• More security presentations at: http://free2secure.com/

• Check out my book “Protecting Games”– Additional information at http://playnoevil.com/

• You can “win” the security game

Security eBooks


About Me• Steven Davis

– 25+ Years of Security Expertise

– I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications

• http://www.linkedin.com/in/playnoevil

– Author, “Protecting Games”

• Why Free2Secure?– Security is too expensive and isn’t working. There has to be a better way.

I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/

– Join me there, ask questions, challenge assumptions, let’s make things better

Game Security - The Good, the Bad, and the Crooks

Technology

Transcript of Game Security - The Good, the Bad, and the Crooks