[tor-talk] Games Without Frontiers: Investigating Video Games as a Covert Channel
Jon Tullett
jon.tullett at gmail.com
Thu Mar 26 07:06:01 UTC 2015
On 20 March 2015 at 05:45, Rishab Nithyanand <rishabn.uci at gmail.com> wrote:
> Hey all,
>
> I just thought I'd share and get feedback about some recent work from our
> team at Stony Brook University.
Interesting, thanks!
I do question one of the early assumptions, though: "Many games also
include the notion of private games between a limited number of
players which may only be accessed using a password. This means that,
even a highly motivated adversary (e.g., one who is willing to run a
game client themselves) still cannot observe the game state."
That seems to be making risky assumptions. Chiefly that the only
possible attack is via an external game client - this may be mistaken:
an adversary could attack many places: by attacking or subverting the
game client software itself, by attacking the game network, by
attacking the operator of the game (eg: Blizzard, in the case of WoW,
etc), and so on.
We shouldn't be surprised to find the likes of the NSA attacking
gaming communities, because they are large communities, often overly
trusting of their environment (notably the client software), and
frequently with central control built in.
For example: http://www.propublica.org/documents/item/889134-games
You could mitigate some of that, sure. You could choose a less popular
game (ie: less targeted), with open source client and server software
(though you'd have to review it too, which is probably beyond the
skill of most users), which operates in encrypted peer to peer
fashion. And you can use behavioural steganography as your paper
describes. Keep raising the bar, I guess. But a lot of that sounds
like security by obscurity, and a skilled adversary should be able to
attack that. Any opsec leak, and that castle would fall down fairly
fast, I suspect.
Still, fun research. Literally :)
-J
More information about the tor-talk
mailing list