[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Games Without Frontiers: Investigating Video Games as a Covert Channel



On 20 March 2015 at 05:45, Rishab Nithyanand <rishabn.uci@xxxxxxxxx> wrote:
> Hey all,
>
> I just thought I'd share and get feedback about some recent work from our
> team at Stony Brook University.

Interesting, thanks!

I do question one of the early assumptions, though: "Many games also
include the notion of private games between a limited number of
players which may only be accessed using a password. This means that,
even a highly motivated adversary (e.g., one who is willing to run a
game client themselves) still cannot observe the game state."

That seems to be making risky assumptions. Chiefly that the only
possible attack is via an external game client - this may be mistaken:
an adversary could attack many places: by attacking or subverting the
game client software itself, by attacking the game network, by
attacking the operator of the game (eg: Blizzard, in the case of WoW,
etc), and so on.

We shouldn't be surprised to find the likes of the NSA attacking
gaming communities, because they are large communities, often overly
trusting of their environment (notably the client software), and
frequently with central control built in.

For example: http://www.propublica.org/documents/item/889134-games

You could mitigate some of that, sure. You could choose a less popular
game (ie: less targeted), with open source client and server software
(though you'd have to review it too, which is probably beyond the
skill of most users), which operates in encrypted peer to peer
fashion. And you can use behavioural steganography as your paper
describes. Keep raising the bar, I guess. But a lot of that sounds
like security by obscurity, and a skilled adversary should be able to
attack that. Any opsec leak, and that castle would fall down fairly
fast, I suspect.

Still, fun research. Literally :)

-J
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk