【转】网络游戏协议 -网络数据加密相关—摘自【游戏编程精粹】

本文涉及的产品
密钥管理服务KMS,1000个密钥,100个凭据,1个月
简介:

本站文章均为 李华明Himi 原创,转载务必在明显处注明:
转载自【黑米GameDev街区】


关于网络协议,以及网络数据加密是后期对项目网络交互务必做的一步,这里转一篇较好的文章。

 

Andrew Kirmse

Most encryption schemes assume that a trusted sender and a trusted recipient want to communicate over an untrusted channel.It seems absurd to suggest that the sender could deliberately try to fool the recipient, yet this is exactly the problem facing designers of online games.Some players cannot be trusted, and worse, they have complete access to the encryption algorithm and all communications via the client executable. Under such circumstances we cannot hope to provide completely secure communications, but we can make the attacker’s job more trouble than it’s worth. This article presents some pratical techniques for building and application-level communications protocol for online games.

大多数加密方案都假定可信的发送者和接收者会通过一个不可信的通道通信. 虽然假设发送者会故意尝试愚弄接收者有点荒谬,但这确实是摆在网络游戏设计者面前的问题。有些玩家是不可信的, 更糟的是, 他们能够通过客户端执行文件获取对加密算法和所有通信的了解。在这样的情况下,我们不可能提供完全安全的通信,但是我们可以为攻击者制造麻烦。本文着重介 绍一些实用的技术来为网络游戏建立一个应用程序级通讯协议。

Definitions
定义

Protocol design is most interesting in client/server games, where one of more untrusted clients communicate with a trusted central server.(Cleating is certainly also a problem in peer-to-peer games, but because no entity is trusted in such games, the situation is hopeless)The consequences of cheating in a client/server game is high because the server, as the only trusted entity, maintains the game state and verifies all client commands.

协议设计在基于客户端/服务器的游戏中是最有趣的,这种游戏由若干不可信的客户端和一个可信的中央服务器通信。(Cheating在点对点的游戏中 当然也是个问题,不过因为这样的游戏中没有节点是可信的,所以这种情况是没希望的)在客户端/服务器游戏中cheat的后果是非常严重的,因为服务器作为 唯一的可信实体,维护游戏状态并且验证所有客户端命令。当游戏状态稳定后, 一次成功的cheat能够使包括上千个玩家的游戏变得不稳定。

We consider protocol security features in a client/server system.The client and server communicate by sending packets over a network channel, which might be reliable(typically TCP) or unreliable(UDP). Although clients can also communicate directly with each other, perhaps for chat or voice, we assume that any data that need to be secured are sent only between a client and the server.

考虑在客户端/服务器系统中的协议安全性。客户端和服务器在网络通道中发送封包通信,网络通道或许可信(TCP),或许不可信(UDP).尽管客户端之间也能够直接通信,比如文字聊天或者声音,我们假定任何需要安全保证的数据只在客户端和服务器之间发送。

Each packet contains two parts: the header, containing administrative information, and the payload, containing the actual data we want to communicate. The goal of the network protocol is to deliver the sender’s original payload to the recipient.Any modifications to the sender’s sequence of payloads should be detected.We deal only with delivery of the payload, leaving the details of packet ordering and reliablility to lower levels in the protocol stack.

每个封包由两部分组成:header,包含管理信息;payload,包含我们实际要传输的数据。网络协议的目标是把发送者的原始payload传 给接收者。对发出的任何payloads序列的篡改都应该能够被检测到。我们仅处理payload的传输,至于保持封包的有序性和完整性则留给协议栈的底 层细节处理。

Packet Tampering
封包篡改

Most protocol hackers are casual: they change bytes in a packet and see what happens. The first line of defense anainst such attacks is a simple checksum. A checksum is a short number produced by combining every byte of the packet.The sender computes the checksum of the packet and sends both the packet and the checksum to the recipient.The recipient takes the packer and recomputes its checksum;if the computed checksum doesn’t match the checksum from the sender, the packet is corrupt and should be rejected.It’s important to include the entire packet, including the header, in the checksum computation, so that the recipient can detect changes to the header as well as the payload.

大多数协议hackers是偶然的:他们改变封包中的数个bytes,看看会发生什么。抵御此类攻击的第一道防线是简单的校验和。一个校验和是一个 由封包所有的byte组合而成的一个短整数。发送者计算出封包的校验和并连同封包一起发送给接收者。接收者取得封包并重新计算校验和;如果和发送者的校验 和不匹配,就认为封包被破坏了并抛弃之。在计算校验和时需要包含整个封包,包括header,这样接收者才能检测出header是否被破坏了。

A perfect checksum computation would produce a different value if any byte of the packet were changed to any other value. A perfect checksum would be too long to be useful, of course, but hash functions have the same design goal and make excellent checksums. Particularly useful are one-way hash functions, which scramble their input to the extent that reconstructing any part of the input from the hash value is impossible for practical purposes. The MD5 algorithm is well tested, publicly available, and fast enough for use in games. A public domain implementation is available online[Plumb93].

一个完美的校验和算法应该能够对封包中的任何字节改动产生不同的值。当然完美的校验和应该too long to be useful,hash函数有着相同的设计目标从而能够产生完美的校验和。单向的hash函数尤其有用,能够b把输入变为混乱值,并且逆向重建输入是不可 能的。MD5算法经过广泛的检测,被认为是足够快速的并能够胜任游戏使用的算法。其源代码可在网上找到。[Plumb93]

There are two weaknesses in this simple checksum mechanism. First, because the client executable contains the checksum computation code, and attacker can reverse engineer the checksum algorithm, and then compute valid checksums for any message. Second, and attacker can capture valid packets and resend them later, and attack known as packet replay.

这种简单的校验和机制有两个缺点。第一,因为客户端执行文件包含校验和算法代码,攻击者能够逆向工程出此算法,从而可以为任何消息计算校验和。第二,攻击者能够截获封包并在稍后重发,这也被称为封包重发。

Packet Replay
封包重发

In a packet replay attack, a malicious user captures a packet from the client (typically using a packet sniffer), and sends it multiple times. A common tactic is to use packet replay to perform commands faster than game allows, even if there are timing checks in the client. For example, a client might use a timer to send a certain command to the server at most once per second, no matter how frequently the player issues the command. Using packet replay, a single user might issue the same command hundreds of times per second.

所谓封包重发,指的是那些不怀好意的玩家截获客户端发出的封包(通常使用某种封包嗅探器),然后多次发送此包。
虽然客户端运用定时器检测机制能够阻止正常客户端过快发送命令,比如定时器没每秒最多发出一个指令,那么无论客户端多么频繁地截获玩家的命令(比如玩家疯 狂地按键),这些命令仍会每秒只发送一次。使用封包重发则是非正规渠道,他是在客户端控制之外重新发送封包,所以能够在一秒内发送相同的指令数百次。

A system designer might try to stop this particular attack by putting a similar once-per-second timer check on the server as well. In the face of widely variable network latency,howerer,this defense is impractical.Although it detects most packet replay attacks, varying network delays can make packets bunch together by the time they reach the server, causing legal command sequences to be rejected. We certainly do not want our security scheme to mark law-abiding players as cheaters.

系统设计者也许会在服务器端使用同样每秒一次的定时器检测机制防御这种攻击。但是由于有网络延迟,这样做显得不切实际。因为虽然能够检测出大多数封 包重发攻击,但是网络延迟可能会使多个正常封包同时到达服务器,这样就会引起合法命令被抛弃。我们当然不想我们的安全方案把合法玩家视为cheater。

To guard against packet replay, each packet should contain some state information, so that even pakcets with identical payloads have different bit pattern. Something as simple as a number that increments with each sent packet would do, although that scheme is too easy for an attacker to figure out. A better answer is to use a state machine to produce successive identifying numbers for successive packets. A fast and resonably complicated method is a liner congruential random number generator of the type typically found in system libraries. Such generators operate as follows:

State = ( State + a ) * b

where a and b are carefully chosen integers. (For a discussion of this generators, see [Knuth98].)

为了防范封包重发,每个封包应该包含一些状态信息,以使数据相同的封包也能有不同的位模式。随着发送封包而增长的数字能够担当此任,但此法太容易被 攻击者破解。更好的方案是使用状态机为连续封包产生连续ID数。一个快速可信复杂的方法是使用线性同余的随机数产生器(通常在系统库中)。这种产生器工作 如下:

State = ( State + a ) * b

其中a和b都是精心挑选的数字。(关于此产生器的讨论,见[Knuth98])

The sender and recipient each keep a liner congruential random number generator for their connections. When sending a packet, the sender produces a random number and adds it to the packet, simultaneously stepping its random number generator. The receiver checks the random number in the incomming packet against its generator; if the numbers don’t match, the packet has been tampered with. If the numbers do match, the receiver steps its random number generator to prepare for the next packet.

发送者和接收者都为连接准备一个随机数发生器。发送一个封包时,发送者产生一个随机数并把它加入封包,同时更新随机数产生器。接收者检查到来封包中的随机数是否和自己随机数发生器匹配;如果不匹配,可以认为封包有问题;匹配则更新随机数发生器以为下一个封包做准备。

There are two complications with this scheme. The first is how the sender and receiver initially synchronize their state machines.They could each start their state machines with same fixed seed, but then the initial stream of packets would always have the same bit patterns and thus would be vulnerable to analysis.Instead, the server can initialize its state machine with randomly generated seed values and send these to the client in its first message.

此法有两个复杂度。第一是发送者和接收者如何同步状态机,可以用相同的种子开始状态机,但是然后初始的封包流将一直有相同的位模式并且会很容易被破解。取而代之的是,服务器用一个随机的种子值初始化他的状态机并将此值作为第一个消息发给客户端。
The second complication is how to keep the state machines synchronized during communication. On a reliable connection, packets are never lost, so synchronization is guaranteed. When packets are dropped or reordered, howerver, the situation becomes more complicated. If a message is lost, the sender’s state machine will have advanced one more step than the receiver’s; subsequent packets will be rejected, even though they are legitimate. A simple solution is to rely on a true sequence number sent with each packet (most games include this number with messages anyway, toprovide a reliable connection over an unreliable trasport).Given a sequence number, the receiver can determine how many times to step its state machine to catch up to the current packet. If the application allows out-of-order delivery, the old state of the state machine will have to be stored for use when an out-of-order packet arrivers later.

第二个复杂度是如何保持状态机在通讯过程中同步。在可信连接上,封包绝不会丢失,可以保证同步。然而当封包会丢失或重组,状况有点复杂。如果一个消 息丢失了,发送者状态机将比接收者快一步;接着的封包将被拒绝,尽管他们是合法的。一个简单的解决方案是依赖于随每个封包一起发送的一个真正的序列号(大 多数游戏包含此号码在消息中,以在不可信transport上提供可信链接)。给定一个序列号,接收者可以判断他的状态机跳了多少步以接获当前封包。如果 程序允许无序delivery,旧的状态机将不得不保存给一个无序封包到达时使用。

The rand function provided with most run-time libraries is inappropriate for use as a state machine because of its low precision (many implementations have only 15 bits) and its obvious choice as a source of random numbers. A fast, high-quality random number implementation is given in [Booth97].

大多数运行时库提供的rand函数作为一个状态机使用都不够准确因为它的精度太低(许多实现只有15位)并且它显然的选择作为一个源随机数。一个更高质量的随机数实现在[Booth97].

Additional Techniques

其他的技术

Ideally, two packets with identical payloads should show as little correlation in their bit patterns as possible, to frustrate analysis of the payload. An easy way to remove all correlation betwen two sets of data is to combine them with a sequence of random bits, using the exclusive-or(XOR) operator.Assuming the previous described packet replay defense, the sender and receiver already have synchronized random number generators.Thus,the sender can generate a sequence of random number for each packet and XOR these into the packet payload; the receiver generates the same sequence of numbers and retrieves the original payload in the same way.

理想状况下,两个具有相同payloads的封包应该在bit patterns上尽可能少的暴露相关性,以阻止攻击者对payload进行分析。消除两组数据所有相关性的一个简单方法是用一串随机bits组合他们, 使用异或(XOR)操作。想象一下前面所描述的防御封包重发的方案,发送者和接收者已经同步了他们的随机数发生器。因此,发送者能够为每个封包产生一串随 机数并把他们异或放进封包payload中;接收者产生同样的一串随机数然后用同样的方法获取原始的payload。

Even the fact that two packets have the same length can give an attacker a clue that the packets encode similar data. To further frustrate attacks, each packet can contain a variable amout of random “junk” data, meant only to vary the length of the packet. The length of the junk data is determined by yet another synchronized state machine. The sender checks its state machine to determine how much junk to generate and insert that number of random bytes into an outgoing packet. The receiver simply ignores the junk data.Increasing the amount of junk data helps to further hide the payload but costs additional bandwidth. In typical applications in which bandwidth is limited, the average length of junk data should be made small compared to the average payload size.

两个相同长度的封包的会留给给攻击者一条线索,那就是封包加密了类似的数据。为了进一步阻挡攻击者,封包可以包含一堆随机的”垃圾”数据,此数据只 为改变封包长度。垃圾数据的长度通常由另一个状态机决定。发送者检查他的状态机来决定产生多少垃圾数据并将这些随机的bytes插入到即将发送的封包中。 接收者简单的忽略这些垃圾数据。增加的垃圾数据进一步隐藏了payload但是耗费更多的带宽。那些受带宽限制的程序,垃圾数据的长度应该比 payload的平均长度更短。

Reverse Engineering
逆向工程

The hardest problem to address, and ultimately the downfall of any scheme to stop protocol tampering, is that the client contains the entire encryption algorithm and thus can always be reverse engineered. Some steps you can take to make reverse engineering harder are as follows:
* Remove all symbols and debugging information from any code released to the public.
* Don’t isolate buffer encryption and decryption in their own function; instead, combine there with some other network code. This is one area in which it can be worthwhile to trade maintainability for security.
* Compute “magic numbers” (such as initialization seeds) at run time instead of placing their values directly in the executable.
* Include a good encryption scheme in every version of the client, even early betas. If any client version lacks encryption, a user can record a stream of unencrypted packets from one client and then use knowledge of the packet payload to help break the encryption in a later version.
* Remember that your goal is to make cheating prohibitively expensive, not impossible.

address最困难的问题以及最终任何阻止篡改协议的方法的缺点就是客户端包含完全的加密算法并且总能够被逆向工程。下面的步骤能够用来使逆向工程更困难:
* 发布的任何代码都不该包含任何符号和调试信息。
* 不要把对缓冲区加密和解密分别放在他们自己的函数中;应该把它们和一些其他的网络代码放在一起。用可维护性换取安全性这里是值得考虑的。
* 应该在运行时计算”魔法数”(不如初始化种子),而不要直接把他们的值放在执行文件中。
* 在每个版本的客户端中都包含良好的加密方法,就算是早期的测试。如果某个版本客户端没有加密,用户就能够记录未加密的封包流,并用对封包payload的了解来破解下一个加密版本。
* 记住你的目标是让cheating花大代价,而非杜绝cheating。

Implementation
实现

The implementation included with this article includes a C++ class SecureTransport that uses all the previously described techniques. A SecureTransport object encapsulates a two-way connection between a sender and a recipient. For each direction, the object maintains four linear congruential random number generators as protocol state machines. These are initialized to static values, with the understanding that the server would send random seeds in its first message to the client. The class uses the state machines as follows:

1. It XORs the length field at the start of the header. (This is unnecessary if the underlying protocol provides a packet length as in UDP.)
2. A message sequence number is used to prevent packet replay.
3. It determines the length of junk data in each packet.
4. It generates random bits to XOR the payload.

A separate random number generator is used to generate the actual junk data. During debugging, it is useful to set the junk data to a known constant value.

本文包含一个C++类SecureTransport,此类使用了所有之前描述过的技术。一个SecureTransport对象封装了发送者和接 受者间的一个双向连接。对于每个方向,对象维护4个线性同余的随机数发生器作为协议状态机。这些被初始化为static值, with th 理解that服务器把随机数种子作为第一个消息发给客户端。此类像下面这样使用状态机:

1. 包头开始异或成员length。(这是不必要的如果底层协议提供封包长度,比如UDP)
2. 一个消息序列号被用来防止封包重发。
3. 在每个封包中决定垃圾数据的长度。
4. 产生随机bits来异或payload(加密).

一个独立的随机数发生器被用来产生实际的垃圾数据。在调试时,把垃圾数据设为一个常量是很有用的。

References
[Booth97] Booth,Rick,Inner Loops, Addison-Wesley Developers Press, 1997.
[Knuth98] Kunth,Donald,The Art of Computer Programming,Volume 2: Seminnmcrical Algorithms, third edition. Addision-Wesley Longman, Inc, 1998


相关文章
|
11天前
|
前端开发 网络协议 安全
【网络原理】——HTTP协议、fiddler抓包
HTTP超文本传输,HTML,fiddler抓包,URL,urlencode,HTTP首行方法,GET方法,POST方法
|
11天前
|
安全 算法 网络协议
【网络原理】——图解HTTPS如何加密(通俗简单易懂)
HTTPS加密过程,明文,密文,密钥,对称加密,非对称加密,公钥和私钥,证书加密
|
13天前
|
网络协议 安全 网络安全
探索网络模型与协议:从OSI到HTTPs的原理解析
OSI七层网络模型和TCP/IP四层模型是理解和设计计算机网络的框架。OSI模型包括物理层、数据链路层、网络层、传输层、会话层、表示层和应用层,而TCP/IP模型则简化为链路层、网络层、传输层和 HTTPS协议基于HTTP并通过TLS/SSL加密数据,确保安全传输。其连接过程涉及TCP三次握手、SSL证书验证、对称密钥交换等步骤,以保障通信的安全性和完整性。数字信封技术使用非对称加密和数字证书确保数据的机密性和身份认证。 浏览器通过Https访问网站的过程包括输入网址、DNS解析、建立TCP连接、发送HTTPS请求、接收响应、验证证书和解析网页内容等步骤,确保用户与服务器之间的安全通信。
62 1
|
30天前
|
存储 SQL 安全
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
随着互联网的普及,网络安全问题日益突出。本文将介绍网络安全的重要性,分析常见的网络安全漏洞及其危害,探讨加密技术在保障网络安全中的作用,并强调提高安全意识的必要性。通过本文的学习,读者将了解网络安全的基本概念和应对策略,提升个人和组织的网络安全防护能力。
|
1月前
|
SQL 安全 网络安全
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
随着互联网的普及,网络安全问题日益突出。本文将从网络安全漏洞、加密技术和安全意识三个方面进行探讨,旨在提高读者对网络安全的认识和防范能力。通过分析常见的网络安全漏洞,介绍加密技术的基本原理和应用,以及强调安全意识的重要性,帮助读者更好地保护自己的网络信息安全。
49 10
|
1月前
|
安全 网络安全 数据安全/隐私保护
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
在数字化时代,网络安全和信息安全已成为我们日常生活中不可或缺的一部分。本文将深入探讨网络安全漏洞、加密技术和安全意识等方面的问题,并提供一些实用的建议和解决方案。我们将通过分析网络攻击的常见形式,揭示网络安全的脆弱性,并介绍如何利用加密技术来保护数据。此外,我们还将强调提高个人和企业的安全意识的重要性,以应对日益复杂的网络威胁。无论你是普通用户还是IT专业人士,这篇文章都将为你提供有价值的见解和指导。
|
1月前
|
存储 安全 网络安全
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
在数字化时代,网络安全和信息安全已经成为了我们生活中不可或缺的一部分。本文将介绍网络安全的基本概念,包括网络安全漏洞、加密技术以及如何提高个人和组织的安全意识。我们将通过一些实际案例来说明这些概念的重要性,并提供一些实用的建议来保护你的信息和数据。无论你是网络管理员还是普通用户,都可以从中获得有用的信息和技能。
26 0
|
1月前
|
安全 网络安全 数据安全/隐私保护
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
在数字化时代,网络安全和信息安全已成为全球关注的焦点。本文将探讨网络安全漏洞、加密技术以及提升安全意识的重要性。通过深入浅出的解释和实际案例分析,我们将揭示网络攻击的常见手段,介绍加密技术如何保护数据安全,并强调个人和企业应如何提高安全防范意识。无论你是IT专业人士还是普通网民,这篇文章都将为你提供宝贵的信息和建议,帮助你在网络世界中更安全地航行。
|
20天前
|
SQL 安全 网络安全
网络安全与信息安全:知识分享####
【10月更文挑战第21天】 随着数字化时代的快速发展,网络安全和信息安全已成为个人和企业不可忽视的关键问题。本文将探讨网络安全漏洞、加密技术以及安全意识的重要性,并提供一些实用的建议,帮助读者提高自身的网络安全防护能力。 ####
59 17
|
1月前
|
SQL 安全 网络安全
网络安全与信息安全:关于网络安全漏洞、加密技术、安全意识等方面的知识分享
在数字化时代,网络安全和信息安全已成为我们生活中不可或缺的一部分。本文将介绍网络安全漏洞、加密技术和安全意识等方面的内容,并提供一些实用的代码示例。通过阅读本文,您将了解到如何保护自己的网络安全,以及如何提高自己的信息安全意识。
61 10

热门文章

最新文章