Abstract
Massively Multiplayer Online Games (MMOGs) have been steadily growing in interest over the past decade. Their economic value turns them into one of the main targets of malware and cheating in Internet. This chapter presents and discusses security issues in MMOG environments. The study starts with a preliminary characterization of MMOGs, highlighting their main features. Afterwards, the authors present the security approaches that are applicable to MMOGs, exposing the implications of security breaches and the need for better protection mechanisms. Next, the chapter presents current safety measures and solutions to tackle specific security issues. Finally, security trends that can be relevant in the future are described.
TopIntroduction
The security paradigm that supported game industry for many years was on protecting game software. This was achieved by making difficult the reproduction of copies of game, so trying to protect game development and investment revenues. Later, with the advent of the Internet, new opportunities arose in the game industry (Jarett, 2003), but this also implied changes in game security. Therefore, while the main security issues of the pre-Internet games were developing copy protection mechanisms, now security is seen in a wider perspective. Currently, online game industry companies obtain most of their profits from pay-to-play solutions, and not from selling games (Yan, 2003).
Basically, MMOG's business model changed with the progressive disappearance of game copies (Chen, 2004), but new problems arose with those pay-to-play solutions (Davis, 2008). In particular, online games and MMOGs put security challenges, namely: security problems related with player authentication, issues related with game availability and resilience, trust and anonymity concerns, means of ensuring security of player and his/her virtual assets, game law enforcing solutions, game client problems (Mönch, 2006), and also game development issues like scalability and persistence. In short, MMOGs share the same security risks as those of other online applications, but also present new and interesting challenges as a consequence of the risks mentioned above.
Despite user's increased awareness in respect to risks of his/her online behavior and, consequently, the inherent security threats, the MMOG player usually has a negligent perception in terms of security. For him/her, it is just another type of online game, where players play anonymously and therefore don’t constitute a real threat to him/her and other users. The understanding is that what happens inside game's virtual environment doesn’t have consequences in real life. It is clear that this is a wrong understanding in terms of game security and privacy.
There are threats that must be considered when developing and managing MMOG (Davis, 2008). But, many industry developers don’t follow this perspective. Due to MMOG business model, whose success results from the amount of players that a game attracts and maintains, a MMOG needs to keep players immersed in the game and luring new ones to allow growth on the number of subscriptions and publicity revenues in order to support the cost of having a computer infrastructure to deploying the game.
Therefore, game's success is a result of what players feel on the game. If the game isn’t interesting, it doesn’t have an interesting history, it isn’t graphically appealing, it has communication lags issues, and there is a sense that the game is unfair and players feel that it is almost impossible to evolve in the game, that there are few players to interacting with, that they are being scammed, and that they likely lose assets in game due to cheating, that the game doesn’t provide a fair dispute resolution to solving game disputes, then players end up leaving the game.
Although some of the previous considerations aren’t directly security-dependent, many others are. Therefore game developers must incorporate a well-defined security policy in their business model. In general terms, the success of a MMOG is a corollary on game trust and reliability by players. In fact, the player's perception about security isn’t in accordance with the amount of information that he/she shares in a MMOG environment with unknown players (Hogben, 2008). This fact can be used for player profiling and social engineering attacks.
Key Terms in this Chapter
Completely Automated Public Turing Test to Tell Computers and Humans Apart (Captchas): Are challenge-response tests whose purpose is to ascertain whether a particular user is human. The test is frequently used to identify human users and block computerized applications when signing up, for some forms of internet accounts. An example of this use is to block “bot” players. Usually the test involves the recognition of a distorted image of letters and numbers.
Real Money Trade (RMT): Represents the real money transactions that occur outside of game boundaries. The procedure involves exchanging intangible game assets between players where the payment is made in real currency outside of game jurisdiction.
Guild: Represents an association of players in a MMOG with similar interests or pursuits. Guilds are formal alliances that foment the sense of belonging. After joining, usually the guild name is shown above the player's avatar for easy identification. It also common for MMOG to provide guild specific chat channels to ease guild member communication.
Lag: Represent high latency in communications. Lag players have slower reactions than others allowing the others advantage within game environment as their actions are processed faster by the game server (Zetterström2005).
Sharded Worlds: Are independent instances of the game-world running on its own. Sharding also reduces the complexity of distributed game state coordination. They offer a game developer solution to MMOG scalability problem, as hundreds of thousands of simultaneous players can't be at the same time in the same precise location. A solution to maintain a pleasant game experience to all was to split players by their geographic location, creating copies of the game world known as shards. Boosting network performance and reducing packet delay. The disadvantage is that players cannot physically interact or usually even communicate across 'shards'.
Non-Playing Characters (NPCs): Are game controlled artificial intelligence entities that designed to mimic the actions of human players. Their purpose is to provide some challenge to players and to populate the MMOG virtual world.