Security Best Practices

Transcription

Security Best Practices
Security Best Practices
Debrief on Piracy, Secondary Sales, & Account Theft Solutions
Matt Ployhar
Senior Product Planner – Intel
President – PC Gaming Alliance
www.intel.com/software/gdc
Introduction - Security Best Practices
 Introduction & Welcome
– Brief Background
 What this discussion is about
– Overview of options that protect Content and Users
– What the Customer wants
– What the Industry wants
 What this is not about
– Super technical deep dive on Security
Security Best Practices – We have to move beyond over-simplifying this as just an Anti-Piracy Play
2
Trends, Evolutions, and Research
History of Piracy - Cause and Effect

Piracy
- Grows by Geo/Globalization expansion
- Reduces by shifts occurring in formats
 Format Shifts
- Media format: From Packaged to Digital
- Business format: From ‘Fire & Forget’ (F&F) to
‘Games as Services’ (GaS)
 Piracy impacts every platform
- PC’s have at least a 10x > Install Base
- Most Piracy occurs with ‘Fire & Forget’ format
 (PCGA Opinion) Cause and effect of GaS trend
- Seeing less Piracy as games shift to ‘GaS’; but
seeing an uptick in account/id theft/hacks
The Devil’s in the details… don’t read too much into sensationalized news stories without due diligence
3
Spectrum of Options for Protecting Content
Massive technology leaps in Software, Hardware, & Game Design!

Software
– Disc Based - DRM
– Code Protection & Tamper Resistance
– White box cryptography (Key Protection)
– Network & Client: Activation, Authentication, Verification, &
Integrity Checking
•
–
Activati
on &
Authenti
cation
Examples: Client Side Integrity Verification (Client to Server), Session
Based Network Authentication
Game Design Options
•

DRM &
Code
Protecti
on
Examples: MMO, Free to Play/Freemium, Log-out location tied to IP
address, Demo-Mode/Timed Game Degradation, Streaming
Game
Design
Hardware
– Platform Based
•
Examples: Unique Security Chips, & Hardware Keys, CPU Based,
Authenticators (Key Fobs to iPhones) <e.g. Digipass>,
Protected/Proprietary Optical Drives, Protected Hard Drives
Hardwar
e
Not necessarily a ‘one size fits all’ approach. Many Developers opt for multiple choice options
4
Software Based Solutions
Ranges from on-Disc, to Software, to actual Game Design choices
TYPE
EXAMPLES
Pros
Cons
Notes:
Disc Based (DRM)
•
•
•
•
•
•
SecuROM
TAGES
SafeDisc
SafeCast
StarForce
LaserLock
•
•
•
Unique, per disc, digital signatures
•
Historically easy to
crack
Requires a disc
Historical negative
public perception
Per Disc Cost
Code Protection
•
•
Arxan CodeIT, EnsureIT
MetaForic’s MetaFortress
•
Discourages casual
Crackers
•
Variable results
•
Code Obfuscation, and Code
Tamper Resistance
White box (Total Access) Cryptography
•
Irdeto Cloakware
•
Discourages casual
Crackers
•
Once compromised a
huge issue
•
Obfuscation of the Encryption
Key/Crypto Code. Protects Keys
Network & Client: Activation ,
Authentication, and Integrity
Verification
•
•
•
•
•
Arxan Transform IT
MetaForic’s MetaSure
Valve STEAM
Microsoft’s SSA
Oracle (JDBC)
•
Another order of
magnitude more
difficult to crack
•
Requires Network
connection.
Limited offline mode
functionality
•
Handshakes between Server &
Client
Game Design
•
•
Day 1 Localization all Geos
Free to Play
• DLC (Commerce – e.g.
Digital River)
• Advertising
MMO
Demo mode & Timed Degradation
Logout Loc tied to IP
•
Virtually eliminates or
reduces most forms of
Piracy
•
Shifts the issue from
Piracy to Account
hacking or Identity
Theft
Often Requires
additional work
•
These are fundamental shifts in
actual Game Design & or the
Business models. Proven to be VERY
effective in Geo’s with high
incidences of Piracy at Retail.
•
•
•
Discourages casual
Crackers
•
•
•
•
Discussion Point: Which of these have you tried & implemented? Other Pros & Cons?
5
Hardware Based Solutions
These solutions are more of ‘per device’ – ‘Platform’ choice
TYPE
EXAMPLES
Pros
Cons
Notes:
Unique Security Chips & TPM’s (Trusted
Platform Modules)
•
•
Consoles
PC Motherboards
•
Prevents Casual
Crackers
•
•
•
Can be modified
Adds cost to BOM
Illegal in some countries
like China & Russia
•
Some critics are citing privacy
concerns.
CPU Based
•
•
•
One Time Password (formerly (IPT™)
True Cove
PEAT (HW Accellerated Public Key)
•
Proven to be very
secure
Not IHV specific
•
‘Big Brother’ Fears
historically result in
‘Back-lash’ by Consumer
advocacy groups
•
•
•
•
Open – there’s an SDK for this.
WYSIWYS = True Cove
Hyperlink to Ned’s talk posted here.
PEAT – see notes
•
Key Generators (e.g. Digipass)
• Key-Chain Fobs
• iPhone/SmartPhone
•
Almost eliminates
Account take-overs
•
Adds another step to
launching and playing
Requires standalone
Key Generator device
Loss of Key Generator =
PSS Call
•
These generate SW Keys or Codes
•
DVD Firmware hacks
•
Adds cost to Console
BOM
Dependency on Optical
Media
•
Can be ‘jail-broken’
Authenticators
•
•
•
Protected / Proprietary Optical Drives
•
Consoles
•
Prevents Casual
Crackers
•
Protected Hard Disk Drives
•
Consoles
•
Prevents Casual
Crackers
•
Ditto on BOM cost
Streaming Server Services & Platforms
•
•
•
Gaikai
OnLIve
OTOY
•
Tough to Pirate
•
Can require a standalone box
Network bandwidth
•
Discussion Point: Which of these have you tried & implemented? Other Pros & Cons?
6
Discussion: Protecting Consumers & Software
What are the leaders saying and doing?
 Protecting Retail ‘Boxed’ Games
– Key Questions:
•
•
What is the future of Retail & channel Distribution?
What’s the future of Secondary (Pre-owned) Sales?
TechSpot (May 2011) EA CEO: we're
switching from discs to digital
 Protecting Digitally Distributed Games
– Key Questions:
•
•
•
Fire & Forget, or shift towards a services (GaS) model?
How many languages can you localize for? Go Global!
If all Games go ‘digital’ doesn’t this level the playing field
between platforms ? What platform has the advantage?
Gamasutra: Oct 2011 (Gabe Newell)
<paraphrased – on stopping piracy> “.by giving
those people a service that’s better than what
they’re receiving from the pirates.”
 Protecting User Accounts
– Key Questions:
•
•
What safeguards are in place to protect Users Accounts?
What safeguards are in place to protect Users Games?
Recommend: Taking a multi-pronged approach. Stakes are higher than ever
7
Other Factors For Consideration
Pending Legislation that could have an impact on your decisions







Disclaimer: Not taking a stance on these issues. FYI to raise awareness
NAIA (New America Invents Act) (Patents)
SOPA (Stop Online Piracy Act)
OnLive CEO: New Patent Law
PIPA (Protect IP Act)
'Devastating To Ingenuity'
Others
Data Security & Breach Notification
– H.R. 1841 – Data Accountability and Trust Act of 2011 (Processes for assessing and responding to data security
vulnerabilities. Consumer data breach notification requirements within up to 60 days of a breach. See also H.R. 1707.
– S. 1151 – Personal Data Privacy and Security Act of 2011 (Provides for criminal penalties for anyone who would
intentionally and willfully conceal the fact that a data breach has occurred when the breach causes economic damage to
consumers)
– S. 1207 – Data Security and Breach Notification Act (Requires the FTC to promulgate regulations requiring each covered
entity engaged in interstate commerce owning or possessing data containing personal information to establish specified
security policies and procedures to treat and protect such information)
Privacy Legislation
– “Commercial Privacy Bill of Rights Act of 2011” (Timely notice on collection and use of data; opt-out consent; opt-in
consent for sensitive data; must ensure data accuracy and provide reasonable access to data; self-regulatory safe harbor
program)
– “Do Not Track” Act (Concept endorsed by the FTC to provide for one mechanism for consumers to opt-out of online
tracking of their movements and data)
– Child Privacy (Series of bills being introduced that would provide for a “Do Not Track” mechanism for kids, would raise the
COPPA age, or would extend COPPA beyond websites.)
Note: These are just the USA’s legislative Acts……
8
2011 Piracy according to TorrentFreak
(Bonus Slide)

Does anything stand out or look amiss to anyone on
the charts to the right? -
What’s wrong with this picture? Aside from the obvious Piracy is bad story…..
9
2011 Piracy according to TorrentFreak
(Bonus Slide – For Discussion & Context)

BitTorrent (Source: TorrentFreak)


EASY to misinterpret & sensationalize statistics – to be fair
How Many of these optimize/utilize
– Free to Play/Freemium?
– Subscriptions & or MMO’s?
– Streamed?
– Note: most are W. Hemisphere ‘Fire & Forget’ formats
Why is Piracy persistently high on PC?
– PC Install Base vastly larger
– Pirates have had more time to exploit
– Business/Academic/Monetization agendas
– Inability to enforce Piracy laws globally
How would story read if:
– Console install bases were on par with PC?
– Would the stats multiply by 5-6x?
– We add up PS3 + 360 + Wii Piracy?
– Throw in Secondary Sales & “Game loaning” losses
Argument of legitimate to pirated games’ ratio’s being
lower on Consoles losing validity w/Digital Disty, & all the
new format shifts occurring; but, you be the judge…



–
http://torrentfreak.com/top-10-most-pirated-games-of-2011-111230
Critical that Game Developers understand that Piracy is relative to the size of the TAM/IB
10
Summary and Calls to Action
 Summary Points
–
–
–
–
Robust choices to protect content
Protecting Physical Games currently a moving target
Protecting Digitally Distributed Games becoming standard
Increasing importance to secure Consumer’s Accounts & Information
 Calls to Action
– Educate yourself on the full range of options
– Consider a ‘hybrid’ approach
– Be cognizant of the laws and pending legislation – globally!
Security Best Practices are multi-dimensional and requires Developers to pay close attention!
11
Resources
 Matt Ployhar
– Matt.ployhar@intel.com
– http://software.intel.com/en-us/profile/408557/
 PC Gaming Alliance
– http://www.pcgamingalliance.org/
GDC 2012
12
Contributors, Inputs, Sources
Special Thanks





Intel
– Jennifer Gilburg
– OPT: Bob Chesebrough & Kathy Farrel
– SSG: Yoram Zahavi, Deepak Vembar, Brad Werth
Microsoft
– Games For Windows Live/Win 8 Build-Security: Avi Ben Menahem & Shai Hinitz
– http://www.buildwindows.com/
– http://channel9.msdn.com/search?term=Secure+Metro+Apps
Arxan
– Jodi Wadhwa
– http://www.arxan.com/
MetaForic
– Douglas Kinloch
– http://www.metaforic.com/
Links:
– http://www.tweakguides.com/Piracy_1.html
GDC 2012
13
Questions and Answers
 Some Previous Questions that I often hear are….
– How much $ is lost to Piracy?
– What would be the cost for me to protect the IP? Should I charge ~$10
more to recoup what I’m going to lose to Piracy?
– As a Game Dev, should I count on my Game Design abilities, or the digital
distributor?
GDC 2012
14
Your Single Source for Visual Computing
Info, Articles, Samples, SDKs and Tools

Free Downloads
of Intel® Visual
Computing Tools

Code Samples

Tech Articles

Case Studies

Forums

Beta Programs
www.intel.com/software/vcsource
15
Please fill out your evaluation forms
Win
-
SSD drives
-
Ultrabook in the Intel booth #1024
Drawings: Wed/Thu @ 5:30pm, Fri @ 2:30pm
16
Legal Disclaimers
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH
PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL
PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT,
COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT.
Intel products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications.
Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter.
The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents,
trademarks, copyrights, or other intellectual property rights.
Intel may make changes to specifications, product descriptions, and plans at any time, without notice.
The Intel processor and/or chipset products referenced in this document may contain design defects or errors known as errata which may cause the product to deviate from
published specifications. Current characterized errata are available on request.
All dates provided are subject to change without notice. All dates specified are target dates, are provided for planning purposes only and are subject to change.
Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
* Other names and brands may be claimed as the property of others.
Copyright © 2010, Intel Corporation. All rights reserved.
17
Optimization Notice
Optimization Notice
Intel® compilers, associated libraries and associated development tools may include or utilize options that optimize for
instruction sets that are available in both Intel® and non-Intel microprocessors (for example SIMD instruction sets), but do not
optimize equally for non-Intel microprocessors. In addition, certain compiler options for Intel compilers, including some that
are not specific to Intel micro-architecture, are reserved for Intel microprocessors. For a detailed description of Intel compiler
options, including the instruction sets and specific microprocessors they implicate, please refer to the “Intel® Compiler User
and Reference Guides” under “Compiler Options." Many library routines that are part of Intel® compiler products are more
highly optimized for Intel microprocessors than for other microprocessors. While the compilers and libraries in Intel ® compiler
products offer optimizations for both Intel and Intel-compatible microprocessors, depending on the options you select, your
code and other factors, you likely will get extra performance on Intel microprocessors.
Intel® compilers, associated libraries and associated development tools may or may not optimize to the same degree for nonIntel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include Intel ®
Streaming SIMD Extensions 2 (Intel® SSE2), Intel® Streaming SIMD Extensions 3 (Intel® SSE3), and Supplemental Streaming
SIMD Extensions 3 (Intel® SSSE3) instruction sets and other optimizations. Intel does not guarantee the availability,
functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent
optimizations in this product are intended for use with Intel microprocessors.
While Intel believes our compilers and libraries are excellent choices to assist in obtaining the best performance on Intel ® and
non-Intel microprocessors, Intel recommends that you evaluate other compilers and libraries to determine which best meet
your requirements. We hope to win your business by striving to offer the best performance of any compiler or library; please
let us know if you find we do not.
Notice revision #20101101
18
Backup
GDC 2012
19