Online Game communication encryption solution design

Source: Internet
Author: User
Tags asymmetric encryption

I found this on the internet and found that there were very few materials. Almost no one put forward substantive content. Recently, I started to do this part of the game. I have never developed such a thing before, so I had to analyze other people's systems in a simple way, A solution is designed based on your own understanding. I think this part of knowledge may be helpful to many people, so I made public the design of this solution. In fact, it is estimated that the solution is not even secure.

 

Considering that each person has different foundations, the first two sections detail the basic concepts. In fact, I have not done similar system development. If something is wrong or poorly designed, please kindly advise!

1. design purpose

I personally think the security of online games is mainly divided into two parts: one isClient SecurityTo prevent the client from modifying the decompilation string. The other isNetwork Communication SecurityTo prevent others from intercepting data packets at the network layer and modifying the strings.

The most common method of the former is obfuscation of compilation code, shelling, and so on. The previous blog is called androird obfuscation, but these work cannot be prevented from cracking. Therefore, the further enhancement means that the data is sent from the server, and the data submitted by the client is considered unreliable, so that the client string cannot be computed. The other one is to implement auxiliary plug-ins, which will make the operability of your game design different from expectation. I suggest learning WOW and fantasy westward journey, you can directly integrate the big foot or directly build in the auxiliary functions, but with some restrictions, such as enabling the auxiliary function for 5 minutes at a time.

This article focuses on the latter. The network layer is very complex. It may be a Trojan on your local computer or a vro that someone else has modified, it may also be other machines in the LAN, and so on, as long as you can get your network layer data packets, you can do these things. The most direct method here is to encrypt the communication data, and the plaintext cannot be obtained without a key.

2. Basic Concepts

All those who have read cryptography know that there are actually only a few truly reliable encryption algorithms, and they are all directly selected based on the needs of each encryption.

Unidirectional hash Algorithm: Md5, sha1. This type of algorithm enables your original text to be stably hashed into a string of ciphertext (the results are the same each time), and the ciphertext conflicts are small (there are fewer repeated results ). It is often used for original text comparison and password saving.
If there is encryption, there will be a cracking. What is going on with a large number of md5 cracking tools on the Internet? Because of the irreversible nature of the algorithm itself, it is decided that only brute-force cracking can be used to record the ciphertext corresponding to a bunch of original texts, and then reverse lookup, so your original article is strange enough, and it is very difficult to crack brute-force attacks. (Episode: a professor from Shandong University made an algorithm that can quickly find md5 collisions, that is, to find two different original texts that correspond to one ciphertext, however, the other plaintext is completely meaningless, so this does not affect the actual security)

Symmetric encryption algorithm: DES, 3DES. These algorithms use the same key for encryption and decryption, featuring high efficiency. 3DES is actually the DES algorithm encrypted three times, because the computer is developing too fast and the computing speed is getting faster and faster, so that DES keys can be computed quickly, however, 3DES seems to have been computed for decades. This is often used for big data or long-time communication encryption.

Asymmetric encryption algorithm: RSA, DSA, the biggest feature of this type of algorithm is the key pair, one key encrypted data, only one key can be decrypted, therefore, the generated private key is used as the private key and is used as the public key to others. This algorithm is inefficient, but its features are very useful in many scenarios, such as linux ssh login verification.

3. Design Ideas of encrypted communication

Based on the above concepts, the basic principle is that the actual normal communication must take 3DES, but because of the symmetry of 3DES, it is necessary to obtain it dynamically and the obtaining method must be safer, therefore, you can consider the client to save a public key to communicate with the server to get the 3DES key. The premise is that the server is absolutely secure, but if you consider cracking attacks by internal personnel, you need to find another solution. I think the number of personnel should be reduced to this level, you can use administrative means directly.

In addition, considering that the value of 3DES is byte [] After encryption, this data will be passed as a string for a long time. Therefore, it is necessary to compress the data with Base64 before passing it. I tested it, it can be compressed to 1/4 of the original size.

4. Detailed design plan

5. More complex encryption methods

I wanted to add more things, but considering that too many details would cover up important parts, I would like to repeat them here. The above is only the most basic communication process. If you want to be safer, you can try again. I hope that some friends can provide more and better solutions.

1) add some salts to the key, that is, the issued key is not the final key, and the C/S parties modify the key based on the agreed logic.

2) It is not safe for the client to transmit uid every time. It can be regenerated into an access code for authentication. This idea is similar to Oauth.

3) use md5 or sha1 to convert the logon password.

4) Get a custom encryption or key for secondary reinforcement, and change it frequently

5) obtain the key in a way other than the network layer, such as text messages or keys similar to bbon


Excerpt from the successful blog

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.