Tuesday, October 30, 2012

On-line Chess - Part 1.13 - Security

On a real chess game it is not possible to cheat. Online chess games instead can be cheated in several ways depending of the security model implemented. Yah, the server receives the information about the move and the timestamp from the clients. Nobody is able to see what the user is doing sitting in front of his/her PC. Let’s start from the most common cheating type: the computer aid. Instead of using their own brain, cheaters open a window on their PC where their favorite chess program is running. The position of the game in progress is replicated in the chess program and analyzed by the CPU (which will do the dirty job), the program hints the best move for every position and unlucky opponents can be defeated soon if not stronger than the machine. The consequence is that cheaters gain points rapidly and they will be at the top of the ladder even if not deserved. Is there a remedy for that? Some online game providers claim they have one. The principle is that suspicious games are analyzed with a computer engine and if there is a match that is the footprint of a cheat. Can anyone be sure 100% that it is a cheat? Difficult to say. Anyway other techniques can be added and the following three are just examples:
  • The rating evolution is monitored because a quick rising of the rating is a symptom of good game but also of cheating. 
  • The suspect cheater is notified by a message encouraging him/her to stop cheating or simply informing that from now on a strict monitoring will be performed on his/her games. 
  • The suspect cheater is marked so that every user knows what could happen if they accept a challenge from a suspect cheater. 
  • The number of times the game is suspended is monitored. It could be an indication that the player is using the time to query a chess program.
When the cheater is confirmed he/she is banned from using the chess service.
Another popular way to gain points is to play against yourself. Cheaters create two accounts and winning against themselves let them improve their rating. Some game providers overcome this techniques by force the users at registration time to accept to not create more than one account otherwise they will be banned. Some other game providers instead have tools to detect if the players of a game come from the same IP address. What if the cheater uses two different PC?
  Another historical way to cheat an opponent is to interrupt the game when thing is going bad on the board. Let’s think the case there is a temporary connection failure of a client. Some game providers simply null the game because they think it is unfair to assign a result in this case. But cheaters could turn off their computer in order to simulate an internet connection failure. Usually providers face this problem in two ways:
  • adjourning the game when accidental disconnection has happened and give the chance to reconnect in order to complete the game 
  • declaring the victory for the player remained online
Other providers claim they have an intelligent system able to recognize abusive game interruptions, which is the best solution to the problem.
Now let’s have a look at complex cheating techniques. As we already said, the client program sends a time stamp together with the move up to the server. Time stamp could be modified to get more time. Usually the connection between the client and the server is encrypted but even the most famous chess server (ICC) has not a strong protection against hackers that could decrypt the message and change the time stamp.

No comments:

Post a Comment