Gamasutra article on cheating in online games
- This is not an old problem
  - The Conway attack on postal chess: play two grandmasters against
    each other using a MITM attack
  - Cheating in online chess servers using chess-playing programs
  - Cheating in muds: crashing the server to get a reset;
    "pour cup cup"; exploit other people's mud clients
- This is a fundamental problem
  - Preventing cheat-enhancements in reaction-based games is
    fundamentally unavoidable
    - Reflex augmentors are basically simple AI helpers
    - If computers can play better than humans, there is unlikely
      to be any satisfactory solution to the game
  - Preventing reverse engineering of code running on an untrusted
    platform is completely unavoidable
    - Debuggers, disassembly, VMWare, x86 simulators
- If you had some control over the hardware platform, how could you
  solve this problem more satisfactorily?
  - Tamper-resistant hardware will help, but what do you run on it?
  - What's in the TCB?  RAM chips?  CPU?  OS?
  - TCPA/Palladium


Tamper resistance examples
- How tamper-resistant hardware fails
  - Fault attacks, power glitch attacks
  - Depackaging, Reverse engineering
  - Exploit software vulnerabilities, crypto protocol failures
  - Lessons from European PayTV systems: loopers, hacker self-education
- Mondex
- Smartcards for payment vs smartcards for authentication

An important principle
  - example: tamper-resistant camera, when you take a picture,
    it records time, date, and who took the picture, and timestamps it
  - security analysis?
    - security of this scheme relies on tamper-resistance,
      and that in turn depends heavily on whether the person in physical
      possession of the device has an incentive to break the tamperproofing.
      if the person has an incentive for the system to work correctly
      (e.g., first person to timestamp the picture gets copyright protection),
      it's probably secure.  if person has an incentive to break it
      (e.g., camera inserts identity information into camera without
      consent of the owner), then it's probably very insecure.  this
      is a general principle about tamper-resistance, not about marking.