Delivery-Date: Thu, 26 Mar 2015 03:06:25 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 556B01E0E53
	for <archiver@seul.org>; Thu, 26 Mar 2015 03:06:23 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7F23A34558;
	Thu, 26 Mar 2015 07:06:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A1269343A7
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 07:06:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ujpQPXpf8EES for <tor-talk@lists.torproject.org>;
 Thu, 26 Mar 2015 07:06:07 +0000 (UTC)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com
 [IPv6:2a00:1450:4010:c03::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4F42134368
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 07:06:04 +0000 (UTC)
Received: by lahp7 with SMTP id p7so19304204lah.2
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 00:06:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=phgvn6TAstah6QWHASTiV6veSqWmN6n5Da4pOWXUHTo=;
 b=yKv+zboaJ0O6INHizk6gLo+N2hFLBQkjl+kAgk11HelN0mwWFQOnPQu5XARBnZBA9z
 06rX9vE6oVwFHsHmxsFqD7K3RZS85FQ5w1f1zuDgvp3JsMhmDNS1E+iwX3LEYlrRC3zo
 t8U/IexUuI3NrS5n9Oj7m8HSHQA7lCrkCDb0UT7cqKPiFH/3JRNlATl0p9izur5J6L5Y
 KtvIZS08OL6XK8B5AWf1JnazFeRLIzhhkyizKmdeu4wygNd9/L1SIFJz87F13QrirPOs
 5hdBP3AAZYYB7byEkSp682qvXS2bnCmkWTbb80D9YuSxkQ07jAPXoGEkEQYcWxQxYOFI
 d0TA==
MIME-Version: 1.0
X-Received: by 10.112.188.227 with SMTP id gd3mr12338808lbc.0.1427353561118;
 Thu, 26 Mar 2015 00:06:01 -0700 (PDT)
Received: by 10.112.137.199 with HTTP; Thu, 26 Mar 2015 00:06:01 -0700 (PDT)
In-Reply-To: <CAA+0wAHe0E+x7JRWSshrOrMQaXEADdp3+0ytgLXxDbcsEpmz=w@mail.gmail.com>
References: <CAA+0wAHe0E+x7JRWSshrOrMQaXEADdp3+0ytgLXxDbcsEpmz=w@mail.gmail.com>
Date: Thu, 26 Mar 2015 09:06:01 +0200
Message-ID: <CAPkfgVZQuOTDxGUYJw97dRfYSfq_Ji59HW9i+5kpSnXbUZPP6w@mail.gmail.com>
From: Jon Tullett <jon.tullett@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Games Without Frontiers: Investigating Video Games
 as a Covert Channel
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 20 March 2015 at 05:45, Rishab Nithyanand <rishabn.uci@gmail.com> wrote:
> Hey all,
>
> I just thought I'd share and get feedback about some recent work from our
> team at Stony Brook University.

Interesting, thanks!

I do question one of the early assumptions, though: "Many games also
include the notion of private games between a limited number of
players which may only be accessed using a password. This means that,
even a highly motivated adversary (e.g., one who is willing to run a
game client themselves) still cannot observe the game state."

That seems to be making risky assumptions. Chiefly that the only
possible attack is via an external game client - this may be mistaken:
an adversary could attack many places: by attacking or subverting the
game client software itself, by attacking the game network, by
attacking the operator of the game (eg: Blizzard, in the case of WoW,
etc), and so on.

We shouldn't be surprised to find the likes of the NSA attacking
gaming communities, because they are large communities, often overly
trusting of their environment (notably the client software), and
frequently with central control built in.

For example: http://www.propublica.org/documents/item/889134-games

You could mitigate some of that, sure. You could choose a less popular
game (ie: less targeted), with open source client and server software
(though you'd have to review it too, which is probably beyond the
skill of most users), which operates in encrypted peer to peer
fashion. And you can use behavioural steganography as your paper
describes. Keep raising the bar, I guess. But a lot of that sounds
like security by obscurity, and a skilled adversary should be able to
attack that. Any opsec leak, and that castle would fall down fairly
fast, I suspect.

Still, fun research. Literally :)

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

