Title: Enhancing security aspects in the implementation of a massively multi-player on-line historical role-playing game (JominiEngine)

Proposer: Hans-Wolfgang Loidl

Suggested supervisors: Hans-Wolfgang Loidl

Goal:

The existing client/server implementation of the JominiEngine should be enhanced in terms of security, using a range of client- and server-side mechanisms.

Description:

The JominiEngine is an on-line historical role-playing game, designed for massive multi-player usage. The current implementation uses a classic client/server separation, communicating in-game data over a UDP connections in both directions. In this set-up, classic security issues of distributed systems become aparent. For example, users need to authenticate themselves to prevent unauthorised data access. Privacy of users needs to be assured. From a systems point of view, the protocol for exhchanging messages between server and client needs to be secure.

The goal of this project is to enhance the security in the current client/server implementation of the core game engine (JominiEngine). As a cross-cutting concern, security should be improved for all the major components in the engine, covering secure log-in and user management, enhanced privacy of user data, and provably secure communication protocol between client and server. In general, a secure coding approach should be taken in the implementation of the core functionality in the engine. Key techniques that should be used are, but not limited to, private/public key encryption, network certificates, and session types for securing the communication protocol.

The project will proceed in the following phases.

Resources required: Linux platform with C# running on mono and Riak as database back-end

Degree of difficulty: moderate

Background needed: Good general programming skills; principles of computer (network) security (eg F21CN); interest in historical background is useful

References: