Authenticator increased security idea.

[Kabbalah]

In theory this would work (albeit it impractical to keep unplugging and plugging in your usb stick, which would also be prone to damage).

However, we are actually reduced to this -

- All the time the USB stick is connected to your PC, the server will allow all actions to be performed. This is because the end result S is based on a timestamp key and is not specific to a specific character action.

This basically means that whilst your USB stick is connected the server is getting a constant stream of matching S results, and allowing all actions to be permitted.

The hacker can deviate at any time from what you are doing on your character because the server is receiving a constant stream of legitimate S values.

As soon as the hacker does something to your character that you don't do, then you as the player would lag out and your screen would freeze.

You would immediately know to pull your USB stick out, but in that time period (whilst it is still connected), the hacker can just delete gear and still cause player grief.


Yes theoretically it works, however it still does not prevent hacker from performing "bad action" on your character. All it prevents is him being connected to your account when you disconnect your USB stick.


The expression "Close......But no Cigar" springs to mind with that idea :P

Your explanation is a little bit more complicated than needed but yes you got it right.

The hacker would only be able to delete one piece of your gear. Just expand the need of a key for this action.

[Deleted]

1) Get real virus scanning software (Norton works fine).

I stopped reading here.

[Kabbalah]

This thread is slowly proving what you say.

No matter how advanced a secure system is, once you are keylogged of trojaned, you become susceptible to being hacked. There is no way to devise a secure system to make you safe once you have acquired a trojan or virus or keylog.

There is only one way to stop your account being abused - Prevent yourself from being keylogged or trojaned in the first place.


This thread also proves one other thing -

If you have bought an authenticator, you have wasted your money. It offers no extra security against your bog standard basic keylog attack.

I have a authenticator and I don't regret. It does prevent standard keyloggers. The current hack isn't a standart keylogger since it has to alter/block your internet packets. It's not that common than classic keyloggers. Also it prevents the hacker to change your password since three consecutive keys are needed to detach an authenticator. I know he only needs one key to change password but that would also lock him out because you can't feed him any keys then if he doesn't detach the authenticator.

Also I have an IPhone, free authenticator for me, hehe.

[Kabbalah]

Impossible for a server/client to produce a spontaneous random one time key (that also corresponds to the other client/server) without it being based on a time stamp.

Which means any other key generated can be profiled.

I'm talking about the key that is used to allowing buy, sell and mail action. Just add deleting items to the list.

[Kabbalah]

Ye, this has to be based on a time stamp algorithm for the (USB) authenticator to have a corresponding passcode to the servers passcode.

Else the passcodes would have to be based on something else. Any computerised passcode that is not time stamp generated (which results in a random passcode) can be profiled.


When you have an authenticator sending passcodes to the server that are time stamp based, it becomes a constant stream of "I am the Server and i am receiving a constant stream of correct passcodes from you, i will allow you to perform these actions".

If the passcode is tied to an action, then it has to be based on a different seed algorithm. Because this makes it not a random passcode that doesn't expire, it can be profiled and stored in a dictionary to use whenever you like.


Heh nice. Gief ^^


The solution we have come up with together is extremely close to making the account secure from bad actions being performed against it (once you have acquired trojan/keylogger). But being close is not enough to stop that one bad action.


Sort of, but it isn't any more complicated than this -

1) You type your authenticator code in
2) Your sent information goes to the hacker instead of the game server
3) Hacker logs on


Yes there is slightly more to it than that, but those 3 points are pretty much how it works. It is simple to explain. (although i would have no idea how to actually program that hehe).

Yes the USB authenticator is time stamp based. Whenever an action requires a key, the key is sent to the server first. The key then expires. It's possible that authenticator and server desynchronize after this process. Therefor the server sends a time stamp to the authenticator to synchronize again.
If the time stamp gets logged by a hacker, he can't do anything with it because he doesn't know the registration key.
The IPhone version of the current authenticator already has a Synchronize button.

Sort of, but it isn't any more complicated than this -

1) You type your authenticator code in
2) Your sent information goes to the hacker instead of the game server
3) Hacker logs on


Yes there is slightly more to it than that, but those 3 points are pretty much how it works. It is simple to explain. (although i would have no idea how to actually program that hehe).

The hacker has to block player's connection to the server or he has to reroute the information to himself. Both are more difficult to achieve. With my knowledge I could write a keylogger: You have to "demonize" this program. That would cause it to become invisible to the player (only visible in task manager). Then it has to listen to keyboard inputs. But since the keyboard is standard input for every program I don't really have to program it, lol. Safe the log somewhere and after some time create a packet with the log as content and send it.
Stopping or changing a packet is more complicated because you have to first know on which "channel" WoW communicates with the network card/OS. If the hacker manages to find out, he wins.
As you see. Simple keylogger, no knowledge about the client needed. Current hack, must know communication "channel". I don't think the author of the current keylogger will share this knowledge with anyone. He'll want a bigger playerbase for himself.

[Kabbalah]

You left out my last suggestion in your summary.

1) The player has a USB stick that generates the authentication key (OTP).
2) This stick isn't needed to play WoW or to logon.
3) The player logs on as usual.
4) Whenever the player does a money/items based action (except looting) he has to connect the USB stick.
5) The USB stick sends a OTP to the server to confirm one action. The next action requires a different OTP.
6) If the player unplugs the USB stick money/item base actions can't be done.

If you get hacked, the hacker can only do one action. Therefor the damage is minimal.

[Kabbalah]

3) The hacker logs on as usual while he redirects the player to a fake server.
4) Hacker relays server information to the client PC. (Client thinks he is logged on to game server, but he isn't, the hacker is)
5) Hacker takes control of character and tries to delete all gear
6) Server requests the passcode
7) USB stick responds
8 ) Gear deleted

What actually happens on the users screen is he watches another person playing his character.

You have prevented the hacker from playing the game unless the user has inserted the USB stick but once the stick is inserted the hacker can do anything.

I guess it is alot better than the current authenticator solution, but it still doesn't prevent "bad actions" being performed on the players character, it just prevents the hacker taking control of the account. (although this might be enough of a deterrent for hackers to give up and not bother anymore.)

The weakest point in this system now becomes the end point key on Blizzards servers. I guess we can assume this is as close to hack proof, as hack proofing gets***

Some factors to consider with this solution -

- Are Blizzard happy to let users ditch millions of already sold authenticators
- Would customers be happy at purchasing another authenticator, but this time it has a USB port on it
- What happens when the authenticator breaks? (as plugging in USB items multiple times tends to bend metal )
- Would users really bother taking their USB stick out of their PC, or just leave it connected all the time?
- How much strain would this put on the servers and bandwidth? Dalaran is already a laggy piece of turd. 50,000 or more requests of a one time passcode in the space of an hour or two doesn't sound very appealing to performance issues tbh.


Theoretically it is a better system than the current authenticator, but it's practical uses are annoying to say the least.


***It is theoretically possible to take control of the users account if the hacker gains knowledge of the end point key on Blizzards servers, the encryption being used and the timestamp algorithm.

If this information is ever found, the hacker can produce a software version of the USB stick emulating the real thing. The only way this information can be found is a hack on Blizzards servers - Highly unlikely imo.

Your steps don't compute, because the USB stick is only connected when you do one of those actions. Plug in, sell, unplug. The window of opportunity is very small for the hacker. It wouldn't pay off. The hacker would have to wait the whole time till you send the first key. And after a few seconds he won't be able to do anything again. Since he can't see exactly when you unplug the USB stick, he can't know when to stop controlling your character. This would cause the client-hacker-server chain to desynchronize and hints you at an attacker.
Also I'd like to stay semi-afk for a long time, only watching the chat. That's a lot of time lost for the hacker.

About your factors:
Yes rendering that many authenticator completely useless would be painful.
A on/off button could solve the problem of straining the material.
If people don't unplug their USB stick when not needed, then that's their own fault. Why people don't leave key in the lock when they leave their home? It's convenient...
Bandwidth shouldn't be an issue since the code only takes up a few bytes. A 256bit key would need 32 bytes of extra traffic. It's considered safe because there are
(big num inc)
115792089237316195423570985008687907853269984665640564039457584007913129639936
possible keys.
Generating keys for every player at a very fast rate could be a problem. I'd say doing this by using a software can slow it down. But using hardware only, similar to the one I described earlier, could be fast enough.
I know what you're thinking^^. Not every USB stick needs its server counterpart. Blizzard stores how authenticator and accounts are matched (they already do it). If the server needs to validate a key, it sends the matching authenticator registration key to one of several key generator which then is able to produce the matching key.
Since electricity travels at light speed, the actual calculation is instant.
A problem I think of is the cost involved. Both USB stick and server's key generator are specially tailored hardware and expensive to produce.

[Kabbalah]

Everything you say is true.

However there are points that simply make it not worthwhile.

1) The hacker has complete control of your character movements whenever he wants to. If anything he could simply control your character all day just to annoy you - Although nothing malicious can be done to your character, the authenticator has not stopped your character from being controlled by someone else.

2) Plugging your USB stick into your PC everytime you use AH, read mail, delete gear is just plain.......annoying.

3) People would just leave their USB stick in all the time.

4) With your USB plugged in hacker can load up account management page and change your password. Now you dont have access to your account. Fair enough, neither does the hacker, but still :S Kinda annoying.

Yes i believe we have made a secure way in which nothing bad can happen to your character, but it is still open for someone to have control of your character, and that is quite a lame solution tbh.


edit - i'll even put an example in of what could happen -

1) Player tries to log on
2) Hacker intercepts, redirects player to fake server
3) Hacker relays all server information from server to client and client to server
4) Player opens AH house
5) Server prompts for the OTP
6) USB stick responds
7) Hacker buys everything on the auction house and wastes all the players gold
8 ) Player wonders wtf just happened


or, here's a good one -

1) Player tries to log on
2) Hacker intercepts, redirects player to fake server
3) Hacker relays all server information from server to client and client to server
4) Player opens mailbox
5) Server prompts for the OTP
6) USB stick responds
7) Hacker sends another of his characters all the players gold
8 ) Player wonders wtf just happened


Doesn't work at all tbh ^^

1) The hacker wouldn't do that. He would attract too much attention and give you the hint to check your system for trojans. Also this would be a waste of time for him. He hacks accounts to make money. "Time is money, friend."

2) Annoying but necessary.

3) Would people leave their key in front of their door? Putting a on/off button on the stick should help.

4) Before responding to this, let me show my idea to prevent what's stated in you edit because they are related.

The USB stick gets a button. A single key is generated when you press the button. So every critical action requires a button input on the USB stick. The hacker can't mass buy stuff anymore since you have to physically interact with the USB stick.

Also the key is tied to the action you want to do (eg sending a specific amount of gold), can be done by encrypting the action with the key. Therefor the hacker can't intercept the key and change the action. Since the action and key are tied together a server request isn't needed because it can be done by the client. This way the hacker cannot fool the player with a false key request.

Returning to 4) Since we can't tie the key to action in the account management (the browser is outside Blizzard's regulation) we have to emulate this. I don't know how to say it in a elegant way. I'll explain it:
eg If you want to change your password, you have to send the first key, skip the second and then send the third. It is a hassle because you have to either unplug the stick and press the button to skip or wait for the key to expire. But the only actions I see that need this are if you want to change your password, change your email address or change the authenticator (USB stick).

The hacker may see all your personal information, but since he successfully hacked you he can do that anyway. If use an IM client he knows who your friends are. If use Amazon he knows your address and bank information. He can even find out what kind of porn you prefer.

I think that the account itself is safe now. Your privat information not. But Blizzard can't do anything about it.

[Kabbalah]

Even if this did work (and im sure there is ways around it), it still won't work in the long run because in order for the timestamp to be tied with an action made, into a key that only the USB stick and the server can ever know, it doesn't allow for any updates with the game to happen.

As soon as new update hits the game with new actions, the USB can't update with the game. The key has been made hardware innaccesssible by any software.

The moment you introdue action tied software updates and load these into the USB stick, it becomes a software key, which can be accessed and found.


I want to read up on Jablon's multiple server solution, although it's fun to try and solve this particular problem, it has already been solved anyway.

A new solution has been in development for a long time now using QKD (Quantum Key Distribution) which i was watching a video about last night.

If you know anything about quantum mechanics you will know that entanglement involves 1 quantum particle being in an exact reverse state of another quantum particle, but they can be any distance apart, even from here to the other side of the Universe. As soon as one changes, the other does the complete opposite.

Also a basic rule about Quantum Mechanics, is that if you try and observe Quantum Particles, the very act of observing them makes them alter their behavior.

This is great for Key distribution, because as soon as somebody tries to look at the Key, the Key changes and becomes useless.

It's worth looking at ^^

The first thing that came to my mind to make the USB key update-able is to make it two sided. One side is software based which allows for updates. The other side is hardware based which generates the key. The hardware side would also act as a firewall. So if there are updates available you plug in the stick using the software side. To check the integrity of this side a checksum of it can be calculated by either client or server. If you want to play, you have to plug in the hardware side and do as usual.

I don't say that my ideas are failsafe but I do think it's one of the best solutions made in this thread. Only those post about how to make your computer safe yourself are better ^^.

Regarding QKD: It's still under development and not applicable in our situation. The cost to produce these hardware for every WoW player would horrendous. On top of that Blizzard needs every counterpart. Also there are reports of successful attacks.

Don't misunderstand if wiki says that the one-time-pad is impossible to crack. To crack a key means to recalculate the key without knowing every detail involved to generate it in the first place. That doesn't mean a hacker can't try to get the key in another way. Also you have to know that one-time-pad is the same thing as one-time-key (OTP) used by the authenticator.

[Kabbalah]

Yea again with agree with everything you say.

Concerning the updates though, if the software updates are stored, it is impossible to generate a key on the hardware side because it would be like this -

Hardware Algorithm------>Software modified------->End Point Key
(not alterable) (stored on memory) (stored on memory)


The End Point Key has to stay on the hardware side for it to become unobtainable. And this does not allow for updates to happen. It is a one time only manufactured algorithm.

The whole principal of secure encryption is dependant on the key being absolutely unobtainable. I like the current authenticator because it is impossible to obtain the decryption key. (on isolated units only, the iphone version can be hacked as soon as you plug it into your PC or connect to a network)

However, as we know, this whole "completely secure where the keys are absolutely unobtainable" does not matter. The act of a user inputting the final result is the weak point.

Ye our solution is a "solution" to making it harder for the hacker to having permanent access to your account (i emphasise the word "harder" here, just because we havn't found a hack to it, doesn't mean it's impossible), but it is so impractical for so many reasons.

- The user has to press a button or unplug the USB stick every time he performs an action that alters his character
- The server is prone to 50,000 or more (or whatever) requests every hour, even though you can minimalise server performance, it is still an unnecessary drag of performance hit
- Hacker can still control you character if he hacks you, the security we proposed doesn't stop the hacker being in control of your game session, only prevents him from performing character changing actions
- Blizzard needs to manufacture a USB stick and ditch all their existing authenticators, for something that still doesn't prevent a hacker from looking at everything you do


The solution is too weak for what we are trying to achieve. And it's impractical. Yes it is "better" than what we have, but it has too many lame features that will put people off from using it. It is simply an unattractive option.

Just to give you an example -

I have never used an authenticator because i find it too much hassle to merge one with my account and type a new code in every time i log on (i'm not joking here btw).

I am simply opposed at typing more passwords, or pressing buttons or plugging and unplugging stuff just to play my game. In short i am lazy to this and simply can't be bothered.

I am quite certain i am not the only one who just wants to "log in and play" without an extra inconvenience either Pressing a button every time i made a character changing alteration would be enough for me to say "wtf is this sh*t, i simply want to make an auction house transaction and i have to remember to push buttons on my USB stick!!!?!?!?!?!", then log off and not bother to play again ^^

Although you got the idea about the hardware/software side idea wrong, I won't explain it in detail because the outcome would't change much. Just let me tell you that the hardware side uses the software side to generate key+action bundle. Since a hardware based (irreversible) algorithm acts like a firewall the software is invisible. The endpoint key is on the hardware side. It can't be obtained by the hacker and can't be changed. Software side can be updated though, which is enough.

I agree with you that this solution may not be 100% safe. But at least it should be able to minimize the damage a hacker can cause.

Your reason that this idea is impractical:
1) That's the users decision. I personally think pressing a button for every critical action is not that annoying. If you're that lazy then you may also use a single digit password. Too bad Blizzard doesn't allow accounts with no password.
2) On this point I agree with you. But I think you mean maximize because a high performance is actually a good thing.
3) I said already. The hacker doesn't gain money by doing this. They won't get paid for grieving (I think I just discovered a market niche, lol). Also this would hint you to check your computer for trojans.
4) Agree again.

If you don't want to use the USB stick, you don't have to. But don't ask for better security from Blizzard because they already offered you a solution that is within their power. Every hacked player had their computer infected with malware first. Securing your computer isn't Blizzard's duty. It's yours.
This is not especially directed at you wooshie but everyone.

[Kabbalah]

A little bit confusing to read wooshie but I think got it. I agree with you on the technical part but saying Blizzard failed because they didn't see the "obvious" is just wrong. It may be obvious for you with the knowledge you gained while participating in this thread but not necessary to everyone else. Not even for Blizzards employees. Or maybe they saw the problem but hoped that nobody would figure it out. There are a lot of script kiddies out there who don't know anything about hacking but could get their hand on those malware.
Even you didn't see the "obvious" when I explained why a hacker is able to relay information between server and client without getting caught (and without a fake server).
You also didn't see the "obvious" when I said that a hardware based Jablon generator is safe. But both were obvious to me.
I didn't blame you so please don't blame other people.

Blizzard security is fine even without authenticator. Every hack was done by infection the player's computer with a malware. Every attack was directed at the computer. Not the client files. Not the server. Not the connection. Even the current MIM attack is only possible because of a trojan on the computer.
If a robber gets into your house because you left your windows (pun intended) open. Who is the one to blame? Certainly not the architect.