Online games have incrementally improved over the last period until they became one of the vigorously entertainment business, knowing that key factors that supported the evolution of the video games is the broadband Internet wide connections.
Even though the Internet is the main reason for the online games to be thriving, it is at the same time the reason that threaten the online gaming applications and make them exposable to some types of attacks. Since the services provided by the game platform are available over the Internet, we should consider addressing these security concerns and work on hardening the application with advanced security measures.
The online games can be hosted on various environments either private or public, so it could be exposed to certain attacks such as malformed packets that could be sent by any malicious users, but as long as the system meets your security requirements for communication between the online gaming application and end users, any of these online gaming applications can be protected against attacks’ exploitations.
The online gaming architecture is mainly composed of two sides along with their components:
Game platform allows the users to run the basic game’s functions and interact with many of the game services. For example in order for the user to start a game he has to send a request to have connection information to the matchmaking service first, then after the user receive the required connection info he can communicate directly with the detected game server using UDP to host the game and start playing.
(Google Cloud, 2019)
Another example for game platform user is the user ability to join the same game running on the dedicated server and chatting with other players at the same time.
There three different databases that make the overall database of the online gaming Apps which are (See Figure3):
The Online gaming business is one of the most profitable businesses nowadays, that is why they become an attractive target to Cybercriminals and Hackers.
As shown in (Figure 4) that the online gaming system can be exposed in multiple of access level unauthorizedly in which each level is represented as an attack surface level.
First attack surface is the front-end side that accessible by the players (users) through the Internet which makes it vulnerable to any type of attacks by malicious cybercriminals for financial purposes or regular bad players for cheating Purposes. (Google Cloud, 2019)
Second attack surface is back-end side which is usually not directly accessible by the users since it is not available over the Internet or connected to any Network infrastructure, as well as it is only accessible by trusted parties which might make it difficult to be attacked but not impossible if the malicious users have successfully passed the front-end side.
Even though Front-end side is available for the regular users to access it, but it allows them only to communicate with the front-end services (Game platform and dedicated server) to contact the back-end side the user must have admin privileges (See Figure 5).
Since the back-end side has all the critical game components such as the database and the analytical stack which hold all the sensitive data about the game-state and players information it has to be only accessed by the admin users any external user will be denied.
Since the methods used in designing the database that is commonly and usually used in most of the online gaming Apps is the Relational-Database, and this method have serious issues in scalabilities in which it can’t accommodate the increasing number of players, changing the game scheme and Administrations issue by which is difficult to automatically manage updating the changes in the game features and adapting a very large numbers of players in the database all of these weaknesses could make the application very vulnerable to DoS Attack or exploited by any other type of attacks.
Because of all the mentioned above we propose implementing a new security control that is much effective mothed in designing the database of the online gaming system that is “NoSQL Database” which will contribute in having a very powerful and secure gaming environments.
NoSQL is a good replacement of the Relational-Database since it solves all the weakness exist within the relational database, so it will be pre-designed to have the ability to accommodate the growing number of players without causing the application to crash or has any down-time, also the new game features can be automatically and synchronically deployed into the database and adoption rate of administrations automations will be very high.
By using NoSQL Database, we will make sure that the database is well designed which will lead to improving the performance of the game-state which will make the overall gaming application less vulnerable and very powerful against exploitations.
Since this attack has no attack surface, in order to mitigate this type of attacks better, we should focus on solving the buffer over issue:
In order to foster a secure design of an online gaming application, designing a threat modeling will be a good place to start. Designing a threat modeling is composed of many important phases, starting with designing the logical architecture of the system including the communication flow between the components of the system and the trust level in each interface of the system which the gaming application, then followed by the other phases which are identifying the attack surfaces, the possible threats and exposing attacks for each attack surface, and the existed controls to prevent the risks coming from those threats.
There are other recommended new security controls to enhance the security of the gaming application which will significantly contributes in achieving the system requests that are also listed in detail in this article.