network-programmingmmosecurityudp

Is there a way to avoid MITM attacks without encryption?


After the player is authenticated, he receives a random, unique identification token. Every packet sent by him includes the token. A typical message would be:

token sequence_number commands

The problem is that, if somebody saw a packet, the person would be able to act as the player and give all the player's coins to somebody else for example. Or read the player's messages, or do anything short of stealing personal info.

So I thought encryption would be a requirement. But I've found many people advocating against it, one even says "it's complete paranoia" (https://gamedev.stackexchange.com/a/25551/33993).

Is there a way to avoid MITM attacks without encryption? If not, is avoiding them unnecessary?


Solution

  • The linked question says, "Only if it is an in-game purchase/micro-transaction - and then why not just use something tried and true like HTTPS."

    Https is regarded as sufficient for MITM protection.

    By which I mean: Yes!, you should send your traffic on Https!

    It will have an impact on performance, but (obviously) lots and lots of effort has gone into optimizing that. A lot of the cost happens on establishing an Https connection. For an ongoing game connection, you should be able to keep it open, and the performance impact will be lessened.

    As commenters have mentioned, Https uses TLS for encryption. You can build your own TCP or even UDP protocol using TLS, as well, but these days I'd recommend if possible, use boring old TCP/Https. All the platforms have APIs for it, there's ways to make it realtimey, and it plays probably the easiest with home routers & firewalls, and will be unsurprising when you explain it to others.

    See pusher and socket.io and long polling for examples of using http/https for realtime.