게임 서비스 보호를 위한 소프트웨어 위변조 방지기술 연구

The Study on Software Tamper Resistance for Securing Game Services

  • 장항배 (대진대학교 경영학과) ;
  • 강종구 (대진대학교 대학원 경영학과) ;
  • 조태희 (연세대학교 정보대학원)
  • 발행 : 2009.08.30

초록

게임 산업의 급격한 성장과 사회적 영향은 그에 비례하여 게임 서비스의 취약성을 공격하는 침해사고 건수는 지속적으로 증가하고 있다. 하지만, 게임서비스 역기능 방지를 위한 차별화된 정보보안 기술연구는 아직 미진한 상태이다. 따라서 본 연구에서는 현재 서비스되고 있는 온라인 게임서비스에 대한 침해현황을 조사하고, 가장 큰 보안 취약점으로 도출된 게임서비스 위변조에 기술적 대응 방안을 설계하였다. 게임 서비스의 위변조 방지를 위하여 실행파일을 암호화하고 실시간으로 복호화하며 게임서비스 역 분석 방지를 위하여 디버깅, 디스어셈블, 자체 메모리 덤프를 방지하고 모듈 의존성에 대한 정보를 은닉하도록 하였다.

The commensurate number of the attacks and infringement targeting a vulnerability of the game service has been increasing constantly, due to the dramatic growth and expansion of the impact of the game industry. However, there exist no subsequent researches for the differentiated technology, which is to prevent the reverse function of the game service. Therefore, in this study, we examined the current status of infringement toward online game services which are provided in the market currently and designed the proper technical measures for a manipulation of the game service which is the most vulnerable part. We have encrypted an execution file and decrypted it in real time process. Furthermore, we conducted debugging, disassemble, and prevented a its own memory dump, also concealed the information to overcome the module dependency to preclude a manipulation.

키워드

참고문헌

  1. Bernard L. and Solms R., "A Formalized to the Effective Selection and Evaluation of Information Security Controls," Computer & Security, Vol. 19, No. 2. 2000.
  2. Norton Peter and John Paul Mueller, "Complete Guide to Microsoft Windows XP," SAMS, 2002.
  3. Otwell K. and B. Aldridge, "The Role of Vulnerability in Risk Management," IEEE Proceedings of the 5th Annual Computer Security Applicant Conference, 1989.
  4. Peltier T., "Information Security Risk Analysis," Auerbach, 2001.
  5. Rajeev Nagar, "Windows NT File System Internals : A Developer's Guide," O'Reilly & Associates, 1997.
  6. Eloff J. and M. Eloff, "Information Security Management - A New Paradigm," Proceedings of SAICSIT, 2003.
  7. Joan Daemen and Vincent Rijmen, "The Design of RijndaeL: AES - The Advanced Encryption Standard", Springer-Verlag, 2002.
  8. Liming and Sean D., "Windows NT Embedded Step-By-Step", Annabooks, 2000.
  9. Bott, Ed, Carl Siechert and Craig Stinson, "Microsoft Windows XP Inside Out," Microsoft Press, 2001.
  10. Knittel and Brian, "Windows XP Under the Hood", QUE, 2003.
  11. Norton Peter and John Paul Mueller, "Complete Guide to Microsoft Windows XP," SAMS, 2002.
  12. Art Baker and Jerry Lozano, "The Windows 2000 Device Driver Book: A Guide for Programmers," Prentice Hall, 2001.
  13. Edward N. Deker, Joseph M. and Newcorner, "Developing Windows NT Device Drivers: A Programmer's Handbook," Addison-Wesley, 1999.
  14. Inca Internet, "Method to cut off an Illegal Process Access and Manipulation for the Security of Online Game Client by Real Time," Korean Patent 10-0483700, 2005.