What do security-conscious people do for multiplayer networking? [x-post r/Unity3D]

Discussion in 'Multiplayer Networking' started by jorgenpt, Jun 3, 2012.

  1. jorgenpt

    jorgenpt

    New Member

    Joined:
    Apr 21, 2012
    Messages:
    7
    I recently posted a thread on r/Unity3D looking for input on choice of networking stack for Unity: http://www.reddit.com/r/Unity3D/comments/ui6kl/what_do_securityconscious_people_do_for/

    Here's the post:

    I've been tinkering with Unity's networking support today, and while it's easy to get started and use it, it doesn't seem to lend itself to security.

    They have Network.InitializeSecurity which takes care of network layer security (but it doesn't seem to authenticate the server), and their docs say 'You will need to account for this [...] at the game layer.'

    Here are my gripes with using Unity's networking to do "game layer" security:
    • It doesn't seem to be possible to restrict who's allowed to call Network.Instantiate/Network.Destroy. For security, you'd want only the server to be able to instantiate and destroy objects.
    • RPCs always arrive with NetworkMessageInfo#sender set to -1 (if you used RPCMode.All and this is the sending machine) or 0 (every other case, indicates server). Since I can't find a way to filter RPCs on the server, this means that any connected client can call any RPC method on other clients, and the clients can't tell it's not from the server. The only solution to this involves not being able to use RPCMode.All in your code, and instead use RPCMode.Server to fake broadcast: You'd have the server relay the information with a unique magic number for each client, so that the client can ascertain that it came from the server. This also means you need to re-implement buffering (since you can't use RPCMode.AllBuffered).

    Are these concerns correct - or did I miss something in my tinkering? If they are, what do you guys use for networking your multiplayer games?

    As alternatives, I've seen the following thrown around:
    • Photon - has semi-authoritative support, but doesn't integrate well with Unity (according to this post)
    • uLink - seems to have good security and integrates well with Unity, but even the indie license is tad expensive for my hobbyist needs (EUR550)

    Any others? Any input on these?
  2. Dulci

    Dulci

    New Member

    Joined:
    Jun 2, 2012
    Messages:
    5
    I have the same concerns and haven't found a solution. I guess you could always go around and use .net sockets, but that becomes very tedious very quickly.
  3. fholm

    fholm

    Member

    Joined:
    Aug 20, 2011
    Messages:
    1,684
    You can either extend the built in unity networking with your own Spawn/Despawn mechanics, or you can use one of the existing middle-wares (Photon, Smartfox, uLink, SlimNet (mine, link in my signature), Player.IO, etc.).

    They all support authoritative servers.
  4. cod

    cod

    Member

    Joined:
    Nov 26, 2011
    Messages:
    267
    So actually what does photon, smartfox and ulink do? U need to run a server on a dedicated machine, but I've understood just that those middlewares are just an alternative to unity's masterserver

    Please help me to understand this
  5. fholm

    fholm

    Member

    Joined:
    Aug 20, 2011
    Messages:
    1,684
    This is wrong, they do not do the same thing as the unity master server, not even close. The master server is an arbiter, not a game server.
  6. cod

    cod

    Member

    Joined:
    Nov 26, 2011
    Messages:
    267
    while photon and smartfox are a game or host server?
  7. KHopcraft

    KHopcraft

    Member

    Joined:
    Jun 6, 2009
    Messages:
    3,221
    Kind of.
  8. OP_toss

    OP_toss

    Member

    Joined:
    Oct 19, 2012
    Messages:
    9
    uLink provides an authoritative server setup. Simply by setting your server uLink.Network.isAuthoritative = true, you assure no clients can talk to eachother, and only servers can Network.Instantiate. Pretty nice solution imo and the strictness makes setting up and authoritative server much easier.
  9. superme2012

    superme2012

    Member

    Joined:
    Nov 5, 2012
    Messages:
    156
    Just some info from me and possibly usefully for anyone else in the same situation.

    Auth is a little expensive, I have spent some time working out the costs and it’s not cheap. For my own development I was looking at a dedicated server (£300) per month for 500 to 1000 active players. This cost is due to the amount of memory needed for my own production. I think one dedicated server should be more than enough to cover the needs for any starting multiplayer production.

    The problem my side is that I don’t want to create a subscription based game. So photon could got more attention from me due to the price, even though it’s basically a light relay for networking traffic and zero cheat prevention built in!!

    Photon Cloud, major draw backs!

    Security is a “no”, there really is nothing between the clients to decide if the network traffic is correct or not, and also surprisingly photon cloud can’t hold many players in one game. I find that 6 players + extra message space for the master client is about far enough per room, for a fast paced game.

    Photon cloud as a possible solution for medium sized network games (1000 players active!) on a budget?

    Cheat prevention on the server side, for example:

    Player did not die for 7 days and had had 8000 kills!! Or player made 25mill bucks in 2.3 mins!! I think stuff like that is obvious, and can automatically be detected by a web based application, that runs server side with the player accounts databse.

    That is the only way I can see it possible with none auth like photon cloud.

    If there are any other options of even something that I don’t know about yet then please let me know.

    Thanks.
    Last edited: Sep 26, 2013
  10. BFGames

    BFGames

    Member

    Joined:
    Oct 2, 2012
    Messages:
    903
    While Photon Cloud is not an authoritative setup, you can use what you got, like letting the masterclient handle a lot of checks, and even let players check each other. It is not perfect but can help some.

    For small indie productions server costs can become quite high for an authoritative setup (depending on your game ofcause) and therefore i think Photon Cloud is a great solution. You just need to do your best to prevent as much cheating as possible and live with rest of it. Ofcause if you got the cash go for another setup!
  11. superme2012

    superme2012

    Member

    Joined:
    Nov 5, 2012
    Messages:
    156
    Dude that UFPSC A.I add-on looks well fine!!

    "letting the master client handle a lot of checks, and even let players check each other"

    That can be done, but would say be careful with the messages per-room. Also to add to that it is possible to host a master client that has different code to the other clients (bet know one knew that one lolz), this is handy to increase security. But if anyone was considering hosting the master client, then you may as well go full auth, as the same server hosting costs will apply.
  12. BFGames

    BFGames

    Member

    Joined:
    Oct 2, 2012
    Messages:
    903
    Yes running master clients on a server defeats the purpose of the cheap cloud system hehe.