Setup cheat prevention

[Redwolf]

A solution for the not-quite-blind problem in Quickbattle setup:

Surface problem:

The receiver of the setup has no way to ensure that player A has in fact selected "random" or "computer-chosen" when he claims he did.

This cannot be easily fixed with inserting a display about the setup parameters, since at least in a PBEM the setup player can send the pbem to himself and see what the computer has chosen and then redo until he is pleased, i.e. select SMGs and flamethrower no end and throw away games until it is a rainy or foggy night.

Course of problem:

Since one PBEM may be sent to multiple persons, you can just send it to yourself and see how things are and only when you like it send it to your opponent. This cannot be easily prevented since the mechanism that is usually used for such cheat protection is not in place yet. A turn's exceution phase must first be "signed" by the opponents before the first player can see it, to prevent him from redoing a turn, which he could do if he could immedeately watch the action phase. However, no such mechanism is there for the setup.

What is needed? Two things:

- prevent redoing until results please

- ensure that a given set of parameters was selected

It is not possible to prevent this kind of cheating when taking into account that people may control the running program from a debugger or hack it otherwise. However, I think the following scheme with guard against any messing with PBEM files or against setup lies:

Step 1: Player A sends an almost empty token, a pbem file with the setup to choose. This doesn't have to be encrypted or signed.

His computer does not execute any of the random or computer-initiated settings, but it generates random numbers to prepare for it. These random numbers are in the PBEM file sent to B, but B cannot read the numbers since they are two-way one-key encrypted. These numbers are just meant to go through and being signed by B without B reading what they actually are.

Step 2: Player B loads this PBEM and can see what the chosen setup is. The setup parameters are then digitally signed by him so that A's computer later knows what the parameters B agreed on were. Thus it cannot be changed in the PBEM file by A (except by breaking RSA...).

B's computer also generates random numbers for later use in the computer choices, but still does not execute computer choices. He cannot read the random numbers chosen by A's computer since they are already protected by A's password, hence he cannot see what will be generated in the end, hence he cannot redo this step until he sees a result that favours him.

He digitally signs his own set of random initializers and he also signs the encrypted set of A's initializers that are in the PBEM file. That's right, A's random number initializations are now both encrypted (with A's symmetric key) and signed (with B's public key).

He then sends back a PBEM file that contains:

- setup parameters, signed by B

- his own random initializers, signed by B

- A's random initializers, still unread and encrypted with A's key,

signed by B

Step 3: Player A loads the PBEM.

A's computer reads the setup data, checks whether B's signature is intact and displays the setup data, so that A may recognize whether B messed with the parameters.

A's computer reads B's random initializers and confirms, by checking B's signature, that A did not mess with them. (A's computer checks whether A cheats - as I said, it doesn't prevent cheating by changing the program, just cheating by messing with the PBEM file).

A's computer reads his own random initializers by decrypting his own data that went through B. The digital signature of B on the encrypted data is there to prevent A from messing with his own initializers. Otherwise he could chance them now until they lead to a setup he likes. B signed the data that flows through him, without knowing what he signs, but thereby fixing whatever the original initializers were.

The Quickbattle is then built with the setup parameters as signed and using random initializers that are XOR of A's and B's initializers. Player A may then choose forces respectivly do setup.

Result:

- Neither player can ever retry a step until he sees a setup that

pleases him.

- Each player can see what the setup parameters were, and knowing for

sure that these were actually used to generate the battle.

This scheme prevents cheating by retry or by messing with the PBEM file. It does not do anything about changing the program itself. A possible additional step do help here would be to have both computers execute the quickbattle setup and let the games begin only when both generated data is equal. However, if you can change the game, the whole quickbattle mechanism is flawed since you could mess with the action computing, i.e. ensure that no Axis tanks are ever hit. Hence, it would not be sufficient to make the double-check with comparision for the setup phase. You had to do this for all moves and that would at least bloat the mails. There is also the problem that different computers compute the action differently due to floating-point arithmetic. I don't think anyone would like a tenfold increase in computation time due to not using the FPU To do it right, you probably want Quickbattle generation and action computation to happen on a neutral host in the internet.

However, I think the scheme as outlined would be a big step forward. The real problem here isn't the actual cheating, for me anyway. It is that people have to think other trusting each other and each one must make up his mind what to do with opponents he doesn't know. Since different people act differently here that may lead to bad blood not due to actual misbehaviour, but by expressing a certain amount of mistrust, self-evident for one personality, insulting for another.

Now please step on the scheme and show me the holes, as usual, there will be one or another :-]]]

[André]

Hi

What kind of player would cheat in this manner, and why the hell do they do it? I play alot of tcpip QB's and quite often we let the computer select our forces. I sure do find that more challenging and fun. If you fear that your opponent might do this to you, I suggest you find yourself another opponent. Come on, who needs this kind of crap anyway. If they are that desperate to loose, I sure dont want anything to do with them.

I have experienced cheating in multiplayer a couple of times, and I simply stopped playing and told my opponent to get lost. I also wanted to publicly accuse him on this board, as a warning to others. I didnt do it then, but I sure will if I experience something similar again.

I find most of my opponents in the chatroom on CMHQ, and they are great people. Of all the games I have played there, I have only experienced that 1 cheater. We dont play for ranking on some ladder, we play to have fun. Aint that what its all about? If you are sick of this kind of behaviour, I suggest you head of to the chatroom on CMHQ for some honorable tcpip gameplay.

Cya there,

Heinz

[ 04-20-2001: Message edited by: Heinz 25th PzReg ]

[Wreck]

Or just use the idea I posted last time this came up, to wit:

Start the game TCP. If the opponent takes too long (more than a minute, maybe) to get back with the IP address, then refuse to play him.

The only big downside of this (from the POV of email players) is that your involvement with CM is controlled, a mere dalliance -- if wargaming was a drug, marijuana. Whereas TCP is the bomb, hardcore crack cocaine wargaming. Exposing yourself to it for even a turn is dangerous... you might play a turn or two... or three... or four...

Come here little boy. Everybody's trying "TCP". First one is free.

[Mannheim Tanker]

Another, more elegant solution is to simply play against people you trust. Works for me.

[Redwolf]

As I said, I am not so much concerned about the cheating itself, but rather about the social implications. It is unrealistic only to play people you know.

Or in other words, communicating and learning is what at least I am here for, and everything that narrows down new contacts is bad.

[Agua]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Heinz 25th PzReg:

Hi

What kind of player would cheat in this manner, and why the hell do they do it?

<snip>

Cya there,

Heinz

[ 04-20-2001: Message edited by: Heinz 25th PzReg ]<HR></BLOCKQUOTE>

Agreed. What sort of enjoyment would someone get out of playing a game like that? Maybe its a ladder thing.

[Scooter]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Agua:

Agreed. What sort of enjoyment would someone get out of playing a game like that? Maybe its a ladder thing.<HR></BLOCKQUOTE>

My thoughts exactly.

I woudn't expect much cheating in a friendly game of CM. Now, if it was in a competitive atmosphere like ladders, I'd wonder.

Anyways, it is always a good idea to ALWAYS discuss the game's parameters BEFORE you play. If you don't, then you leave yourself open to suffer the consequences.

[Schugger]

Hi Martin,

I'm an absolute computer iliterate and so have no clue about the difficulties to code such an additional anti-cheat feature.

I think that - no matter how hard you try to prevent it - someone finds a hole that allows him to cheat.

I treat the whole PBEM affair as a gentleman's club and I "suspect" that all of my opponents are honest men.

When you are playing a turney or a ladder game and want to get rid of that bad " what if.." feeling, ask a third player to do the setup; I'm sure you find someone willing to do this quite easily.

Short question:

When I replied to Martin's thread there wasn't any post. Is there a way to find out if there are any replies before you have posted an answer?

[ 04-20-2001: Message edited by: Schugger ]

[Sig]

Hello all,

I think we should not let this thread deviate in the direction of how we deal with potential cheaters, but focus on what Martin proposed.

Personally I would feel more confortable with a foolproof anti-cheating method for the exact reason Martin gave: sometimes I want to play somebody I don't know. And in that case I hate to waste even one atome of energy trying to discover if yes or no this person is a nice guy or an ugly cheating bastard. Too lazy to become paranoid, I suppose. So, go on Martin, I'm with you.

Just my opinion.

Sig

[Schugger]

I don't think we'll see any patch which satisfy Martin's wish.

Sig, if you need someone to setup a QB I'll volounteer to do that. All you and your opponent have to do is to send me an e-mail,

list the forces you want to purchase as well as the conditions ( date, turn lengh, terrain etc.).

Really no biggie

[Mr. Johnson--]

I have not fought a cheater yet. If I do I simply will not play him again. And I would warn ever other person at the CMHQ about them. They could change their name and cheat again, but what is the point? I think this is a small problem. Most of us wargamers have honor, I don't see the problem.

[Tanaka]

Martin,

Most of what you said is only valid to a very specific kind of QB, the "computer-chosen force" one, when "player-chose force" is selected those problems don't exist. The only one that remains is the absence of information to the 2nd player about the map conditions(trees and hills). I'm not sure, but I think for CM2 this one will be attended, any way if you don't like the map, just tell that to your adversarie...

<BLOCKQUOTE>quote:</font><HR>Originally posted by Martin Cracauer:

...Since one PBEM may be sent to multiple persons, you can just send it to yourself and see how things are and only when you like it send it to your opponent...

<HR></BLOCKQUOTE>

Not true, every time a turn pbem is load by any CPU a NEW map/turn is calculated... So you can reload your turn as many times you want, that when you send your turn to the other player a new calculations is always done.

Obviously a security problem still remains on the 1st/2nd turn of a "computer-chose" type of QB, but again, I think this will be look into for CM2.

[ 04-20-2001: Message edited by: Tanaka ]

[Redwolf]

A few points:

Mr Johnson, how do you recognize someone cheated on setup?

Schugger, I don't expect a patch for CMBO, but I'd like to have this in CM2.

Heinz, Agua, Scooter, I agree that this is more of an issue for ladder games.

The person in the middle is nice and doable, however, its doesn't address my point. If you do something to prevent cheating, like not agreeing on any computer choices or on consulting a third person, you make playing new players more tedious and worse, we will have cases where people feel insulted.

It is just not good for the community. I agree that the CMBO community is extremly nice. I never suspected one of my PBEM partners was cheating and my opponents trust me to do setup with computer selection of units or weather. However, the more important is to ensure it stays that way, and the redoable setup question can only work in one direction, mistrust.

Overall, I think the proposed mechanism re-implements for the setup phase what CMBO ever did for normal turns -requiring an additional exchange to prevent redoing.

Let me ask the question the other way round, why do you take the effort of the additional mail for each real turn if you don't think the same effort should go into the setup phase?

[Redwolf]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Tanaka:

Martin,

Most of what you said is only valid to a very specific kind of QB, the "computer-chosen force" one, when "player-chose force" is selected those problems don't exist. The only one that remains is the absence of information to the 2nd player about the map conditions(trees and hills). <HR></BLOCKQUOTE>

Actually I am most concerned about random weather and random time (which implies random ground conditions).

Computer-chosen forces are mostly for people I trust anyway and less for ladder games, so not that big of a deal here.

However, it makes a big difference if you know weather, ground and sight in advance. Would you buy mortars with a minimum range of 100m in a rainy night with 95m LOS? Would you buy lower Shermans in mud? What infantry do you choose? If LOS is 100m, would you buy anything that has its firewpoer peak at >= 250m?

On the other hand, I really like to play random weather, I think it is more fun. You have more opportunity to hang yourself with forces that don't work in the weather that gets chosen. You cannot follow your strict "proven force" rule, you need to take more things into account. This "take more things into account" is accentuation of the basic fun I have in CMBO, gain experience rapidly, but ever have more things to learn. It is especially worthy for ladder games, since those can get boring by force overoptimization and computer-chosen forces is too radical for ladder games.

<BLOCKQUOTE>quote:</font><HR>

... every time a turn pbem is load by any CPU a NEW map/turn is calculated... So you can reload your turn as many times you want, that when you send your turn to the other player a new calculations is always done.

<HR></BLOCKQUOTE>

No.

The initial setup PBEM file contains everything, if you send it to two persons, both games will have the same weather and time.

[ 04-20-2001: Message edited by: Martin Cracauer ]

[Tanaka]

My answer was oriented in a "general" cheating direction and not in the lack of setup control with terrain conditions. Taking out that part, the following statement <BLOCKQUOTE>quote:</font><HR>... every time a turn pbem is load by any CPU a NEW map/turn is calculated... So you can reload your turn as many times you want, that when you send your turn to the other player a new calculations is always done. <HR></BLOCKQUOTE> is entirely true.

Well... this was one of the things I also said <BLOCKQUOTE>quote:</font><HR> ...The only one that remains is the absence of information to the 2nd player about the map conditions(trees and hills). <HR></BLOCKQUOTE> and now I add the weather and time of the day.

As I said, I think BTS will look into this for CM2 and make the information available to the 2nd player and make the random weather/time "calculation" on the 2nd computer.

Any how, I've more then 70 PBEM/TCPIP games played, I also can understand the funny part of random weather, as we don't control the weather yet

My "advice" for CM1 when playing with unknown players :

-Don't play with "computer-chose"

-Don't play with random weather or time

-Don't play on a map that should have heavy trees/hills but has no trees/hills

-At the loser request, the winner is obliged to concede a 2nd game with exact same setup but now with him on the other side (Axis or Allies).

[ 04-20-2001: Message edited by: Tanaka ]

[Redwolf]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Tanaka:

... every time a turn pbem is load by any CPU a NEW map/turn is calculated... So you can reload your turn as many times you want, that when you send your turn to the other player a new calculations is always done. <HR></BLOCKQUOTE> is entirely true.

We must be talking different things. The initial PBEM file can be sent to multiple partners, without any reloading at all, and all games will have the same weather and time. If you are one of the receivers yourself, you know the weather before you have to send the file to anyone else.

[Redwolf]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Tanaka:

My "advice" for CM1 when playing with unknown players :

-Don't play with "computer-chose"

-Don't play with random weather or time

-Don't play on a map that should have heavy trees/hills but has no trees/hills

-At the loser request, the winner is obliged to concede a 2nd game with exact same setup but now with him on the other side (Axis or Allies).

<HR></BLOCKQUOTE>

As I said several times already, this is exactly what I want to prevent. I don't want to discriminate new players. What you outline is like handcuffing anyone who visits your house for the first time.

[Vanir Ausf B]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Tanaka:

Not true, every time a turn pbem is load by any CPU a NEW map/turn is calculated... So you can reload your turn as many times you want, that when you send your turn to the other player a new calculations is always done.<HR></BLOCKQUOTE>

I wish this were true, but unfortunately Martin is correct. The first computer generates the map that is used, not the second one. This is very easy to test if you think about it.

And Martin, you don't have to send the file to yourself to do this cheat. Just use the copy of the first file that is already on your computer.

[ 04-21-2001: Message edited by: Vanir Ausf B ]

[Olle Petersson]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Martin Cracauer:

If LOS is 100m, would you buy anything that has its firewpoer peak at >= 250m?<HR></BLOCKQUOTE>I just did, since I used random weather and time of day.

It went to thick fog at dawn...

Cheers

Olle

[Dschugaschwili]

<BLOCKQUOTE>quote:</font><HR>Originally posted by Vanir Ausf B:

The first computer generates the map that is used, not the second one. This is very easy to test if you think about it.

<HR></BLOCKQUOTE>

And this also gives a very easy fix for this problem: Let the second computer generate the map (including weather and night/day randomization) when player 2 selects his forces. After that both passwords are in place and no player can see the map before his forces are fixed. The only problem I see: The players might waste points on airplanes that won't show up because of bad weather.

Dschugaschwili

[Vanir Ausf B]

Exactly. I didn't read through Martin's lengthy solution, but simply having the 2nd comp do it is all it would take.

I didn't think about the air support thing. Perhaps the 1st comp should do the weather only. Without a map to look at the 1st player still couldn't look to see exactly what it was.

[Dschugaschwili]

Small correction to my suggestion above:

Letting the second computer generate the map solves the problem only if the players are allowed to purchase their own forces. If the computer picks the troops, it's not that easy. In this case, an additional file exchange would be necessary:

Player 1 sets the options, picks his password and sends the file.

Player 2 picks his password, does nothing, his computer generates the map and he sends the file back.

Player 1 does his setup and the game continues as always.

Dschugaschwili