Skip to content

Security Issues

Joshua Kolbusz edited this page Nov 3, 2024 · 8 revisions

1. Information kept by our software:

While most sensitive data will not be kept by our system, When joining a multiplayer game we want to make it so the host can only allow people who they want to join. The main things that will be kept that is considered sensitive is the IP address for multiplayer, and will be removed after disconnecting from a multiplayer game. Unity has its own secure client and server system which can generate keys for servers and clients to allow them to connect to one another. This will be the basis for our multiplayer since it protects players data, and can allow encryption of data as well.

2. Possible Attacks and Prevention:

Many attacks are possible when implementing multiplayer into our game.

2.1 Unauthorized access to server

This will be prevented by unity's built client and server architecture which generate keys so it would be impossible to join a server without one gaining access to said key.

2.2 Packet Sniffing and Injection:

This could be a way people access data they shouldn't and could join a game they should not be able to or manipulate data they should not be allowed to. This will be prevented by encrypting the data while it is in transit to prevent the attacker from using the data properly.

2.3 IP address is exposed in P2P:

This will be prevent with relay servers in Unity which can allow peers to communicate properly without exposing their IP addresses.

2.4 Spoofing players/Session Hijacking:

Someone could impersonate another player and hijack a session they should not be able to. This will be prevented with the keys generated from unity's secure client and server architecture.

Clone this wiki locally