Secure Online Game Play with Token (2011)

. . Secure Online Game Play with Token . A case study in the design of multi-facrtor authentication device ... . Shinji R. Yamane Aoyama Gakuin University / IGDA(International Game Developer Association) Japan chapter HCII2011, July 14, 2011 @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 1 / 16

• #p16

Contents . . .1 Introduction . . 2. Current Status . . .3 Lessons from Game Design . . .4 Proposed Framework . . .5 Conclusion . . .6 Questions / Discussion @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 2 / 16

• #p3
• #p6
• #p8
• #p11
• #p14
• #p16
• #p1

Introduction Agenda Agenda “User–centered Smarter Products Design and Modeling” — user-side online game security Securing Online Gaming by Design Bridging communities: Security, Game Design, and HCI Proposing a game design framework for collaborative work @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 3 / 16

• #p1

Introduction Motivation Motivation Protecting online game security is hard at . . . 4Gamer.net not only the server-side, but also user-side. @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 4 / 16

• http://www.4gamer.net/games/036/G003636/20110501003/
• #p1

Introduction Motivation Research Questions Game industries started to provide user-side protection features, Most security feature of online games are not “by-design”, but “add-on”. Security has nothing to do with the game designers or HCI reseachers? Can we learn from the history of games? @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 5 / 16

• #p1

Current Status Rising Online Game Security Rising Online Game Security ENISA (European Network and Information Security Agency) report in 2008: encourages service providers to require stronger authentication when players perform any high-value or sensitive actions Who, How? — Guiding principle is needed. @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 6 / 16

• #p1

Current Status Game companies toward stronger authentication Game companies offerings Multi-factor authentication devices: @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 7 / 16

• #p1

Lessons from Game Design Seeking another approach Seeking another approach Today’s gamers may accept the additional cost for security devices, but. . . general-purpose and not for gamers, less related with game design strategies. However, arcade game has another example of security device implementation: (video: Japanese arcade online game [7].) @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 8 / 16

• http://www.youtube.com/watch?v=67Z4RdYrTG0
• #p1

Lessons from Game Design Lessons from past game Lessons from past game Embedded with real-world-oriented interface, arcade game developers has provided a (single-factor) authentication for nation-wide network. (Today, no longer available in Europe). “. . . arcade game developers must put their machines through the most brutal usability testing in the software world—prototype games on location with real players spending real money.” (Pausch et al., SIGGRAPH’94) @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 9 / 16

• #p1

Lessons from Game Design Bring them together Bring them together Bridging theree fields for secure multifactor gaming authentication: .. Security engineer: 1 security analysis .. HCI researcher: 2 interface idioms .. Game designer: 3 game narrative and historical cases of game design . . . @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 10 / 16

• #p1

Proposed Framework Framework for participatory game design Game Design Framework Use of “framework” in game design in the field of game design workshops or game studies MDA framework (Mechanics, Dynamics, and Aesthetics) To analyze games, emphasize each different professional views. @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 11 / 16

• #p1

Proposed Framework Framework for participatory game design Multi-dimension Framework Security engineer: security analysis (thetraditional security aspect) HCI researcher: interface idiom (the real-world-oriented interface aspect) Game designer: narrative (the game design aspect), past designs, and user tests @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 12 / 16

• #p1

Proposed Framework Back to Current Game: Analysis Back to Current Games (Each aspects examined in Section 4.) @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 13 / 16

• #p1

Conclusion Conclusion Secure online gaming by design Bridging communities: Security, Game Design, and HCI Case study in multi-factor authentication Based on the game design “framework” Examined across different games: US—Europe—Asia, past—current, or arcade—MMORPG @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 14 / 16

• #p1

Conclusion Future Works / Works in Progress Future Works Prototyping hardware or software device and their analysis Using this framework in game design workshop Collecting more cases in the history of game security ‘Gamification’ to other “not fun” online security @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 15 / 16

• #p1

Questions / Discussion Thank you for your attention! (Photograph: John MacDougall/AFP) @ShinjiYamane (AGU/IGDA.jp) Secure Onlie Game Play with Token S209@HCII2011 16 / 16

• http://www.guardian.co.uk/football/2011/jun/16/panini-womens-world-cup-stickers
• #p1