Moving from physical to logical security with server-based gaming

The gaming industry is undergoing a demographic shift, addressing the demands of a customer base that grew up with interactive electronic games.  Embracing new technology, the industry is now in the process of moving its workhorse slots, video poker and other electronic game machines to more advanced, networked, interactive, centrally managed server-based games.

While adapting to new market demands, very little, save the outcome of the games themselves, is left to chance. Security is still a top priority even as its requirements grow more complex.

This article charts the evolution of electronic game machine security from yesterday’s standalone slot machines to tomorrow’s generation of networked gaming devices. It illustrates how the fundamental principles that guide security architects support the evolution to server-based gaming and outlines what steps are being taken to secure the new ecosystem. Underlying nearly every aspect of casino security, from the one generation to the next, are principles of cryptography, sound design and robust implementation.

A digital signature establishes both the integrity and authenticity of the system software. System software is signed with a private key and the signature and signed system attributes stored in the device. At boot time a cryptographic hash is calculated and compared with the hash bound to the signature. To maintain security, it is critical that the public key used to unbind the hash is stored on the device in protected or immutable memory; otherwise a fake signature may be used to compromise the device.

Protecting operators, players

EGMs are regulated by regional authorities whose job is to protect players and keep unscrupulous vendors from harming the industry. Regulators such as the Nevada Gaming Commission and independent gaming labs such as Gaming Laboratories International (GLI) test and approve machines and game software much as the Food and Drug Administration approves medical equipment. They ensure a game’s “fairness” by verifying that random number generators comply with industry standards, check game logic and evaluate mechanisms intended to ensure game integrity. They also work with the industry to develop standards that every vendor can design to.

Regulators ensure that electronic gaming machines are designed to run only valid, authorized software. Secure gaming devices running open operating systems such as Windows or Linux on off-the-shelf personal computing platforms is particularly complex.  Security in these devices involves a transitive trust process - where immutable boot code acts as a trust anchor, and uses digital signatures to establish trust in a kernel image. From there, the kernel or core operating system establishes trust in application components.  

Protecting IP

Validating the integrity of system software helps protect gaming operators and players from hacked game machines, but EGM vendors have a slightly different problem – protecting their intellectual property. They need to prevent device and game counterfeiting and cloning to protect their revenue streams. Gaming devices running open operating systems such as Windows or Linux on off-the-shelf personal computing platforms are particularly vulnerable. These devices are well understood by would-be counterfeiters and off-the-shelf hardware is easily duplicated. To thwart counterfeiting, additional security measures can be used to bind system software to the machines themselves. Binding involves providing unique information on the machine components, such as chip and peripheral component serial numbers, as inputs to key generation algorithms. The unique keys produced then encrypt portions of the operating system and applications at manufacture, rendering unauthorized copies of machines or software useless.  Only systems with complete system integrity can recover the keys using techniques such as the Elliptic Curve Pintsov-Vanstone Signature Scheme with Message Recovery (EC PVSSR) to decrypt and verify platform software.

Server-based gaming

Server-based gaming (SBG) is an exciting new development in casino gaming.  With SBG, electronic games are downloaded from the operator’s backend content management system over a high-speed network to EGM cabinets on the casino floor. Like traditional EGMs, game logic runs on the device, but allows the casino floor to be managed remotely. 

In the true sense of the definition of server-based gaming, the outcome of the game is actually determined by the server, and downloaded to the EGM for display to the player. Today, systems are being developed where the outcome logic still resides in the EGM. These are often referred to as server-supported or server-assisted gaming. For the purposes of this article, this distinction is not relevant, so the term “server-based gaming” is solutions.

Firmware on legacy slot machines is still updated via EPROMs, with game technicians updating game cabinet electronics under close supervision of surveillance staff. Every update to an EGM is costly and time consuming. The advent of removable flash memory (e.g. compact flash) has improved performance and allowed for larger more complex gaming applications; however, software updates are still a tightly controlled manual process. Updates, changes and compliance activities all require human intervention and pose significant cost to the operator.

Server-based gaming will allow casino operators to significantly minimize EGM downtime by eliminating the manual intervention requirements of updates, game changes and game configuration changes. This streamlining will also significantly reduce the workload on technical maintenance staff and lower operational costs.

Server-based gaming also enables operators to tailor their offerings to floor conditions and player preference. Management software can track what games are being played and provide analytics to maximize game revenue, optimizing floors for peak demand. New games and game payouts can be programmed in a matter of seconds. A click of a mouse at the casino operator’s console can change a bank of EGMs’ games and configurations - one minute, 12 nine-line nickel slots, the next minute, 12 20-line penny slots.  

The combination of increased operational efficiency and better analytics gives casino operators freedom to experiment and try new genres of interactive game content to drive EGM revenue.  Players also benefit with more choice of games, personalized to their own preferences.  Eventually peer-to-peer play enabled by networked operation will permeate into the development of new game content and into the plans of the various regulatory organizations.  

All in all, server-based gaming provides an exciting new opportunity for the casino gaming industry, and with it a new round of security challenges.

Securing the future

Security specifications for server-based gaming are being developed by the Gaming Standards Association (GSA), an industry body looking to drive seamless communication and interoperability between EGMs and backend management systems. The GSA specification references proven web services technologies such as XML, SOAP and http as fundamental components of the SBG architecture. 
Given the Web services orientation, it’s no surprise that security and authentication of SBG services is based on SSL/TLS.  SSL (Secure Socket Layer), now called TLS (Transport Layer Security), is the Web’s standard for secure connectivity, and the connection protocol underlying the https session running in your web browser.     

Most SSL sessions, such as those people use to connect to e-commerce sites, use one-way authentication. That is, the Web site authenticates itself to you using a digital certificate from a trusted authority, while you remain anonymous to it. SSL/TLS authentication and encryption for Server-based gaming is based on mutual authentication - providing both the EGM and each SBG server entity with a unique, authenticated identity using digital certificates. Strong cipher suites ensure that transactions between client and server are secured, while device enrollment and certificate issuance are controlled by a local casino certificate authority operating in accordance with GSA policy requirements.

Casino networks are further protected by modern network security technology.

Integrity at forefront

Some aspects of SBG security remain unique to specific EGM implementations. Platform integrity, for instance, remains a fundamental requirement, but the methods used to achieve it are implementation dependent – a design consideration which needs only satisfy the gaming regulator and the casino operators. 

Downloadable games need to be validated prior to execution – and the same code authentication and verification techniques used in legacy EGMs still apply. The threats in a networked SBG environment, however, are somewhat more ominous. An integrity protection scheme needs to work at the BIOS-level, pre-boot, in order to prevent rootkit attacks from corrupting system software. A secure boot scheme which uses trust anchor authentication processes to protect critical system resources can help thwart attacks (such as specially-adapted viruses) targeting critical system data and DLLs.

The new game in town

The shift to server-based gaming brings with it the potential for disruptive business models between game vendors and operators.  Thus license management is arguably the most interesting new security requirement.

With SBG, casino operators are going to have more choice in the games they deploy.  They will be able to track user preferences and quickly identify trends and profit-maximizing game combinations.

Game manufacturers will see both advantages and disadvantages to server-based gaming. No longer locked into a set amount of floor space, they will have an opportunity to compete dynamically for market share. This should drive innovation in game development. 

Operators will gain new choices in terms of how they license game content: traditional perpetual licensing – e.g. pay for 100 licenses; leasing, pay per use; revenue share, floating licenses, etc.

License management will allow game manufacturers to sell game content with pre-agreed terms and conditions that can be enforced dynamically on the casino floor. Naturally game vendors with more profitable titles can expect a better cut.

To enforce these business models and bind game content to licensed operators, EGM vendors will design machines with built-in license management. License agents that communicate with license servers and content catalogs will naturally use strong cryptography to ensure that game content cannot be pirated.

The server-based gaming Web services architecture will support the integration of casino game management systems with game licensing and catalogs, creating a new, connected ecosystem of game machine manufacturers, content vendors and casino operators.

With higher revenues and lower operating costs, we expect server-based games to become a major focus for the gaming industry. Security will continue to be a priority, especially as the casino network expands to support new services and support operations. A foundation layer of strong cryptography and robust security architecture will ensure stakeholders are protected and the casino gaming industry continues to enjoy vibrant growth.