Creating a SECURE high score service using ASP.NET MVC 3

Question

I've done a lot of research on this questions but still can't seem to find what I'm looking for. Basically I've created a game for WP7 and I want it to connect to my service I created to send high scores and receive the leaderboards. Right now the service is simple and only takes a player name and score in string format.

I've seen a lot of tutorials on how to encrypt and decrypt data but they all seem to generate a key based off of user information and are usually just local examples. Wouldn't I have to use the same key that I used to encrypt my data on the app side so that I can decrypt it on the server side? Do I create my own key that I use on the app and on the server? How do I secure that key?

I've been messing around with this method to send encrypted strings to my service: http://robtiffany.com/windows-phone-7/dont-forget-to-encrypt-your-windows-phone-7-data/

But I'm really confused on how to sync that process on both the app side and server side because of the key generation.

If anyone has created a high score service and has some tips that would be very helpful.

Answer 1

If you want to make this really secure (which may not be needed), then the situation is tricky - you have to assume that the player has access to the source code of your application (because he/she can decompile it) and also has access to all keys that are stored in the application or anywhere in the phone. This means, that if your application encrypts the score using a key stored on the phone, then the attacker can do the same with a fake score.

To make it truly secure, you'd probably need to send some log of the game to the server and the server would have to verify that the log is a plausible way to finish the game (i.e. the game could have been played in that way). To fake a score in this system, the attacker would have to generate a log of the game - which means creating an AI that can play the game better than the human (to get better score). This may still be possible (if the game is easy for computers), but I guess it is not likely that someone will bother.

In practice, I think you can just add some obfuscation to the way the score is encoded (e.g. using symmetric encryption with the same key on the server and the client). If somone looks at the data sent over the network, they will not be easily able to fake better score. If they decompile the application, then they may still do that, but it's probably unlikely (and you can check scores by hand occasionaly to see if there is something suspicious).

[EDIT: I'm not WP7 expert, so there may be something special provided by WP7 but, in principle, it will still have the same problem]