I'll make you play fair

Introduction

Even though video games have strong performance requirements, protecting online video games by leveraging TEEs is not a trivial task due to the inherent limitations of TEEs: (i) memory size limitation; (2) no direct access to I/O operations; and (3) non negligible performance overhead to ensure security properties of the TEE.

The challenges of this research project are three-fold: 1) how to design an effective method to partition the game code into a secure and unsecure part, to keep the memory footprint small; 2) how to provide trusted I/O; and 3) how to ensure acceptable performance.

Projects

Gangi

The global online video game industry has become a more than one hundred billion dollar market. Cheating is one of the major issues in multiplayer online video games. Cheat prevention is challenging because of the unique threat model of online games. Because the cheaters physically possess their own game computers, they can install cheat tools at the user level and OS and can access the physical DRAM bus to tamper with the game process.

We propose to efficiently prevent memory tampering cheats by leveraging a trusted execution environment (TEE), Intel Client SGX. It provides strong integrity protection against memory tampering. Unfortunately, its strong protection comes with a severe size limitation of the available enclave memory. Running the entire game process inside the enclave exceeds the memory limit.

Gangi architecture

We present Gangi (architecture depicted above), a library that efficiently protects the integrity-sensitive game state that exceeds the available enclave memory. Gangi places the game state outside the enclave to reduce memory consumption inside the enclave while ensuring the integrity of the game state by hash-based validation. Our benchmarking results show that a Gangi-protected game outperforms the EPC swapping approach with the entire game state being inside the enclave.

Hybrid TEE

With cyber threats on the rise, the security of computer applications is critical. One practical solution to secure applications is to employ a Trusted Execution Environments (TEE): a secure area within the processor that protects code and data against a strong attacker.

A major issue faced by current architectures is the trade-off between guaranteeing freshness (i.e., data is up-to-date) and proposing a large secure memory. Without guaranteeing freshness, applications are vulnerable to unauthorized access or computing wrong results. Unfortunately, existing solutions either do not scale beyond a few hundred MB or weaken security.

Hybrid TEE achitecture

We propose a hybrid approach that combines both types of TEEs. Key challenges include: (i) application suitability; (ii) secure application partitioning; (iii) robust multi-TEE attestation; and (iv) efficient cross-TEE communication. We are currently addressing the above challenges via three use cases: a Database, Machine Learning, and Web applications. Implementation is under way on the Gem5 simulator with the RISC-V open-source architecture.

Secure I/O

Protecting the integrity and confidentiality of user input (I/O) is a fundamental challenge in computer security. Modern systems remain vulnerable to a wide spectrum of attacks, ranging from physical hardware implants (e.g., hardware keyloggers) to kernel-level malware. While Trusted Execution Environments (TEEs) like Intel SGX have enabled isolated processing on the host, existing secure I/O solutions often assume the trustworthiness of the peripheral device and the integrity of the physical connection, failing to protect against "Evil Maid" attacks or compromised peripheral firmware.

Secure I/O achitecture

In this project we propose a novel architecture that establishes a distributed root of trust spanning both the I/O peripheral and the host (see figure above). By leveraging ARM TrustZone on both the client (Cortex-A) and the input device (Cortex-M), it becomes possible to create an authenticated, encrypted channel using DTLS over Ethernet-over-USB. This design bypasses vulnerable legacy USB stacks and operating system kernels. We propose a protocol for secure firmware updates, multi-application isolation via secure port switching, and mutual attestation verifiable via an out-of-band mobile application.

An implementation on a Raspberry Pi 3 (leveraging the OP-TEE framework) and a Raspberry Pi Pico 2W, as well as a real keyboard, is currently in progress. Current results are promising (see below), we measured the communication throughput and latency of TCP, UDP and DTLS on a pair of Raspberry Pi3 connected via an ethernet cable (100Mpbs of bandwidth). First, UDP throughput (resp. latency) is higher (resp. lower) than TCP by 20% (resp. 17%), which strengthens our choice to base our protocol on DTLS instead of TLS. Second, DTLS overhead compared to UDP is less than 10%. Around 1400 scancodes can be sent and received every second, which is higher than the speed of high-end human interface peripherals, and higher than human reflexes.

Secure I/O performance

Secure Camera

The era of fake news is upon us. Manipulated images are a particular potent medium. Current state-of-the-art methods rely on image processing techniques, which is unfortunately not sufficient to detect manipulations.

In this project we propose the Trusted Camera Framework, an alternative approach that aims at creating secure images by leveraging Trusted Execution Environments. It transparently embeds cryptographic signatures into the image file to prove its authenticity and to correctly detail which post-processing modifications have been applied.

Our implementation leverages the PNG file format. An evaluation on several Raspberry Pi devices, with performance similar to recent smartphones, demonstrates they can create such secure images without compromising their image acquisition performance.

Outputs

  • Terufumi Hata, Kenta Ishiguro, Pierre-Louis Aublin, Kenji Kono, Gangi: Preventing Memory Tampering Cheats in Online Games, Journal of Information Processing, 2025, 33 巻, p. 901-912, 公開日 2025/11/15, Online ISSN 1882-6652, doi, paper
  • P.-L. Aublin, "What You See Is Not What You Get: Introducing the Trusted Camera Framework to Combat Fake News," 2025 IEEE Conference on Dependable, Autonomic and Secure Computing (DASC), Hakodate, Japan, 2025, pp. 15-22, doi
  • Bijun Li and Pierre-Louis Aublin. 2023. Transparent Management of BFT Systems with TEE. In Proceedings of the 6th Workshop on System Software for Trusted Execution (SysTEX '23). Association for Computing Machinery, New York, NY, USA, 17–19. doi
  • Aublin, Pierre-Louis, Mohammad Mahhouk, and Rüdiger Kapitza. "Towards TEEs with large secure memory and integrity protection against HW attacks." SysTEX’22: 5th Workshop on System Software for Trusted Execution, February 28, 2022, Lausanne, Switzerland. 2022, paper

Grant details

  • Grant number: 21K17726
  • Type: JSPS KAKENHI Grant-in-Aid for Early-Career Scientists
  • Timeline: FY 2021-2025 (April 2021 to March 2025)
  • Budget: budget: ¥2.6M