The advent of networked gaming systems has created both new challenges and opportunities. Small, wireless hardware devices used in mobile gaming are more vulnerable to compromise resulting from theft or tampering than their much larger and heavier counterparts. Even fixed-place “thin” clients introduce a measure of insecurity to the system by providing a network connection which may be usurped by intruders seeking access to the gaming system. (As used herein, the term “thin client” or the like may refer broadly to a “thin client” as the term is generally known in the art as well as to a more versatile device and/or related software, such as a diskless node or a hybrid client. As such, thin clients may be client computers and/or client software that depend, at least to some extent, on one or more central devices for processing activities but which may potentially have a range of processing capabilities. A thin client may or may not be a mobile device and vice versa.) However, the presence of the same network connection which introduces the potential for intrusion also affords new opportunities, such as the real-time monitoring of network assets.
There are many tools and techniques which are quite effective in dealing with unauthorized machines on a network. However, such techniques rely on the ability to distinguish between the authorized and unauthorized machines. When employing such techniques, if one cannot distinguish the “good” machines from the “bad,” one cannot grant access only to the former and deny the latter.
Most non-trivial network security systems rely on the hardware MAC (Media Access Control) address to identify devices requesting access. With a unique 48-bit address assigned by the manufacturer to the networking hardware of every device, moderate security can be maintained in many cases by identifying a machine solely based on its MAC address. However, MAC addresses can be changed or cloned with relative ease, thereby allowing an unauthorized machine to impersonate an authorized machine by identifying itself with the latter's MAC address. The hardware providing network services to the client (or its impersonator) rarely takes additional steps to identify the machine. Once granted network access, an unauthorized machine with a cloned MAC address may be able to disrupt the network, capture sensitive data, compromise other machines on the network, and cause harm in any number of other ways.
More advanced security measures may require that a security device with unique verification information be installed in the machine (e.g., in a thin client or a mobile device). When interrogated, the central processing unit CPU may access and read the security device (often an EPROM or other form of read-only memory) and relay the identifying information it contains to the requesting function. Provided that the machine is not tampered with, such methods may allow secure identification of that particular machine.
However, such methods do little to prevent impersonation by a rogue machine that does not have the same identification hardware installed. Given a sample of such hardware extracted from one machine, producing a duplicate (possibly containing data for another valid device obtained from an inside source) would not be difficult. It is even easier to emulate the process in software running on an intruding machine so as to fool a network-based server into thinking that the data were retrieved from the secure hardware inside an authorized machine.
In short, hardware used to identify a machine uniquely may successfully be cloned (duplicated) or emulated in software once it has been analyzed by a sophisticated intruder. For mobile gaming devices, acquiring such hardware security devices may be as simple as sticking a mobile gaming terminal in a pocket and leaving the casino. Subsequent analysis of the device could disclose the nature of any hardware security measures protecting the entire system and permit an attacker (especially one with access to sensitive administrative information, such as the security information of machines other than the one that was purloined) to construct a machine which successfully masquerades as a legitimate client but is designed to infiltrate the network for nefarious purposes.
Even fixed-place gaming devices on wired networks are vulnerable if an intruder is able to gain access to any unprotected section of Ethernet cable. Tapping into the cable may allow an intruder to monitor network traffic and subsequently supplant the legitimate machine with an unauthorized client dedicated to evil purposes. It would be desirable to provide more versatile methods and devices.