Secure multiserver authentication

Question

I was reading answers in How to split login and game logic when writing servers?. Read that first.

Now, I want to know whenever this method will work and how can it be broken. I think there might be better ways to do this but client-gameserver connection (in my case) will have to start in an unsecure channel. But the connection to the Login Server is secure. And the Game Server has a shared secret with the Login Server. But the connection to the gameserver is insecure.

So what are better ways of doing this? Hashing the IP in there seems to be secure, but I am not sure. Also, this will have to work fast, very fast.

This is authentication only. There is no need for secure channel between gameserver and client.

Answer 1

If communications between the game server and client are insecure then the only thing you are protecting is the information sent over the secure channel to the login server. An attacker can still take over the session on the game server and hence exploit the identity without the credentials.

Hashing the IP

While it is true that IP spoofing is hard, it's not impossible. Also this would only have some value as an indicator of identity if IP addresses were not shared and did not change mid-session, neither of which is true.

Without TLS on the game server you have no security. Good security needs lots more things.

this will have to work fast, very fast.

TLS does add a performance overhead, but there is scope to influence this significantly and it's just one component of your performance budget.

BTW the question you linked to is predicated on combining authentication and function of a service scaling poorly when combined. This is nonsense. There are good reasons for separating authentication to a dedicated service - it has very specific and exacting security requirements, hence using an off the shelf product has attractions, also the concomitant isolation makes reuse of the authentication service easier.