> Yeah, well I wouldn't have any component on the secure side have any permanent memory.
Right. It should be possible to force critical systems to restart from ROM and refuse any network updates.
Useful reading: Nevada Gaming Commission technical regs.[1] A typical section:
"System based games must be capable of verifying that all control programs contained on the server or system portion are authentic copies of approved components of the gaming device both automatically, at least once every 24 hours, and on demand. The authentication mechanism must employ a hashing algorithm which produces a messages digest output of a least 128 bits. If the message digest is stored on a memory device other than a Conventional ROM Device the digest must be encrypted using a public/private key algorithm with a minimum of a 512 bit key or
must be a bit-for-bit comparison. The mechanism must prevent the execution of any control program component if the component is determined to be invalid. Any program component of the authentication mechanism must reside on and securely load from non-alterable storage media. A report shall be available which details the outcome of each automated execution of the authentication mechanism and shall identify any program components determined to be invalid."
The parts that verify integrity have to be in ROM, and everything else has to be signed and checksummed. The Gaming Commission prefers that as much as possible be in ROM.
"Remote access to a gaming device may only be granted for the following activities:
(a) Monitoring system health and performance;
(b) Scheduling operational gaming device functions such as downloading of content;
(c) Troubleshooting system issues;
(d) Performing inquiry-only functions such as viewing logs or generating reports"
No remote updating or patching of gaming software. Just inquiries. For changes, someone has to physically go to the device.
"System based games shall be configured such that system administrator level access may not be achieved without the presence and participation of at least two individuals."
Not just two-factor authentication, two people authentication.
"A dedicated video camera specifically installed to monitor access to the system based game must record all accesses to the secure area and the resulting video log must be retained for a period of at least 7 days."
And we're going to check on what those two people are doing.
"System based games must provide a log entry on the server or system portion of the device
and on a computer or other logging device residing outside of the secure area that houses the
server or system portion of the device anytime the server or system portion of the game causes a
change in the software to include control programs, data, graphics or sound information in the
connected conventional gaming device or client. The record must contain the date and time of the
action, identification of the component affected, the reason for the modification, and any pertinent
authentication information, and must be maintained for a minimum of 90 days."
Right. It should be possible to force critical systems to restart from ROM and refuse any network updates.
Useful reading: Nevada Gaming Commission technical regs.[1] A typical section:
"System based games must be capable of verifying that all control programs contained on the server or system portion are authentic copies of approved components of the gaming device both automatically, at least once every 24 hours, and on demand. The authentication mechanism must employ a hashing algorithm which produces a messages digest output of a least 128 bits. If the message digest is stored on a memory device other than a Conventional ROM Device the digest must be encrypted using a public/private key algorithm with a minimum of a 512 bit key or must be a bit-for-bit comparison. The mechanism must prevent the execution of any control program component if the component is determined to be invalid. Any program component of the authentication mechanism must reside on and securely load from non-alterable storage media. A report shall be available which details the outcome of each automated execution of the authentication mechanism and shall identify any program components determined to be invalid."
The parts that verify integrity have to be in ROM, and everything else has to be signed and checksummed. The Gaming Commission prefers that as much as possible be in ROM.
"Remote access to a gaming device may only be granted for the following activities:
(a) Monitoring system health and performance;
(b) Scheduling operational gaming device functions such as downloading of content;
(c) Troubleshooting system issues;
(d) Performing inquiry-only functions such as viewing logs or generating reports"
No remote updating or patching of gaming software. Just inquiries. For changes, someone has to physically go to the device.
"System based games shall be configured such that system administrator level access may not be achieved without the presence and participation of at least two individuals."
Not just two-factor authentication, two people authentication.
"A dedicated video camera specifically installed to monitor access to the system based game must record all accesses to the secure area and the resulting video log must be retained for a period of at least 7 days."
And we're going to check on what those two people are doing.
"System based games must provide a log entry on the server or system portion of the device and on a computer or other logging device residing outside of the secure area that houses the server or system portion of the device anytime the server or system portion of the game causes a change in the software to include control programs, data, graphics or sound information in the connected conventional gaming device or client. The record must contain the date and time of the action, identification of the component affected, the reason for the modification, and any pertinent authentication information, and must be maintained for a minimum of 90 days."
Dual independent logs of all changes.
This is what non-bullshit security looks like.
[1] https://gaming.nv.gov/uploadedFiles/gamingnvgov/content/Home...