Research on security around game art

PolyPort

Hi! I’m conducting some research for a startup and was hoping to get some answers to the following questions:  

 

Does your organization, or you as an individual, have concerns over sharing assets and creative content?  

 

What security processes are currently in place for sharing data?  

 

Thanks in advance!  

 

sprunghunt

Game companies don't share data. Game companies sell data.

marks

I mean, yes lots of games companies do share data (with outsource vendors, external partners etc etc). I don't have a lot of information to share on this though.

Eric Chadwick

You can't protect 3d real-time models from being ripped, period, end of story. 

When it goes to the GPU it's just a stream of vertices. Easy to intercept. Models have been ripped from games, and web viewers since forever.

If you can't attack that, there's no use in trying to lock files.

PolyPort

@Eric Chadwick 

"When it goes to the GPU it's just a stream of vertices. Easy to intercept. Models have been ripped from games, and web viewers since forever."

This is the problem we are addressing. Past solutions have protected these models in transit, but what we are developing allows the models/assets to be protected in real-time. In short, we encrypt the models and users must receive permissions to access these files. In addition, functions such as save as, screenshots and exports are all protected against. 

Of course, as you mentioned, models can still be ripped once a user has access to the file. The more sophisticated side of our technology stops individuals ripping models off the GPU, in addition to GLC scraping and other attempts to defeat the tech. 

pior

Preventing screenshots you say ?

zachagreg

Wouldn't real time encryption protocols on all assets in a game at real time hit performance pretty hard? They'd have to be protected the entire time right? Or else there is nothing stopping an user from dumping their GPU memory. Maybe by restricting 3rd party apps from accessing the data would be great since I imagine most people that rip are using such apps and not performing system level operations.

As far as restricting access to save as, screenshots and exports I expect you'll receive flak for that at some point. Anything that takes power away from me on MY machine is not staying on my machine very long. If there is some web app that I access and it is blocking me from using functionality on my end, I'm not using that app because if opening a web player restricts my usage then who knows what else it is doing. Not to mention how much an anti-virus will probably freak out over that.

If whatever you're working on is advanced enough to get around these issues that's fine and all well and good. I say keep at it but like Eric said there has been a long history of this happening. Restricting access to users is a messy business though and heavy encryption has a cost.

PolyPort

pior said:

Preventing screenshots you say ?

@pior Yes sir! 

PolyPort

@zachagreg So far in testing we haven't noticed any performance hits, that include all the major 3D software (Maya, 3DS Max etc) as well as Unity. The tech is designed to be a transparent layer, a one and done install that the user will not notice thereafter. 

As far as restrictions go, this can be configured - save as, screenshots etc will not necessarily be blocked, but anything that comes out of the software will also be encrypted. 

In addition, it's likely you'd only use the tech on sensitive projects - you may have the agent downloaded, but it will only be effective on 'PolyPort' encrypted files. 

Eric Chadwick

Oh, this sounds like a method for encrypting source 3D files, not the final exported assets once they're bundled into a consumer-targeted game engine, APK, HTML5 player, etc.?

zachagreg

Eric Chadwick said:

Oh, this sounds like a method for encrypting source 3D files, not the final exported assets once they're bundled into a consumer-targeted game engine, APK, HTML5 player, etc.?

Thats what I'm getting as well. Much different than what I was thinking.

PolyPort

@Eric Chadwick @zachagreg - That would be correct - there is obviously endpoints where the protection stop. Once the assets have been rendered into a final copy, it then becomes very difficult to protect. 

zachagreg

Ah if that is the case then currently at my job there is a concern about exterior networks being utilized when sharing files through various review systems namely the autodesk share and fbx reviewer. The main concern comes from government standards in our work and certain protocols that need to be adhered to so we can maintain various clearance levels in our building and on our servers. A bit of an extreme case but one where you might want to look into because enhanced encryptions and a secure pipeline for sharing assets with other government agencies for review processes would be a worthwhile one in my opinion. It would certainly allow for less red-tape and less hoops to jump through when setting up these kinds of review pipelines donw the road.