Paper 2004/203

How to Cheat at Chess: A Security Analysis of the Internet Chess Club

John Black, Martin Cochran, and Ryan Gardner

Abstract

The Internet Chess Club (ICC) is a popular online chess server with more than 30,000 members worldwide including various celebrities and the best chess players in the world. Although the ICC website assures its users that the security protocol used between client and server provides sufficient security for sensitive information to be transmitted (such as credit card numbers), we show this is not true. In particular we show how a passive adversary can easily read all communications with a trivial amount of computation, and how an active adversary can gain virtually unlimited powers over an ICC user. We also show simple methods for defeating the timestamping mechanism used by ICC. For each problem we uncover, we suggest repairs. Most of these are practical and inexpensive.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptanalysisimplementation
Contact author(s)
jrblack @ cs colorado edu
History
2004-11-15: last of 3 revisions
2004-08-18: received
See all versions
Short URL
https://ia.cr/2004/203
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2004/203,
      author = {John Black and Martin Cochran and Ryan Gardner},
      title = {How to Cheat at Chess: A Security Analysis of the Internet Chess Club},
      howpublished = {Cryptology {ePrint} Archive, Paper 2004/203},
      year = {2004},
      url = {https://eprint.iacr.org/2004/203}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.