Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security/encryption of VI Server traffic

Security/encryption of VI Server traffic

‎07-14-2021 09:51 AM

Hello experts,

 

I am developing a client-server system that uses various LabVIEW-built executables, and I have some questions about how VI Server transmits data/information between applications.  

 

BACKGROUND:  Our server is a LabVIEW-built exe that runs continuously and communicates with hardware.  Our client is a separate exe that runs occasionally and uses VI Server to communicate bidirectionally with the server.  Our system is Windows only and uses LV2020.

 

QUESTIONS: 

  1. How does VI Server deal with the security of the data it transmits?  Does it encrypt the traffic somehow?
  2. I believe that VI Server uses TCP for communication.  Can these TCP packets be accessed and "hacked"? 
  3. I believe there is some way to have VI Server perform some kind of user authentication ... can someone explain or point me to a link which explains this? 
http://www.medicollector.com
0 Kudos
Message 1 of 5
(3,393 Views)
Reply

Re: Security/encryption of VI Server traffic

‎07-14-2021 10:05 AM

I am going to go out on a limb here and say the LabVIEW communications ae not encrypted in any way. The data may be binary data that is not clear text, unless of course you are sending clear text.

 

I think some sort of "local VPN" that encrypts all IP traffic would be the best way to go, as that would be seamless to the LabVIEW program. 

========================
=== Engineer Ambiguously ===
========================
Message 2 of 5
(3,389 Views)
Reply

Re: Security/encryption of VI Server traffic

‎07-14-2021 11:40 AM

Yes, VI Server uses simple TCP/IP over network sockets without any SSL/TSL encryption in between. The protocol is totally binary, so definitely not trivial to intercept but with enough dedication anything can be done.

 

VI Server was never intended to be run over public internet but really is meant to be used on private subnets. If your private factory subnet is susceptible to hacking you have a lot more trouble to worry about than the use of the VI Server protocol.

 

A man in the middle attack is definitely possible, but as mentioned it is not meant to be run over public internet, although that is technically possible. But the protocol is very command/response centric and doing that over a network connection that is not highly reliable (and internet certainly should not be considered reliable as its response time can vary greatly due to retry attempts for packet resends etc.) will regularly lead to communication errors if you don't use rather long timeouts.

 

There is indeed some user authentication possible. It is configured in your LabVIEW Options, or in the project properties. The authentication doesn't provide a high security since there is no attempt to encrypt or otherwise secure the credentials. So again if your connection is not private, it would allow an adversary to snoop your user names and passwords.

Rolf Kalbermatter  My Blog
DEMO, Electronic and Mechanical Support department, room 36.LB00.390
Message 3 of 5
(3,352 Views)
Reply

Re: Security/encryption of VI Server traffic

‎07-15-2021 05:42 AM

I'd probably try to tunnel the communication, for instance with stunnel.

Search LabVIEW like a graph!
Message 4 of 5
(3,312 Views)
Reply

Re: Security/encryption of VI Server traffic

‎07-15-2021 01:53 PM

Thanks everyone.  This was helpful.  

 

Looks like VI Server is not very secure.  So I added this as a suggestion in the Idea Exchange:  Encryption of VI Server traffic

 

Go upvote!

http://www.medicollector.com
0 Kudos
Message 5 of 5
(3,264 Views)
Reply