4

I have a .NET application and a .NET Windows Service. How can I establish a secure communication channel between these two?

Most folks on the Internet recommend communicating with Windows Services using Named Pipes. But it seems this might create a big security hole in the system. If some dude reverse engineers my application, he will know the pipe name and the protocol I use, and that allows him to connect to my service and do whatever he wants.

Example: My client installs my application and gives it full privileges to install the service. Then he downloads some other software and does not give it full privileges. But that software finds my service and exploits it, using the pipe name and reverse engineered protocol.

So how to design a secure communication channel? Can the service somehow access the program that just connected to its pipe (so that I can compare its hash, provided the service has been installed to a secure location)? Or maybe use a different IPC? How does Microsoft secure his own services against this security hole?

Paya
  • 5,124
  • 4
  • 45
  • 71
  • Named Pipes support security, I remember, because I had to disable that :p – leppie Feb 06 '12 at 13:49
  • Why digging that hole in the first place? If your application needs privileges, ask the user again for it! If he doesn't give it to you, think of a fallback or abort. – ordag Feb 06 '12 at 13:53
  • 1
    @ordag: Because it needs the privileges every time a Windows starts. And I don't want my whole application to run elevated, because that might cause other security problems. – Paya Feb 06 '12 at 13:56

2 Answers2

7

You just need to set up a security descriptor for your named pipe, so that only your client-side code can access it.

Details are here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365600%28v=vs.85%29.aspx

  • +1 Thanks, that looks very promising. Do you have (by any chance) an example where you limit the client-side to a certain process? – Paya Feb 06 '12 at 14:01
  • Not currently. It's been a little while since I've coded this up. :) –  Feb 06 '12 at 14:04
  • Well, I have found [this](http://stackoverflow.com/questions/3282365/opening-a-named-pipe-in-low-integrity-level-windows-7-c), but it's still far from what I need. – Paya Feb 07 '12 at 02:24
0

I'd take a look at encrypting protocol with e.g. RSA encryption algo. And it doesn't matter what transfer protocol you are using (pipes, TCP/IP, messages, etc.). Any of them could be "read" in some way. In your case I'd use some network protocol (TCP/IP, UDP) to have scalability feature for free in future. Client and server side could be on different PCs/platform in such way. But a lot of things depends on requirements. Why do you actually need to secure this things, what data should be secured (probably it is easier ways to retrieve it for others exists), amount of data, others?

Anton
  • 342
  • 4
  • 7