Jump to content
OlivierL

Securing RIO communications

Recommended Posts

ShaunR's recent topic on Security reminded me of a situation we explored in the summer and need to revisit at some point. We were looking for a method to protect the communication with a cRIO.

 

The situation is that we need to communicate between a cRIO and a host on an unsecured network (manufacturing environment.) We concluded that we needed some form of encryption as well as a standard login mechanism but identified that having a single symmetrical key would not provide enough protection (for various reasons and specific use cases.)

 

Therefore, we looked into SSL and LabVIEW Web Services because it already includes that library and all the security features that we need. We figured out that it would definitely offer the protection required but that would mean rewriting most of existing code to use Web Service instead or establish some for of communication through a new Web Service. Considering the amount of unknown and risks associated with modifying our code, we looked into an alternative and came up with the following scheme:

 

post-12461-0-26506900-1448297242.png

 

In short, we would use a Web Service for the initial login and create a new symmetrical key which would be passed to the host and to the main application on the target (cRIO) and would be used to encrypt/decrypt all data during the session. This way, we could still program all of our code in LabVIEW and easily download/deploy the services and applications to the Target using NI standard tools but benefit from proper security and only have to add fairly simple wrappers to some sections of our existing code.

 

I wonder if anyone else has already gone down that route to add protection to an existing application. Would you suggest a different implementation method or an easier path to a similar result? Is there some obvious pitfalls in this approach that we do not see?

  • Like 1

Share this post


Link to post
Share on other sites

I would like to mention the WireQueue system created by the WireFlow team. Shameless plug: here is the link https://www.wirequeue.com/

 

WireQueue has been presented already in this forum in this topic.

 

WireQueue is a service for secure communication over the internet, specifically designed for targets running LabVIEW or LabVIEW RT from National Instruments.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By usmanf
      Does any one have an idea on how to password encrypt an Excel file (or csv) in LabVIEW or zip up the excel file/csv and add a password to it that way? I need to be able to add a simple encryption to confidential patient data files after they are created and be able open them to read later by the same program.   I've tried using OpenG to add a password protection to a Zip file but when I try to add a string variable to the password connector it says password (none) so it makes me feel like I'm doing this wrong.    I couldn't really find any similar documentation or tutorials on creating a csv or excel file then zipping up the file and adding a password to the zip with OpenG though I read about the function on the Labview forums.   A few other things over I've tried recently:   I think a solution would be to use some sort of property/ invoke node with ActiveX like I've attempted to do in the picture below but I can't find anything that explains exactly how property and invoke nodes work with ActiveX to achieve what I wanted, and I was hoping someone would have a tutorial that a LabVIEW beginner like me could use.    Something else that I looked at was adding a "blowfish" encryption to encrypt the data but seemed extremely complicated and all I need is a simple password encryption.   Finally I tried using an add on called AES crypto but I felt that the encryption methods that were featured in the add on were limiting. For patient names they would be at different lengths and in the example programs it showed that if a string was shorter than 128 bits then it would't be able to encrypt the string. Which is an issue if the patient has even a regular length name.   If you have any thoughts or find anything useful let me know.   Thanks,  From a beginner usmanf
    • By Igor Titov
      Hello everybody!
      During a few last years I received multiple appeals to release AES library that I developed in 2011 into open-source. So, I've just done exactly this: https://github.com/IgorTitov/LabVIEW-Advanced-Encryption-Standard
      I released it under MIT license (which means that there are no restrictions whatsoever). No VI passwords, no uglification.
      LabVIEWishly Yours,
      Igor Titov.
    • By parth
      hello all,
      Firstly I am very new to labview so i apologise in advance if i ask some stupid questions.
      i am running a vi on my rio ( simple analog in/out express vi s) and another vi on my PC. i am communicating between them through shared variable and it works perfectly, only thing is i have to manually run both vi s.
      my question is, is there a simple way to start the vi on myrio from the vi on my PC? 
      PS:- i tried to work with vi server but i failed because of my limited knowledge. 
      any help will be much aprreciated.
      Thanks & Regards,
      Parth
    • By Calorified
      Hi there,

       

      I have RIO in a Windows VirtualBox inside a Ubunbtu Host OS.

       

      I am sending data from a C++ program in the Ubuntu Host system to labview within the Guest OS.

      I can receive the data on labview installed on the windows guest os. Below is the png of the Windows working program.

       



       

      But when I tried to send the data to myRIO, I was getting a udp read only error 42.

       

      Somewhere on the NI forums, someone suggested the net address of the "UDP Multicast Read-Only" vi  be wired to the address of the RIO which I have done below

       



      .

       

      Now, the code runs on myRIO but I can't receive any data on RIO. The multicast address I am sending to from Boost Asio C++ is 235.255.0.1 on port 30001.

       

      The RIO has a public ip of 172.22.11.2 and I set up a static ip address for it in NI MAX as the address of the UDP Multicast : "235.255.0.1.

       

       

       

      At this moment, I do not see what I am missing. All firewalls have been disabled and I have set the permissions for RIO through the Windows security page.

       

      Any help would be appreciated.

      Thank you!

    • By Wezarp
      Wezarp allows a software application to be controlled by a remote device such as a tablet, a smartphone or a computer.
       
      The first release of our website www.wezarp.com is now online !!! Wezarp for NI LabVIEW is available... Don't hesitate to download and try the 30-day free trial version !
       
      Here is a video demonstration on how to use Wezarp with NI LabVIEW
       
       
       
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.