How to securely communicate with my own Windows Service

Question

I have a .NET application and a .NET Windows Service. How can I establish a secure communication channel between these two?

Most folks on the Internet recommend communicating with Windows Services using Named Pipes. But it seems this might create a big security hole in the system. If some dude reverse engineers my application, he will know the pipe name and the protocol I use, and that allows him to connect to my service and do whatever he wants.

Example: My client installs my application and gives it full privileges to install the service. Then he downloads some other software and does not give it full privileges. But that software finds my service and exploits it, using the pipe name and reverse engineered protocol.

So how to design a secure communication channel? Can the service somehow access the program that just connected to its pipe (so that I can compare its hash, provided the service has been installed to a secure location)? Or maybe use a different IPC? How does Microsoft secure his own services against this security hole?

Answer 1

I'd take a look at encrypting protocol with e.g. RSA encryption algo. And it doesn't matter what transfer protocol you are using (pipes, TCP/IP, messages, etc.). Any of them could be "read" in some way. In your case I'd use some network protocol (TCP/IP, UDP) to have scalability feature for free in future. Client and server side could be on different PCs/platform in such way. But a lot of things depends on requirements. Why do you actually need to secure this things, what data should be secured (probably it is easier ways to retrieve it for others exists), amount of data, others?

Answer 2

You just need to set up a security descriptor for your named pipe, so that only your client-side code can access it.

Details are here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365600%28v=vs.85%29.aspx