YARP  2.3.70.2
Yet Another Robot Platform
YARP port authentication
Author
Daniel Krieg

A new connection to a YARP port is established via handshaking on a TCP port, (see yarp::os::impl::TcpFace). So everyone who can access this TCP port can connect to your YARP port (as long as he understands the protocol).

So if you are not behind a firewall, you are exposing your YARP infrastructure to the world. This is frustrating at a minimum if someone is messing with your nameserver. And if your application is vulnerable to corrupted data, it is a security leak. In particular, all iCub users running the yarprun server for the application manager should be aware of this issue (see iCub wiki).

To protect your ports, you can enable the port authentication which adds a key exchange to the initial handshaking in order to authenticate any connection request. It uses a 3-way HMAC mechanism with SHA256.

How to use the port authentication mechanism

Create a file 'auth.conf' in a directory that "yarp resource --find auth.conf" would find, with the following content:

[AUTH]
key "my_secret_key"

You can 'test' it by opening a telnet connection to your nameserver. Instead of a welcome message you should see only garbage.

Now, only yarp applications with the same key can connect to each other. This also applies to the nameserver (as it is just a regular port).

Remarks

  • Connections via telnet (as in Talking to a Port) or http (for browser-access to the nameserver) are no longer possible.
  • Also if you wrote your own code for communication from a yarp-external application (as in Writing commands from code), you have to include the authentication logic.
  • It imposes additional overhead onto the handshaking. The effect might be visible when doing many nameserver requests (open port, auth, request, close port) over slow connections.
  • This is no encryption method: your actual data is still transmitted as usual.
  • There might still be a security issue with connection via UDP/MCAST, where data packets possibly could be inserted into an already established connection.

Final note

I consider this mechanism to be secure for handshaking, but it comes without any warranty. Every user should still feel responsible for the security of their system.