Secure LSL

Current Version

1.16.1-secure.1.0.0-alpha

Base: 1.16.1
Security: 1.0.0
Stage: alpha

Transparent encryption for Lab Streaming Layer biosignal streaming

Secure LSL adds end-to-end encryption to LSL without requiring any changes to your existing applications. Your EEG, eye tracking, and other biosignal data is automatically protected using the same cryptographic standards trusted by banks and governments.

Why Secure LSL?

Protect Patient Data

Meet HIPAA and GDPR requirements for clinical and research applications involving human subjects.
Zero Code Changes

Your existing LSL applications work unchanged. Security is handled transparently by the library.
Real-Time Performance

Less than 5% overhead. Your 1000 Hz EEG streams stay synchronized to the millisecond.
Tamper Detection

Every packet is authenticated. Any modification, even a single bit flip, is detected immediately.

Quick Start

Get secure streaming in 3 steps:

# 1. Generate encryption keys for this device
./lsl-keygen

# 2. That's it! Your LSL streams are now encrypted.
# All existing applications work unchanged.

Get Started

How It Works

sequenceDiagram
    participant Outlet as EEG Amplifier<br/>(Outlet)
    participant Network as Network
    participant Inlet as LabRecorder<br/>(Inlet)

    Note over Outlet,Inlet: 1. Discovery (UDP)
    Outlet->>Network: "I'm a 64-ch EEG stream"<br/>+ Security fingerprint
    Network->>Inlet: Stream available

    Note over Outlet,Inlet: 2. Secure Connection (TCP)
    Inlet->>Outlet: Connect + Exchange keys
    Outlet->>Inlet: Verify identity + Session key

    Note over Outlet,Inlet: 3. Encrypted Streaming
    loop Every sample
        Outlet->>Outlet: Encrypt with session key
        Outlet->>Inlet: Encrypted data
        Inlet->>Inlet: Decrypt + Verify
    end

The encryption happens inside the LSL library itself. Your Python scripts, MATLAB code, and C++ applications see regular LSL data; the encryption/decryption is completely invisible.

Learn More

Security at a Glance

What	How	Why It Matters
Device Identity	Ed25519 digital signatures	Only authorized devices can connect
Data Encryption	ChaCha20-Poly1305	Your biosignals are unreadable to eavesdroppers
Tamper Detection	Authenticated encryption	Modified packets are rejected automatically
Replay Prevention	Monotonic nonces	Old packets can't be re-injected
Forward Secrecy	Session keys rotate every 24h	Past recordings stay safe even if keys leak

Supported Platforms

Operating Systems: macOS, Linux, Windows
Languages: C/C++, Python (pylsl), MATLAB
Hardware: x86_64, ARM (Apple Silicon, Raspberry Pi)

All 150+ LSL applications work without modification.

Regulatory Compliance

Secure LSL helps you meet:

HIPAA Technical Safeguards (45 CFR §164.312)
GDPR Article 32 security requirements
FDA 21 CFR Part 11 electronic records

See Compliance Details

Get Started

Quick Start Guide

Get encryption running in 5 minutes
How It Works

Understand the security without needing a crypto PhD
API Reference

Check security status in your applications
FAQ

Common questions answered