This part of IEC 62541 describes the OPC Unified Architecture (OPC UA) security model. It describes the security threats of the physical, hardware, and software environments in which OPC UA is expected to run. It describes how OPC UA relies upon other standards for security. It provides definition of common security terms that are used in this and other parts of the OPC UA specification. It gives an overview of the security features that are specified in other parts of the OPC UA specification. It references services, mappings, and Profiles that are specified normatively in other parts of the OPC UA Specification. It provides suggestions or best practice guidelines on implementing security. Any seeming ambiguity between this part and one of the other normative parts does not remove or reduce the requirement specified in the other normative part.<\/p>\n
It is important to understand that there are many different aspects of security that have to be addressed when developing applications. However, since OPC UA specifies a communication protocol, the focus is on securing the data exchanged between applications. This does not mean that an application developer can ignore the other aspects of security like protecting persistent data against tampering. It is important that the developers look into all aspects of security and decide how they can be addressed in the application.<\/p>\n
This part is directed to readers who will develop OPC UA Client or Server applications or implement the OPC UA services layer. It is also for end Users that wish to understand the various security features and functionality provided by OPC UA. It also offers some suggestions that can be applied when deploying systems. These suggestions are generic in nature since the details would depend on the actual implementation of the OPC UA Applications and the choices made for the site security.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Annex ZA (normative)Normative references to international publicationswith their corresponding European publications <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 3 Terms, definitions, and abbreviated terms 3.1 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 3.2 Abbreviated terms 4 OPC UA security architecture 4.1 OPC UA security environment <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 4.2 Security objectives 4.2.1 Overview Figure 1 \u2013 OPC UA network example <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 4.2.2 Authentication 4.2.3 Authorization 4.2.4 Confidentiality 4.2.5 Integrity 4.2.6 Non-Repudiation 4.2.7 Auditability 4.2.8 Availability 4.3 Security threats to OPC UA systems 4.3.1 Overview <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 4.3.2 Denial of Service <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 4.3.3 Eavesdropping 4.3.4 Message spoofing 4.3.5 Message alteration 4.3.6 Message replay <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 4.3.7 Malformed Messages 4.3.8 Server profiling 4.3.9 Session hijacking 4.3.10 Rogue Server 4.3.11 Rogue Publisher <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 4.3.12 Compromising user credentials 4.3.13 Repudiation 4.4 OPC UA relationship to site security <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4.5 OPC UA security architecture 4.5.1 Overview Figure 2 \u2013 OPC UA security architecture \u2013 Client \/ Server <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 4.5.2 Client \/ Server Figure 3 \u2013 OPC UA security architecture \u2013 Publisher-Subscriber <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 4.5.3 Publish-Subscribe <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 4.6 SecurityPolicies <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 4.7 Security Profiles 4.8 Security Mode Settings 4.9 User Authentication 4.10 Application Authentication <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 4.11 User Authorization 4.12 Roles 4.13 OPC UA security related Services Figure 4 \u2013 Role overview <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 4.14 Auditing 4.14.1 General <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 4.14.2 Single Client and Server Figure 5 \u2013 Simple Servers <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 4.14.3 Aggregating Server 4.14.4 Aggregation through a non-auditing Server Figure 6 \u2013 Aggregating Servers <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 4.14.5 Aggregating Server with service distribution Figure 7 \u2013 Aggregation with a non-auditing Server <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 5 Security reconciliation 5.1 Reconciliation of threats with OPC UA security mechanisms 5.1.1 Overview Figure 8 \u2013 Aggregate Server with service distribution <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 5.1.2 Denial of Service Table 1 \u2013 Security Reconciliation Threats Summary <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 5.1.3 Eavesdropping 5.1.4 Message spoofing <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 5.1.5 Message alteration 5.1.6 Message replay 5.1.7 Malformed Messages 5.1.8 Server profiling 5.1.9 Session hijacking <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 5.1.10 Rogue Server or Publisher 5.1.11 Compromising user credentials 5.1.12 Repudiation 5.2 Reconciliation of objectives with OPC UA security mechanisms 5.2.1 Overview 5.2.2 Application Authentication <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 5.2.3 User Authentication 5.2.4 Authorization 5.2.5 Confidentiality 5.2.6 Integrity 5.2.7 Auditability <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 5.2.8 Availability 6 Implementation and deployment considerations 6.1 Overview 6.2 Appropriate timeouts 6.3 Strict Message processing <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 6.4 Random number generation 6.5 Special and reserved packets 6.6 Rate limiting and flow control 6.7 Administrative access <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 6.8 Cryptographic Keys 6.9 Alarm related guidance 6.10 Program access <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 6.11 Audit event management 6.12 OAuth2, JWT and User roles 6.13 HTTPs, SSL\/TLS & Websockets 6.14 Reverse Connect <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 7 Unsecured Services 7.1 Overview 7.2 Multicast Discovery 7.3 Global Discovery Server Security 7.3.1 Overview 7.3.2 Rogue GDS <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 7.3.3 Threats against a GDS 7.3.4 Certificate management threats <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 8 Certificate management 8.1.1 Overview 8.1.2 Self-signed certificate management Figure 9 \u2013 Manual Certificate handling <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 8.1.3 CA Signed Certificate management Figure 10 \u2013 CA Certificate handling <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 8.1.4 GDS Certificate Management <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | Figure 11 \u2013 Certificate handling <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" OPC unified architecture – Security Model<\/b><\/p>\n |