The following sub-clauses reconcile the threats that were described in 4.3 against the OPC UA functions. Compared to the reconciliation with the objectives that will be given in 5.2, this is a more specific reconciliation that relates OPC UA security functions to specific threats. A summary of the reconciliation is available in Table 1. Only eavesdropping and Server profiling require SignAndEncrypt while all other are mitigated with SignOnly. [ (X) indicates indirectly].

Table 1 – Security Reconciliation Threats Summary

Attacks

Authentication

Authorization

Confidentiality

Integrity

Auditability

Availability

Non-Repudiation

Denial of Service

X

Eaves Dropping

X

X

X

Message Spoofing

X

Message Alteration

X

X

X

X

X

Message Replay

X

X

Malformed Messages

X

Server Profiling

(X)

(X)

(X)

(X)

(X)

(X)

(X)

Session Hijacking

X

X

X

X

X

X

X

Rogue Server

X

X

X

X

X

Rogue Publisher

X

X

X

X

Compromising User Credentials

X

X

X

Repudiation

X