The broker-less PubSubcommunication model provides Confidentialityand Integrity.This is accomplished using Symmetric Encryptionand signature algorithms. The required symmetric keys are distributed by a Security Key Server (SKS) (see OPC 10000-14for additional details). The SKS makes use of the standard Client/Serversecurity described in 4.5.2to establish application Authentication as well as user Authentication. This approach allows all applications (Publishersand/or Subscribers) in a SecurityGroupto share information

A benefit of using shared symmetric keys is the high performance they offer, but a drawback is that for a group of applications that use a shared symmetric key, all of the applications in the group have the same rights. All applications must trust all other applications in the group. Any application (Publisheror Subscriber) in the group can publish a message and any application (Publisheror Subscriber) in the group can decode the message.

For example, a system might be composed of a shared symmetric group that is composed of a controller (Publisher) and three Subscribers(say HMI’s). The controller is publishing messages and the HMIs are receiving the messages. If one of the HMIs is compromised, it might start publishing messages also. The other two HMIs will not be able to tell that the message was not sent from the controller. One possible solution to this situation could be if the shared symmetric group is composed of just the controller and one HMI. Additional groups would be created for each HMI, then no HMI could affect the other HMIs. Other possible solutions could also involve the network architecture and services, such as unicast restricted network communication, but these are outside the scope of the of OPC UA specification. The configuration of SecurityGroups requires careful consideration when deploying systems to ensure security.