The following sub-clauses reconcile the threats that were described in 4.3 against the OPC UA functions. Compared to the reconciliation with the objectives that will be given in 5.2, this is a more specific reconciliation that relates OPC UA security functions to specific threats. A summary of the reconciliation is available in Table 1. Only eavesdropping and Server profiling require SignAndEncrypt while all other are mitigated with SignOnly. [ (X) indicates indirectly].
Table 1 – Security Reconciliation Threats Summary
|
Attacks |
Authentication |
Authorization |
Confidentiality |
Integrity |
Auditability |
Availability |
Non-Repudiation |
|
Denial of Service |
|
|
|
|
|
X |
|
|
Eaves Dropping |
X |
X |
X |
|
|
|
|
|
Message Spoofing |
|
X |
|
|
|
|
|
|
Message Alteration |
X |
X |
|
X |
X |
|
X |
|
Message Replay |
X |
X |
|
|
|
|
|
|
Malformed Messages |
|
|
|
|
|
X |
|
|
Server Profiling |
(X) |
(X) |
(X) |
(X) |
(X) |
(X) |
(X) |
|
Session Hijacking |
X |
X |
X |
X |
X |
X |
X |
|
Rogue Server |
X |
X |
X |
|
X |
X |
|
|
Rogue Publisher |
X |
|
X |
|
X |
X |
|
|
Compromising User Credentials |
X |
X |
X |
|
|
|
|
|
Repudiation |
|
|
|
|
|
|
X |