The following sub-clauses 5.1.2 through 5.1.15 reconcile the threats that were described in 4.3 against the OPC UA functions. Compared to the reconciliation with the objectives that will be given in 5.2, this is a more specific reconciliation that relates OPC UA security functions to specific threats. A summary of the reconciliation is available in Table 1. Only eavesdropping and Server profiling require SignAndEncrypt while all other are mitigated with SignOnly. [ (X) indicates indirectly].
Table 1 – Security Reconciliation Threats Summary
|
Attacks |
Authentication |
Authorization |
Confidentiality |
Integrity |
Auditability |
Availability |
Non-Repudiation |
|
Denial of Service |
|
|
|
|
|
X |
|
|
Eaves Dropping |
X |
X |
X |
|
|
|
|
|
Message Spoofing |
|
X |
|
|
|
|
|
|
Message Alteration |
X |
X |
|
X |
X |
|
X |
|
Message Replay |
X |
X |
|
|
|
|
|
|
Malformed Messages |
|
|
|
|
|
X |
|
|
Server Profiling |
(X) |
(X) |
(X) |
(X) |
(X) |
(X) |
(X) |
|
Session Hijacking |
X |
X |
X |
X |
X |
X |
X |
|
Rogue Server |
X |
X |
X |
|
X |
X |
|
|
Rogue Publisher |
X |
|
X |
|
X |
X |
|
|
Rogue Local Discovery |
X |
X |
X |
|
X |
X |
|
|
Compromising User Credentials |
X |
X |
X |
|
|
|
|
|
Repudiation |
|
|
|
|
|
|
X |
|
Message Suppression |
|
|
|
X |
|
X |
|
|
Downgrade Attack |
X |
X |
|
|
|
|
|