OPC 10000-2: UA Part 2: Security
Released 1.05.03
2023-12-13
This document is subject to the license terms described here.
The general OPC Foundation specification license agreement also applies and can be found here.
This document is a copy of the original which can be found here.
1 Scope
2 Reference documents
3 Terms, definitions, and abbreviations
3.1 Terms and definitions
3.1.1 AccessRestriction
3.1.2 AccessToken
3.1.3 ApplicationInstance
3.1.4 ApplicationInstanceCertificate
3.1.5 Asymmetric Cryptography
3.1.6 Asymmetric Encryption
3.1.7 Asymmetric Signature
3.1.8 Auditability
3.1.9 Auditing
3.1.10 AuthenticatedEncryption
3.1.11 Authentication
3.1.12 Authorization
3.1.13 AuthorizationService
3.1.14 Availability
3.1.15 Certificate Authority
3.1.16 CertificateStore
3.1.17 Claim
3.1.18 Confidentiality
3.1.19 Cryptography
3.1.20 Cyber Security Management System
3.1.21 Digital Signature
3.1.22 Hash Function
3.1.23 Hashed Message Authentication Code
3.1.24 Integrity
3.1.25 Identity Provider
3.1.26 Key Exchange Algorithm
3.1.27 Message Authentication Code
3.1.28 Message Signature
3.1.29 Non-Repudiation
3.1.30 Nonce
3.1.31 Permission
3.1.32 Private Key
3.1.33 Public Key
3.1.34 Public Key Infrastructure
3.1.35 Resource
3.1.36 Rivest-Shamir-Adleman
3.1.37 Role
3.1.38 Scope
3.1.39 SecurityKeyService
3.1.40 Secure Channel
3.1.41 Symmetric Cryptography
3.1.42 Symmetric Encryption
3.1.43 SecurityGroup
3.1.44 Symmetric Signature
3.1.45 TrustList
3.1.46 Transport Layer Security
3.1.47 UnauthenticatedEncryption
3.1.48 X.509 Certificate
3.2 Abbreviations
3.3 Conventions for security model figures
4 OPC UA security architecture
4.1 OPC UA security environment
4.2 Security objectives
4.2.1 Overview
4.2.2 Authentication
4.2.3 Authorization
4.2.4 Confidentiality
4.2.5 Integrity
4.2.6 Non- Repudiation
4.2.7 Auditability
4.2.8 Availability
4.3 Security threats to OPC UA systems
4.3.1 Overview
4.3.2 Denial of Service
4.3.2.1 Overview
4.3.2.2 Message flooding
4.3.2.3 Resource Exhaustion
4.3.2.4 Application Crashes
4.3.3 Eavesdropping
4.3.4 Message spoofing
4.3.5 Message alteration
4.3.6 Message replay
4.3.7 Malformed Messages
4.3.8 Server profiling
4.3.9 Session hijacking
4.3.10 Rogue Server
4.3.11 Rogue Publisher
4.3.12 Compromising user credentials
4.3.13 Repudiation
4.4 OPC UA relationship to site security
4.5 OPC UA security architecture
4.5.1 Overview
4.5.2 Client / Server
4.5.3 Publish-Subscribe
4.5.3.1 Overview
4.5.3.2 Broker-less
4.5.3.3 Broker
4.6 SecurityPolicies
4.7 Security Profiles
4.8 Security Mode Settings
4.9 User Authentication
4.10 Application Authentication
4.11 User Authorization
4.12 Roles
4.13 OPC UA security related Services
4.14 Auditing
4.14.1 General
4.14.2 Single Client and Server
4.14.3 Aggregating Server
4.14.4 Aggregation through a non-auditing Server
4.14.5 Aggregating Server with service distribution
5 Security reconciliation
5.1 Reconciliation of threats with OPC UA security mechanisms
5.1.1 Overview
5.1.2 Denial of Service
5.1.2.1 Overview
5.1.2.2 Message flooding
5.1.2.3 Resource exhaustion
5.1.2.4 Application Crashes
5.1.3 Eavesdropping
5.1.4 Message spoofing
5.1.5 Message alteration
5.1.6 Message replay
5.1.7 Malformed Messages
5.1.8 Server profiling
5.1.9 Session hijacking
5.1.10 Rogue Server or Publisher
5.1.11 Compromising user credentials
5.1.12 Repudiation
5.2 Reconciliation of objectives with OPC UA security mechanisms
5.2.1 Overview
5.2.2 Application Authentication
5.2.3 User Authentication
5.2.4 Authorization
5.2.5 Confidentiality
5.2.6 Integrity
5.2.7 Auditability
5.2.8 Availability
6 Implementation and deployment considerations
6.1 Overview
6.2 Appropriate timeouts:
6.3 Strict Message processing
6.4 Random number generation
6.5 Special and reserved packets
6.6 Rate limiting and flow control
6.7 Administrative access
6.8 Cryptographic Keys
6.9 Alarm related guidance
6.10 Program access
6.11 Audit event management
6.12 OAuth2, JWT and User roles
6.13 HTTPs, TLS & Websockets
6.14 Reverse Connect
6.15 Passwords
6.16 Additional Security considerations
7 Unsecured Services
7.1 Overview
7.2 Multi Cast Discovery
7.3 Global Discovery Server Security
7.3.1 Overview
7.3.2 Rogue GDS
7.3.3 Threats against a GDS
7.3.4 Certificate management threats
8 Certificate management
8.1 Overview
8.2 Self signed certificate management
8.3 CA Signed Certificate management
8.4 GDS Certificate Management
8.4.1 Overview
8.4.2 Developers Certificate management
Annex A Mapping to ISA/IEC 62443
A.1 ISA/IEC 62443