OPC 10000-2: OPC Unified Architecture

Part 2: Security Model

Release 1.04
2018-08-03

Copyright (c) 2019 OPC Foundation
Generated on 10/25/2019 8:16:29 AM.

This document is subject to the license terms described here.

This document is a copy of the original which can be found here.

Table of Contents

1 Scope

2 Reference documents

3 Terms, definitions, and abbreviations
    3.1 Terms and definitions
    3.2 Abbreviations
    3.3 Conventions for security model figures

4 OPC UA security architecture
    4.1 OPC UA security environment
    4.2 Security objectives
        4.2.1 Overview
        4.2.2 Authentication
        4.2.3 Authorization
        4.2.4 Confidentiality
        4.2.5 Integrity
        4.2.6 Non- Repudiation
        4.2.7 Auditability
        4.2.8 Availability
    4.3 Security threats to OPC UA systems
        4.3.1 Overview
        4.3.2 Denial of Service
            4.3.2.1 Overview
            4.3.2.2 Message flooding
            4.3.2.3 Resource Exhaustion
            4.3.2.4 Application Crashes
        4.3.3 Eavesdropping
        4.3.4 Message spoofing
        4.3.5 Message alteration
        4.3.6 Message replay
        4.3.7 Malformed Messages
        4.3.8 Server profiling
        4.3.9 Session hijacking
        4.3.10 Rogue Server
        4.3.11 Rogue Publisher
        4.3.12 Compromising user credentials
        4.3.13 Repudiation
    4.4 OPC UA relationship to site security
    4.5 OPC UA security architecture
        4.5.1 Overview
        4.5.2 Client / Server
        4.5.3 Publish-Subscribe
            4.5.3.1 Overview
            4.5.3.2 Broker-less
            4.5.3.3 Broker
    4.6 SecurityPolicies
    4.7 Security Profiles
    4.8 Security Mode Settings
    4.9 User Authentication
    4.10 Application Authentication
    4.11 User Authorization
    4.12 Roles
    4.13 OPC UA security related Services
    4.14 Auditing
        4.14.1 General
        4.14.2 Single Client and Server
        4.14.3 Aggregating Server
        4.14.4 Aggregation through a non-auditing Server
        4.14.5 Aggregating Server with service distribution

5 Security reconciliation
    5.1 Reconciliation of threats with OPC UA security mechanisms
        5.1.1 Overview
        5.1.2 Denial of Service
            5.1.2.1 Overview
            5.1.2.2 Message flooding
            5.1.2.3 Resource exhaustion
            5.1.2.4 Application Crashes
        5.1.3 Eavesdropping
        5.1.4 Message spoofing
        5.1.5 Message alteration
        5.1.6 Message replay
        5.1.7 Malformed Messages
        5.1.8 Server profiling
        5.1.9 Session hijacking
        5.1.10 Rogue Server or Publisher
        5.1.11 Compromising user credentials
        5.1.12 Repudiation
    5.2 Reconciliation of objectives with OPC UA security mechanisms
        5.2.1 Overview
        5.2.2 Application Authentication
        5.2.3 User Authentication
        5.2.4 Authorization
        5.2.5 Confidentiality
        5.2.6 Integrity
        5.2.7 Auditability
        5.2.8 Availability

6 Implementation and deployment considerations
    6.1 Overview
    6.2 Appropriate timeouts:
    6.3 Strict Message processing
    6.4 Random number generation
    6.5 Special and reserved packets
    6.6 Rate limiting and flow control
    6.7 Administrative access
    6.8 Cryptographic Keys
    6.9 Alarm related guidance
    6.10 Program access
    6.11 Audit event management
    6.12 OAuth2, JWT and User roles
    6.13 HTTPs, SSL/TLS & Websockets
    6.14 Reverse Connect

7 Unsecured Services
    7.1 Overview
    7.2 Multi Cast Discovery
    7.3 Global Discovery Server Security
        7.3.1 Overview
        7.3.2 Rogue GDS
        7.3.3 Threats against a GDS
        7.3.4 Certificate management threats
        8.1.1 Overview
        8.1.2 Self signed certificate management
        8.1.3 CA Signed Certificate management
        8.1.4 GDS Certificate Management
            8.1.4.1 Overview
            8.1.4.2 Developers Certificate management

8 Certificate management