5 Security reconciliation ToC Previous Next

5.1 Reconciliation of threats with OPC UA security mechanisms ToC Previous Next

5.1.10 Rogue Server or Publisher ToC Previous Next

See 4.3.10 and 4.3.11 for a description of this threat.

OPC UA Client applications counter the use of rogue Servers by validating Server Application Instance Certificates. There would still be the possibility that a rogue Server provides a Certificate from a certified OPC UA Server, but since it does not possess the appropriate Private Key (because this will never be distributed) to decrypt Messages secured with the correct Public Key the rogue Server would never be able to read and misuse secured data sent by a Client. Also, without the Private Key the Server would never be able to sign a response message to a Client.

OPC UA Subscriber applications counter the effect of a rogue Publisher by validating the signature on the published messages.

Previous Next