5 Security reconciliation ToC Previous Next

5.1 Reconciliation of threats with OPC UA security mechanisms ToC Previous Next

5.1.4 Message spoofing ToC Previous Next

See 4.3.4 for a description of this threat.

As specified in OPC 10000-4 and OPC 10000-6, OPC UA counters Message spoofing threats by providing the ability to sign Messages. Additionally, Messages will always contain a valid SessionId, SecureChannelId, RequestId and Timestamp as well as the correct sequence number. OPC UA when operating as part of a Session, restricts user spoofing in the same manner since the user information is provided as part of the Session establishment. It is important that when a device starts up that the SessionId that is initially assigned to the first Session is a random number or a continuation of the last Session number used and is not always reset to 0 or a predictable number.

As specified in OPC 10000-14, OPC UA PubSub counters Message spoofing threats by providing the ability to sign messages. Messages can also contain a valid PublisherId, DataSetClassId, timestamp information, network message number and sequence number, which further restricts Message spoofing.

Previous Next