OPC UA Security

Security is the fundamental aspect of computer systems, in particular those dedicated to enterprise and process management. Especially in this kind of applications, security must be robust and effective. Security infrastructure should also be flexible enough to support a variety of security policies required by different organizations. OPC UA may be deployed in diverse environments; from clients and servers residing on the same hosts, throughout hosts located on the same operation network protected by the security boundary protections that separate the operation network from external connections, up to applications running in global environments using public network infrastructure. Depending on the environment and application requirements, the communication services must provide different protections to make the solution secure.

OPC UA Security is concerned with the authentication of clients and servers, the authorization of users, the integrity and confidentiality of their communications and the auditing of client server interactions. To meet this goal, security is integrated into all aspects of the design and implementation of OPC UA servers and clients. The OPC UA uses industry standard algorithms and industry standard libraries to implement the security. Security mechanisms can be provided by diverse communication layers. Transport-level security is a solution limited to point-to-point messaging. In this case messages can be protected by establishing a secure connection (association) between two hosts using for example Transport Layer Security (TLS) or IPSec protocols. But, if intermediaries are present when using a secure transport, the initial sender and the ultimate receiver need to trust those intermediaries to help provide end-to-end security, because each hop is secured separately. In addition, to explicit trust of all intermediaries, other risks such as local storage of messages and the potential for an intermediary to be compromised must be considered. Thus, using only transport security limits the richness of the security solution to transport-specific features. OPC UA is a session-centric communication. Hence, a security association must survive beyond a single transport connection.

To meet the above requirements, the OPC UA security architecture is defined as a generic solution that allows implementation of the required security features at various places in the application architecture. The OPC UA security architecture is structured in an application layer and a communication layer atop the transport layer. The routine work of both client and server applications to transmit process data, settings, and commands are done in a session in the application layer. The application layer also manages user authentication and requests authorization using industry standards such as Kerberos user name passwords. OPC UA Client and Server applications also identify and authenticate themselves with X.509 Certificates.

A session in the application layer communicates over a secure channel that is created in the communication layer and relies upon it for secure communication. All of the session data is passed to the communication layer for further processing. The secure channel is responsible for messages integrity, confidentiality and applications authentication.

OPC UA relies upon the site cyber security management system to protect confidentiality on the network and system infrastructure, and utilizes the public key infrastructure to manage keys used for symmetric and asymmetric encryption. OPC UA uses symmetric and asymmetric encryption to protect confidentiality as a security objective, as well symmetric and asymmetric signatures to address integrity as a security objective. OPC UA also provides tracking information which is an import part of a site cyber security management system via a defined auditing mechanism.