Security Critical for New OPC UA Spec

Dec. 19, 2006

In late June 2006, the OPC Foundation announced the release of the OPC Unified Architecture (OPC UA), along with a list of suppliers who support it. OPC UA, which is the latest incarnation of the OPC connectivity standard, is a series of specifications intended to expand the framework for moving information among applications in the enterprise space. It works by unifying existing OPC specifications with Web Services as the key technology enabler. The creation of a robust security model is critical to the successful adoption of OPC UA.

Adding security to the OPC UA services has an impact on performance. OPC UA needs to have a strategy and complete security architecture that provides end-users with the configuration flexibility to turn security parameters on and off, according to application requirements. An additional requirement is the need for configurable access control that is scalable in small devices.

OPC UA Security Architecture
The resulting OPC UA security architecture is a generic solution that allows implementation of the required security features at various places in the architecture. Depending on the different mappings, the security functionalities are addressed at different levels. The OPC UA security architecture is structured in an Application Layer and a Communication Layer, atop the Transport Layer, as shown in the diagram.

The routine work of a client or server application—to transmit plant information, settings and commands—is done in a session in the application layer. The application layer also manages the security functions of user authentication and user authorization. The security functions that are managed by the Application Layer are provided by the Session Services that are specified in Part 4 of the OPC UA specification. A session in the Application Layer communicates over a secure channel that is created in the Communication Layer, and relies upon it for secure communication. All of the session data is passed to the Communication Layer for further processing.

Although a session communicates over a secure channel, the binding of users, sessions and secure channels is flexible. Impersonation allows the user of the session to change. A session can have a different user than the user that created the secure channel. To survive the loss of the original channel and resume with another, the implementation of the communication channel is responsible for re-establishing the connection without interrupting the logical secure channel.

The Communication Layer provides security functionalities to meet confidentiality, integrity and application authentication as security objectives. The provided security functionalities, together with negotiated and secret information, are used to establish a secure channel between a client and a server. This logical channel provides encryption to maintain confidentiality, signatures to maintain integrity, and certificates to provide application authentication for data that comes from the Application Layer and passes, as “secured” data, to the Transport Layer.

The security functions that are managed by the Communication Layer are provided by the Secure Channel Services, and are implemented by a protocol stack chosen for the application. Mappings of the services to some of the protocol stack options detail how the functions of the protocol stack are used.

The Transport Layer handles the transmission, reception and the transport of data that is provided by the Communication Layer.

The necessary security services are embedded in the OPC UA protocol stack to form a complete security architecture, while still granting users the configuration flexibility needed to serve a variety of applications.

Thomas J. Burke, www.opcfoundation.org, is President and Executive Director of the OPC Foundation.