Security Critical for New OPC UA Spec

In late June 2006, the OPC Foundation announced the release of the OPC Unified Architecture (OPC UA), along with a list of suppliers who support it. OPC UA, which is the latest incarnation of the OPC connectivity standard, is a series of specifications intended to expand the framework for moving information among applications in the enterprise space. It works by unifying existing OPC specifications with Web Services as the key technology enabler. The creation of a robust security model is critical to the successful adoption of OPC UA.

Dec 19th, 2006
Aw 4744 Ttopc A

Adding security to the OPC UA services has an impact on performance. OPC UA needs to have a strategy and complete security architecture that provides end-users with the configuration flexibility to turn security parameters on and off, according to application requirements. An additional requirement is the need for configurable access control that is scalable in small devices.

OPC UA Security Architecture

The resulting OPC UA security architecture is a generic solution that allows implementation of the required security features at various places in the architecture. Depending on the different mappings, the security functionalities are addressed at different levels. The OPC UA security architecture is structured in an Application Layer and a Communication Layer, atop the Transport Layer, as shown in the diagram.

The routine work of a client or server application—to transmit plant information, settings and commands—is done in a session in the application layer. The application layer also manages the security functions of user authentication and user authorization. The security functions that are managed by the Application Layer are provided by the Session Services that are specified in Part 4 of the OPC UA specification. A session in the Application Layer communicates over a secure channel that is created in the Communication Layer, and relies upon it for secure communication. All of the session data is passed to the Communication Layer for further processing.

Although a session communicates over a secure channel, the binding of users, sessions and secure channels is flexible. Impersonation allows the user of the session to change. A session can have a different user than the user that created the secure channel. To survive the loss of the original channel and resume with another, the implementation of the communication channel is responsible for re-establishing the connection without interrupting the logical secure channel.

The Communication Layer provides security functionalities to meet confidentiality, integrity and application authentication as security objectives. The provided security functionalities, together with negotiated and secret information, are used to establish a secure channel between a client and a server. This logical channel provides encryption to maintain confidentiality, signatures to maintain integrity, and certificates to provide application authentication for data that comes from the Application Layer and passes, as “secured” data, to the Transport Layer.

The security functions that are managed by the Communication Layer are provided by the Secure Channel Services, and are implemented by a protocol stack chosen for the application. Mappings of the services to some of the protocol stack options detail how the functions of the protocol stack are used.

The Transport Layer handles the transmission, reception and the transport of data that is provided by the Communication Layer.

The necessary security services are embedded in the OPC UA protocol stack to form a complete security architecture, while still granting users the configuration flexibility needed to serve a variety of applications.     

 

Thomas J. Burke, www.opcfoundation.org, is President and Executive Director of the OPC Foundation.

Pr182020 Beckhoff Elm72xx Print
Servo Drives
Beckhoff’s ELM72xx EtherCAT servo drives deliver an output current (Irms) of up to 16 A at 48 V DC for the power supply.
Dec 4th, 2020
Inductive Automation Ignition8
Industrial Application Platform Update
Find out about the latest application platform tools included with Ignition 8.1.
Dec 1st, 2020
N8 Xe Li Lf 1920 5fb83c7f1c674
High Pressure Processing Helps Emerging Brands
Join Jeff Williams of Universal Pure, and ProFood World’s Joyce Fassl as they discuss high pressure processing and the shelf-life benefits it brings to brands seeking broader distribution and the importance of Cold Pressure Council certification.
Nov 20th, 2020
Beckhoff Al8000 Linear Motors1
Linear Motors
The AL8000 linear motor series from Beckhoff is based on a modular system design consisting of linear motors and magnetic plates and offers wide-ranging options in length, winding, and cooling type.
Nov 2nd, 2020
Spc 800
SPC-800 Series of Button-integrated HMI with IP66-Rated Protection for Process Visualization
Advantech has to announced its new SPC-800 series of arm-mounted human-machine interfaces with full IP66-rated protection that provides a cabinet-free solution for operation in industrial environments.
Oct 28th, 2020
Converter Cables
Converter Cables Create Possibilities for Mobile Equipment Makers
New Balluff cables connect M12 to Deutsch DT and AMP Superseal connectors.
Oct 28th, 2020
Wago 2000 Series Pnp Npn Converter
Converter Reduces Need for Inventory and Space
Helps increase machine functionality
Oct 28th, 2020
Pr Rsbs No Text
Single-Phase Compressor Soft Starters
These single-phase compressor soft starters from Carlo Gavazzi are said to reduce start current by more than 50%.
Oct 22nd, 2020
Merz Disconnects 5x7
Merz UL 508 Non-Fusible Disconnect Switches
AutomationDirect has added enclosed versions and non-enclosed DIN rail and panel/door mount versions of Merz disconnect / motor control switches.
Oct 20th, 2020
P1ekk01623va91vdovrnoostqq7 001
SICK to Host Virtual Press Conference at PACK EXPO Connects
See what’s new with SICK at its first ever virtual press conference for PACK EXPO Connects. There will be four live demos of its intelligent sensor solutions that are helping to improve the packaging process.
Oct 16th, 2020
Launch Image
3D Profile Sensors
See it at PACK EXPO Connects! Matrox Imaging will showcase the Matrox AltiZ series of integrated high-fidelity 3D profile sensors featuring a dual-camera single-laser design.
Oct 14th, 2020
Gladiator Circuit Breakers 5x7
Gladiator Series Circuit Breakers and Supplementary Protectors
Circuit breakers from Automation Direct offer optimum and efficient protection for branch and control circuits up to 63 amps.
Oct 9th, 2020
AT-PP
Icotek Releases New IMAS-Connect Adapter Grommets
Icotek is expanding its range of adapter grommets for its IMAS-Connect adapter system to include the AT-PP and the AT-K-M.
Oct 7th, 2020
Idec Hg1 P 07 Hg1 P 片手持ち
IDEC Introduces HG1P Handheld Human-Machine Interface
Easy to hold due to its small form factor and light weight—and includes a touchscreen, function keys, and switches—making it a good fit for machine tending and robotics applications.
Oct 6th, 2020
Prosense Loop Panel Meters 5x7
Field and Panel Mount Loop-Powered 4 to 20mA Process Displays
ProSense LPM1 loop panel meters from Automation Direct is powered from the mA loop and requires no external power supply and features three front-panel operating keys.
Oct 6th, 2020
7508210
Wago Extends Family of PFC200 Gen 2 Controllers
PFC200 Generation 2 controllers from Wago supports MQTT protocol and can easily be configured to connect to cloud services.
Oct 1st, 2020
Io Link News Page
Absolute Encoders Feature IO-Link Interface
Smart absolute rotary encoder ready for Industry 4.0.
Sep 25th, 2020
Sbc6511 With Metalwork Hi Res Copy
New 6U SBC Incorporates Intel 9th Gen CPU, Aligns with SOSA Technical Standard
Abaco's 6U SBC features the Intel Xeon E six core CPU with 64GB DDR4 with ECC and up to 256 GB SSD and provides a dual 40 GbE data plane with RDMA, plus dual 10GbE ports on the control plane.
Sep 25th, 2020
Baumergroup
Effective Tool Change Designed With Inductive Miniature Sensors
In modern processing centers, inductive sensors are the components of choice for monitoring the motor spindle clamping process. Integrated into the spindle, they must be small and offer high repeatability to ensure smooth tool changing at all times.
Sep 17th, 2020
Nord Usa Maxxdrive Xt Industrial Gear Unit
Industrial Gear Drives
The two-stage MAXXDRIVE XT right-angle gear drives from Nord are designed for heavy-duty conveyor belt applications in the bulk material handling industry.
Sep 17th, 2020
More in Control
Idec Fc6 A 12 V Dc Io Press Release Fc6 A C16
IDEC Adds 12V DC 16 I/O CPUs to MicroSmart FC6A PLC
With the addition three new 12V DC CPUs, the capable MicroSmart FC6A All-in-One PLC family now offers users more options for automating battery-backed systems, traffic controls, and mobile equipment.
Sep 17th, 2020
Quantum Press Release
Quantum Automation Supports Off-Grid Automation with QRTU and QSolarBattery
These Quantum Automation hardware platforms can be used individually or together to enable IIoT monitoring and automation almost anywhere.
Sep 17th, 2020
Layout Set Logo
Yaskawa and Phoenix Contact Announce Partnership
Yaskawa and Phoenix Contact announce an agreement to utilize PLCnext Technology from Phoenix Contact in the development of the next generation machine controller and PLC platform realizing the i3-Mechatronics solution concept lead by Yaskawa.
Sep 14th, 2020
Laser Direct Structuring (LDS)—The structure of the conductor path is applied using the LDS process. LDS enables electronic assemblies to be made in flexible geometric shapes. Smart phones, hearing aids, and smart watches are becoming smaller and more powerful thanks to this process.
Electronic Assemblies Without PCBs
Laser direct structuring (LDS) is a special success story. For almost 20 years, it has been possible to apply electronic conductor paths directly onto plastic parts during series production.
Sep 10th, 2020
Nova Tech Pcm5 Smaller
NovaTech Announces D/3 Version 16.2
New features make it easier to configure and maintain a cybersecure control system.
Sep 10th, 2020
Carlo Gavazzi Em50 Energy Analyzer
Analyzer Helps Monitor and Manage Energy Costs
Measures most relevant instantaneous electrical variables and energy consumption with high level of accuracy
Aug 29th, 2020
30440 082520 Nord Nordac Variable Frequency Drives Copy
Nord Drivesystems Offers Variable Frequency Drives from 0.33 to 215 HP
Full line of drive electronics provides exceptional flexibility with a wide range of customization options.
Aug 26th, 2020
Apex Motion Control Tray Stacker
Tray Stacking System Eliminates Human Error and Reduces Risk of Injury
Has a quick and easy tool changer
Aug 24th, 2020
Pnp Npn
Wago’s New Isolating Converter Reduces Need for Inventory, Space
Wago's PNP/NPN converter can be used to accommodate four signal types: PNP to NPN, NPN to PNP, PNP to PNP isolation and NPN to NPN isolation.
Aug 14th, 2020
Xtr Dc Converter
New DC/DC Converter Designed for Extreme Environments
The new 12 to 24 VDC DIN Rail mountable converter from Wago can be used in a wide range of temperatures from -40° C to +70°C suitable for extreme applications.
Aug 14th, 2020
750 564
Wago Adds New Module to 750 Series I/O System
Wago’s new 750-564 analog output module provides diagnostics that include wire break, short circuit, and field power supply information.
Aug 12th, 2020
Allied Full Color Logo 2018 Web
Allied Electronics and Schneider Electric Team Up to Help Engineers Build Better Industrial Control Panels
Allied Electronics & Automation and Schneider Electric are partnering to deploy a suite of digital resources, hosted on Allied’s Build a Better Control Cabinet digital hub, that can help customers design, build, and maintain industrial control panels.
Aug 11th, 2020