Security Critical for New OPC UA Spec

In late June 2006, the OPC Foundation announced the release of the OPC Unified Architecture (OPC UA), along with a list of suppliers who support it. OPC UA, which is the latest incarnation of the OPC connectivity standard, is a series of specifications intended to expand the framework for moving information among applications in the enterprise space. It works by unifying existing OPC specifications with Web Services as the key technology enabler. The creation of a robust security model is critical to the successful adoption of OPC UA.

Dec 19th, 2006
Aw 4744 Ttopc A

Adding security to the OPC UA services has an impact on performance. OPC UA needs to have a strategy and complete security architecture that provides end-users with the configuration flexibility to turn security parameters on and off, according to application requirements. An additional requirement is the need for configurable access control that is scalable in small devices.

OPC UA Security Architecture

The resulting OPC UA security architecture is a generic solution that allows implementation of the required security features at various places in the architecture. Depending on the different mappings, the security functionalities are addressed at different levels. The OPC UA security architecture is structured in an Application Layer and a Communication Layer, atop the Transport Layer, as shown in the diagram.

The routine work of a client or server application—to transmit plant information, settings and commands—is done in a session in the application layer. The application layer also manages the security functions of user authentication and user authorization. The security functions that are managed by the Application Layer are provided by the Session Services that are specified in Part 4 of the OPC UA specification. A session in the Application Layer communicates over a secure channel that is created in the Communication Layer, and relies upon it for secure communication. All of the session data is passed to the Communication Layer for further processing.

Although a session communicates over a secure channel, the binding of users, sessions and secure channels is flexible. Impersonation allows the user of the session to change. A session can have a different user than the user that created the secure channel. To survive the loss of the original channel and resume with another, the implementation of the communication channel is responsible for re-establishing the connection without interrupting the logical secure channel.

The Communication Layer provides security functionalities to meet confidentiality, integrity and application authentication as security objectives. The provided security functionalities, together with negotiated and secret information, are used to establish a secure channel between a client and a server. This logical channel provides encryption to maintain confidentiality, signatures to maintain integrity, and certificates to provide application authentication for data that comes from the Application Layer and passes, as “secured” data, to the Transport Layer.

The security functions that are managed by the Communication Layer are provided by the Secure Channel Services, and are implemented by a protocol stack chosen for the application. Mappings of the services to some of the protocol stack options detail how the functions of the protocol stack are used.

The Transport Layer handles the transmission, reception and the transport of data that is provided by the Communication Layer.

The necessary security services are embedded in the OPC UA protocol stack to form a complete security architecture, while still granting users the configuration flexibility needed to serve a variety of applications.     

 

Thomas J. Burke, www.opcfoundation.org, is President and Executive Director of the OPC Foundation.

Pmc523 Spr518
Abaco Systems Announce New 16-Port Serial Controller and XMC Carrier Card to Protect from Obsolescence
Oct 14th, 2021
Original
Brooks Instrument Introduces First Fully Pressure-Insensitive Pressure-Based Mass Flow Controller for Etch and CVD Processes in Semiconductor Manufacturing
The new GP200 Series improves flow measurement accuracy and repeatability in semiconductor manufacturing over the widest range of operating conditions in the industry.
Oct 14th, 2021
Power Flex 6000 T Image
New PowerFlex 6000T Drive Delivers Big Performance in a Compact Design
Medium-voltage drive for global IEC markets accepts high-voltage primary without increasing footprint.
Oct 14th, 2021
Nidec Leroy-Somer TAL 0473 industrial alternator
Nidec Leroy-Somer Announces the Launch of LSA 47.3 Industrial Alternator with Increased Performance and an Optimized Cooling System
The Linea Lite family of line scan cameras is built for a wide range of machine vision applications.
Sep 10th, 2021
50103610
AMETEK Vision Research Launches Phantom T3610 and TMX 5010 Ultrahigh-Speed Cameras With Back Side Illumination
Featuring CMOS sensors with back side illumination, the new T3610 and TMX5010 cameras sustain their image throughput with optimized light sensitivity for high frame rates and sub-microsecond exposures.
Sep 9th, 2021
Deploy ICS endpoint cybersecurity without installation
Sponsored
Deploy ICS endpoint cybersecurity without installation
Trend Micro Portable Security™ 3 scans for malware in your ICS without installation, allowing you to implement endpoint security in factory system where software installation is not allowed.
Oct 8th, 2021
Beckhoff E Xtended Transport (xts) System
Transport System Creates Realistic Representations of Complete Systems
Provides collision-free motion with movers working independently or in groups
Aug 23rd, 2021
4 Pneumatic Valves
Festo Adds New Manual and Mechanical Pneumatic Valves to Its Core Product Range
Aug 2nd, 2021
3 Profinet Option Card
Hardy Process Solutions Profinet Option Card
This Profinet Option Card from Hardy Process Solutions works with the company’s HI 4050+ weight controller.
Aug 4th, 2021
1 High Precision Solenoid Pump
Spartan Scientific Introduces High-Precision Solenoid Pump
The SSDP offers fluid control for rigorous environments.
Aug 2nd, 2021
Siemens Motion Control Program
Motion Control Program Features Unprecedented Level of Integration
Offers the innovation necessary for a sustainable competitive advantage
Jul 29th, 2021
Analog Signal Conditioning
Sponsored
Analog Signal Conditioning
Weidmüller's range of analog converter and monitoring relays makes it a powerful partner in light of the increasing use of automation.
Oct 1st, 2021
M3 Sm15 Mobile Computer
Mobile Computer M3 SM15 for IoT Mobile Device Management
The M3 mobile computer is a compact RFID handheld computer for Internet of Things applications.
Jul 8th, 2021
16x9 450l B Safety Light Curtain 1600
Introducing the World’s First CIP Safety Over EtherNet/IP Safety Light Curtain
The Allen-Bradley 450L GuardShield safety light curtain is reported to be the first of its kind to provide CIP Safety over EtherNet/IP.
Jun 14th, 2021
Idec Hr5 S Safety Relay Image Hr5 S C2 B S
IDEC Introduces Category 2 Safety Relay Module
Designed specifically to comply with updated ISO 13849 Safety Category 2 requirements, this safety relay module helps users economically apply better and more appropriate safety measures.
Mar 2nd, 2021
SIRIUS components are compact and designed for quick and easy connection to facilitate industrial control panel maintenance.
Sirius Modular Systems for Industrial Control Panel Design
Allied Electronics & Automation and Siemens team up to offer systems for control panel building.
Apr 6th, 2021
Mps035 Sm 1200x628 D[2]
Robotic Tool-Changing Systems
Stäubli Connectors offers a new range of compact robotic tool changing systems covering a payload range up to 80 kg. They can accommodate several transfer technologies precise repeat accuracy of +/-1.5 µm.
Mar 11th, 2021
3 Eaton Io T Connected Surge Protector
IoT Connected Surge Protector
This latest surge protection device by Eaton enables remote monitoring of surge data, both real time and historical, that can be used to predict future surge events or proactive maintenance.
Mar 5th, 2021
The ASCO Series 256/356 solenoid valves set a new benchmark for fluid control performance by reducing the overall footprint and power consumption while increasing pressure ratings.
Emerson’s Solenoid Valves Enable More Compact Machine Designs
ASCO™ Series 256/356 offers smaller footprint, up to 40% reduced power consumption and up to 30% higher pressure ratings.
Mar 4th, 2021
1 Galil Motion Control Multi Axis Motion Controller
Multi-Axis Motion Controller
Galil Motion Control's new DMC-21x5 controller introduces a state-of-the-art ARM-based processor that improves its communication, command processing, and memory capabilities while staying at the same series price as its series predecessor, DMC-21x3.
Feb 3rd, 2021
More in Control
2 Velo3 D 3 D Metal Printer
3D Metal Printer
Velo3D's new Sapphire XC printer features higher productivity, larger build volume, compatibility with different alloys, and reduces cost-per-part.
Jan 20th, 2021
1 Moog Modular Electrohydrostatic Actuation System
Modular Electrohydrostatic Actuation System
Moog's new product features lower oil requirement, a decentralized system, low mass inertia, and much more.
Jan 19th, 2021
Bosch Rexroth Ctrl X Drive 38644
Compact, Scalable Drive System
Bosch Rexroth’s ctrlX DRIVE is said to be the most compact, scalable, and consistent modular drive system available. It has space-saving dimensions of up to 50% and can provide tailored solutions with peak currents of 6 A to 375 A.
Jan 11th, 2021
Burkert8746
Mass Flow Controller for Gas
Burkert's Type 8742/46 mass flow controllers/meters can handle low- to mid- to high-flow gas applications.
Dec 8th, 2020
Pr182020 Beckhoff Elm72xx Print
Servo Drives
Beckhoff’s ELM72xx EtherCAT servo drives deliver an output current (Irms) of up to 16 A at 48 V DC for the power supply.
Dec 4th, 2020
Inductive Automation Ignition8
Industrial Application Platform Update
Find out about the latest application platform tools included with Ignition 8.1.
Dec 1st, 2020
N8 Xe Li Lf 1920 5fb83c7f1c674
High Pressure Processing Helps Emerging Brands
Join Jeff Williams of Universal Pure, and ProFood World’s Joyce Fassl as they discuss high pressure processing and the shelf-life benefits it brings to brands seeking broader distribution and the importance of Cold Pressure Council certification.
Nov 20th, 2020
Beckhoff Al8000 Linear Motors1
Linear Motors
The AL8000 linear motor series from Beckhoff is based on a modular system design consisting of linear motors and magnetic plates and offers wide-ranging options in length, winding, and cooling type.
Nov 2nd, 2020
Spc 800
SPC-800 Series of Button-integrated HMI with IP66-Rated Protection for Process Visualization
Advantech has to announced its new SPC-800 series of arm-mounted human-machine interfaces with full IP66-rated protection that provides a cabinet-free solution for operation in industrial environments.
Oct 28th, 2020
Converter Cables
Converter Cables Create Possibilities for Mobile Equipment Makers
New Balluff cables connect M12 to Deutsch DT and AMP Superseal connectors.
Oct 28th, 2020
Wago 2000 Series Pnp Npn Converter
Converter Reduces Need for Inventory and Space
Helps increase machine functionality
Oct 28th, 2020
Pr Rsbs No Text
Single-Phase Compressor Soft Starters
These single-phase compressor soft starters from Carlo Gavazzi are said to reduce start current by more than 50%.
Oct 22nd, 2020