On the Security of IIoT Deployments: An Investigation of Secure Provisioning Solutions for OPC UA

被引:13
|
作者
Kohnhauser, Florian [1 ]
Meier, David [2 ]
Patzer, Florian [2 ]
Finster, Soren [1 ]
机构
[1] ABB Corp Res Ctr, D-68526 Ladenburg, Germany
[2] Fraunhofer Inst Optron, Syst Technol & Image Exploitat IOSB, D-76131 Karlsruhe, Germany
来源
IEEE ACCESS | 2021年 / 9卷
关键词
Security; Servers; Standards; Industrial Internet of Things; Usability; Licenses; Industries; Communication system security; device provisioning; Industrial Internet of Things (IIoT); industry; 40; network security; OPC UA; secure provisioning;
D O I
10.1109/ACCESS.2021.3096062
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A key technology for the communication in the Industrial Internet of Things (IIoT) is the Open Platform Communications Unified Architecture (OPC UA). OPC UA is a standard that enables interoperable, secure, and reliable communication between industrial devices. To defend against cyber attacks, OPC UA has built-in security mechanisms that protect the authenticity, integrity, and confidentiality of data in transit. Before communicating securely, it is essential that OPC UA devices are set up in a secure manner. This process is referred to as secure provisioning. An improper provisioning can lead to weak or insecure OPC UA deployments that enable adversaries to eavesdrop or even manipulate communication between industrial devices. Such insecure deployments can also be maliciously provoked by adversaries who tamper with insecure provisioning solutions. Despite secure provisioning is essential for OPC UA security and usability, there exists no overview and systematic analysis on the patchwork of different solutions in industry and academia. This article presents the first investigation of secure device provisioning solutions for the OPC UA communication protocol. First, desired objectives and evaluation criteria for secure provisioning of OPC UA devices are defined. Next, existing and emerging OPC UA provisioning solutions are analyzed and compared based on the elaborated objectives and criteria. Additionally, an outlook into the future of OPC UA provisioning is given, based on solutions from the IoT domain. Finally, the analyzed OPC UA secure provisioning solutions are compared, recommendations are given, and research gaps are identified. It is shown that contemporary provisioning solutions offer an insufficient level of security. Emerging and future solutions provide much higher security guarantees but impose a tradeoff between usability and requirements on devices and infrastructures.
引用
收藏
页码:99299 / 99311
页数:13
相关论文
共 50 条
  • [1] Secure Onboarding of IIoT Devices using OPC UA
    Kohnhaeuser, Florian
    Gruener, Sten
    Heuschkel, Jens
    2022 IEEE 27TH INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2022,
  • [2] On the Feasibility and Performance of Secure OPC UA Communication with IIoT Devices
    Kohnhaeuser, Florian
    Coppik, Nicolas
    Mendoza, Francisco
    Kumari, Ankita
    COMPUTER SAFETY, RELIABILITY, AND SECURITY, SAFECOMP 2022, 2022, 13414 : 189 - 203
  • [3] Secure Provisioning of OPC UA Applications Using the Asset Administration Shell
    Meier, David
    Vogl, Jonas
    Kohnhaeuser, Florian
    Beyerer, Juergen
    2022 IEEE 17TH CONFERENCE ON INDUSTRIAL ELECTRONICS AND APPLICATIONS (ICIEA), 2022, : 144 - 149
  • [4] REST based OPC UA for the IIoT
    Schiekofer, Rainer
    Scholz, Andreas
    Weyrich, Michael
    2018 IEEE 23RD INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2018, : 274 - 281
  • [5] OPC UA Makes IIoT Implementations Possible
    Hirooka, Isao
    InTech, 2022, 69 (01) : 18 - 21
  • [6] OPC UA: IIoT Enabler and Conqueror of the Cloud
    Redman, Jim
    InTech, 2021, 68 (03)
  • [7] Current and future security properties of OPC UA Challenges and solutions
    Jaenicke, Lutz
    Foerder, Torsten
    ATP MAGAZINE, 2020, (03): : 82 - 89
  • [8] Research on OPC UA Security
    Huang Renjie
    Liu Feng
    Pan Dongbo
    ICIEA 2010: PROCEEDINGS OF THE 5TH IEEE CONFERENCE ON INDUSTRIAL ELECTRONICS AND APPLICATIONS, VOL 3, 2010, : 287 - 292
  • [9] Design of Unidirectional Security Gateway System for Secure Monitoring of OPC-UA Data
    Kim, Byoung-Koo
    Heo, Young-Jun
    Na, Jung-Chan
    2017 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC), 2017, : 1287 - 1289
  • [10] A Web-based Platform for OPC UA integration in IIoT environment
    Cavalieri, Salvatore
    Di Stefano, Damiano
    Salafia, Marco Giuseppe
    Scroppo, Marco Stefano
    2017 22ND IEEE INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2017,