DeepAI AI Chat
Log In Sign Up

Practical Pitfalls for Security in OPC UA

by   Alessandro Erba, et al.

In 2006, the OPC Foundation released the first specification for OPC Unified Architecture protocol, one of the industrial protocols that promises security features such as authentication, authorization, integrity, and confidentiality. Challenges in the practical adoption of those security features by product vendors, libraries implementing the standard, and end-users were not investigated so far. In this work, we systematically investigate practical challenges to configure OPC UA securely. In particular, we review 48 artifacts consisting of products and libraries for OPC UA and show that 38 out of the 48 artifacts have one (or more) security issue. In particular, we show that 7 OPC UA artifacts do not support the security features of the protocol at all. In addition, 31 artifacts that partially feature OPC UA security rely on incomplete libraries and come with misleading instructions. Consequently, relying on those products and libraries will result in vulnerable implementations of OPC UA security features. We design, implement and demonstrate attacks in which the attacker can steal credentials exchanged between victims, eavesdrop on process information, manipulate the physical process through sensor values and actuator commands, and prevent the detection of anomalies in the physical process.


Security audit logging in microservice-based systems: survey of architecture patterns

Objective. Service-oriented architecture increases technical abilities f...

Formal Modelling and Security Analysis of Bitcoin's Payment Protocol

The Payment Protocol standard BIP70, specifying how payments in Bitcoin ...

The Emergence of Software Diversity in Maven Central

Maven artifacts are immutable: an artifact that is uploaded on Maven Cen...

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

We present WPSE, a browser-side security monitor for web protocols desig...

The Cost of OSCORE and EDHOC for Constrained Devices

Many modern IoT applications rely on the Constrained Application Protoco...

Security and Performance Considerations in ROS 2: A Balancing Act

Robot Operating System (ROS) 2 is a ground-up re-design of ROS 1 to supp...

Implementing a Protocol Native Managed Cryptocurrency

Previous work presented a theoretical model based on the implicit Bitcoi...