Certificate management in OPC UA applications: An evaluation of different trust models

Fernbach, Andreas; Kästner, Wolfgang

doi:10.1109/etfa.2012.6489675

Cited by 11 publications

(11 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fernbach et al [29], Falk et al [33], Karthikeyan et al [41], Krishnan et al [53], and Yunakovsky et al [50] present the integration of public key infrastructures in OPC UA environments without a specific focus on the initial secure onboarding. Yunakovsky et al [50] specifically focus on PKIs in the post-quantum era.…”

Section: Approaches Presented In Research Papersmentioning

confidence: 99%

A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments

Göppert,

Walz,

Sikora

2024

JSAN

View full text Add to dashboard Cite

Driven by the Industry 4.0 paradigm and the resulting demand for connectivity in industrial networking, there is a convergence of formerly isolated operational technology and information technology networks. This convergence leads to attack surfaces on industrial networks. Therefore, a holistic approach of countermeasures is needed to protect against cyber attacks. One element of these countermeasures is the use of certificate-based authentication for industrial components communicating on the field level. This in turn requires the management of certificates, private keys, and trust anchors in the communication endpoints. The work at hand surveys the topic of certificate management in industrial networking environments throughout their life cycle, from manufacturing until their disposal. To the best of the authors’ knowledge, there is no work yet that surveys the topic of certificate management in industrial networking environments. The work at hand considers contributions from research papers, industrial communication standards, and contributions that originate from the IT domain. In total, 2042 results from IEEE Xplore, Science Direct, Scopus, and Springer Link were taken into account. After applying inclusion and exclusion criteria and title, abstract, and full-text analysis, 20 contributions from research papers were selected. In addition to the presentation of their key contributions, the work at hand provides a synopsis that compares the overarching aspects. This comprises different proposed entity architectures, certificate management functions, involvement of different stakeholders, and consideration of life cycle stages. Finally, research gaps that are to be filled by further work are identified. While the topic of certificate management has already been addressed by the IT domain, its incorporation into industrial communication standards began significantly later and is still the subject of research work.

show abstract

Section: Approaches Presented In Research Papersmentioning

confidence: 99%

A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments

Göppert,

Walz,

Sikora

2024

JSAN

View full text Add to dashboard Cite

show abstract

“…• Identification of research gaps and recommendations on secure provisioning for OPC UA (Section VII) [17], RFC8572 [18], BRSKI [19], 6tisch [20], DPP [21] Academic Works V-A [22], [23], [24], [25], [26], [27], [28] † No reference available, since OPC 10000-21 is not yet published.…”

Section: Contributionsmentioning

confidence: 99%

“…The different possible trust models in OPC UA, based on certificates, have been discussed and evaluated by Fernbach and Kastner [22]. Furthermore, Karthikeyan and Heiss [23] studied the usage of certificates in OPC UA and the challenges thereof.…”

Section: A Academic Workmentioning

confidence: 99%

On the Security of IIoT Deployments: An Investigation of Secure Provisioning Solutions for OPC UA

Kohnhäuser¹,

Meier

Patzer

et al. 2021

IEEE Access

View full text Add to dashboard Cite

A key technology for the communication in the Industrial Internet of Things (IIoT) is the Open Platform Communications Unified Architecture (OPC UA). OPC UA is a standard that enables interoperable, secure, and reliable communication between industrial devices. To defend against cyber attacks, OPC UA has built-in security mechanisms that protect the authenticity, integrity, and confidentiality of data in transit. Before communicating securely, it is essential that OPC UA devices are set up in a secure manner. This process is referred to as secure provisioning. An improper provisioning can lead to weak or insecure OPC UA deployments that enable adversaries to eavesdrop or even manipulate communication between industrial devices. Such insecure deployments can also be maliciously provoked by adversaries who tamper with insecure provisioning solutions. Despite secure provisioning is essential for OPC UA security and usability, there is no overview or analysis on the patchwork of different provisioning solutions in industry and academia. This article presents the first investigation of secure device provisioning solutions for the OPC UA communication protocol. First, desired objectives and evaluation criteria for secure provisioning of OPC UA devices are defined. Next, existing and emerging OPC UA provisioning solutions are analyzed and compared based on the elaborated objectives and criteria. Additionally, an outlook into the future of OPC UA provisioning is given, based on solutions from the IoT domain. Finally, the analyzed OPC UA secure provisioning solutions are compared, recommendations are given, and research gaps are identified. It is shown that contemporary provisioning solutions offer an insufficient level of security. Emerging and future solutions provide much higher security guarantees but impose a tradeoff between usability and requirements on devices and infrastructures.

show abstract

“…S Cavalieri and G Cutuli 3 aimed to deal with the performance evaluation of OPC UA, considering both security and subscription mechanisms. A Fernbach and W Kastner 4 aimed to give a discussion about how the structure of the environmental system where OPC UA applications are installed, the resources available, and a request to dependability shall affect the strategy of managing certificates, which provided a theoretical basis for the optimization of OPC UA security mechanism. O Post et al 5,6 discussed the security at device level of automation system and implemented a new authentication-only security policy profile or using OPC UA for data transfer and IPsec for authentication is proposed.…”

Section: Introductionmentioning

confidence: 99%

An authentication and key agreement mechanism for OPC Unified Architecture in industrial Internet of Things

Wei

Zhang

Wang

et al. 2018

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

As an industrial communication data interaction specification, OPC Unified Architecture effectively solves the industrial Internet of Things system integration problem. This article designs an authentication and key agreement scheme based on implicit certificate using the security model provided by OPC Unified Architecture. It establishes the secure channel and provides a guarantee for secure session for the OPC Unified Architecture server and client. Then, the test verification platform is implemented to verify the feasibility of the scheme. The result shows that the mechanism is feasible, and the system security and availability are effectively improved.

show abstract

Certificate management in OPC UA applications: An evaluation of different trust models

Cited by 11 publications

References 2 publications

A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments

A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments

On the Security of IIoT Deployments: An Investigation of Secure Provisioning Solutions for OPC UA

An authentication and key agreement mechanism for OPC Unified Architecture in industrial Internet of Things

Contact Info

Product

Resources

About