© ABB

Month DD, YYYY | Slide 1

Secure Communication in Industrial Automation by Applying OPC UA

Stefan-Helmut Leitner, ABB Corporate Research Germany, Zukunft der Netze 2011, Hamburg

© ABB

Month DD, YYYY | Slide 2

Agenda

Industrial Automation

Classic OPC and OPC UA?

All problems solved?

Future?

Industrial Automation

© ABB

Month DD, YYYY | Slide 3

Manufcturing Process Input Output

Inte

rve

ntio

n

Industrial Automation deals with automation of

manufacturing processes

Automotive Food Paper

Su

pe

rvis

ion

Industrial Automation

© ABB

Month DD, YYYY | Slide 4

Interaction with

Business IT

Systems

Plant supervision

and control

Process supervision

and intervention

Process data

acquisition and

device control

Process data

acquisition and

device control

Manufacturing Process Input Output

Industrial Automation

Differences compared to Business IT

Availability has highest security goal

Safety is (often) more important than security

Long system lifetime (<20 years without interruption)

Other Challenges

Increasing interconnectivity

Increasing usage of COTS and Open Source

Interoperability and standardization

Example: OPC

© ABB

Month DD, YYYY | Slide 5

Classic OPC and OPC UA

OPC

Widely adopted industry

standard

Data exchange with process

devices

Pure interface specification

Based on Microsoft COM/DCOM

Deficiencies

Technology Dependency

(COM/DCOM retires)

Complicated security configuration

Security not sufficiently considered

in architecture

Application X ...

Field Devices Control System Controller

Application Y

Display

Application

Trend

Application OPC OPC

Field Device Control System

Controller

Classic OPC and OPC UA

OPC UA

Abstract protocol specification

and concrete technology

mappings

Service-oriented Architecture

More areas of applications incl.

embedded systems

Benefits compared to OPC

Reduced technology or vendor

dependency

Security is inherent part of

architecture and implementation

Simplified security onfiguration

© ABB

Month DD, YYYY | Slide 7

Display

Application

Trend

Application

Field Device Control System Controller

Display

Application

Trend

Application OPC OPC

Field Device Control System

Controller

OPC UA

Technology

Mapping 1

Classic OPC and OPC UA Reduced technology or vendor dependency

Specification

Abstract service and technology mappings

Allows adding new mappings in case of security

vulnerabilities!

Protocol Stack Implementation

Minimal platform-dependent layer

Allows replacing libraries in case of security

vulnerabilities!

© ABB

Month DD, YYYY | Slide 8

Abstract

Services

Technology

Mapping 2

OPC UA

Client/Server

OPC UA Stack

Platform Layer

Classic OPC and OPC UA Security is inherent part of architecture and implementation

© ABB

Month DD, YYYY | Slide 9

HTTPs

Classic OPC and OPC UA Simplified security configuration

Few well-defined security policies

Consistent set of security-related configuration for

communication

Algorithms for encryption and digital signatures

Type of user credentials

…

Agreement of applied security can be done by

Pre-configuration by client

Selection after server discovery

Automatic negotiation between client and server

© ABB

Month DD, YYYY | Slide 10

Classic OPC and OPC UA Simplified security configuration

© ABB

Month DD, YYYY | Slide 11

Discovery Endpoint OPC UA Client OPC UA Server

Session Endpoint

OPC UA Discovery

Server

Alternative: Offline

Configuration and

skip step 0, 1 and 2

1. Where are the

servers?

3. Connect to the session

endpoint.

Well-known Endpoint

0. Register (What

does the server

support?

2. What session endpoints

are available and how

can I access them?

Classic OPC and OPC UA …and where are remaining challenges?

OPC UA requires up to three types of digital certificates for

different purposes !

Publik Key Infrastructure required which requires significant

efforts.

Usage of digital certificates is quite new to automation

Learning curve is still required

Dealing with certificates in controllers

Limited resources (processing power, memory)

Long lifetime without interruption (up to 10-20 years)

Poor entropy sources

© ABB

Month DD, YYYY | Slide 12

All problems solved?

© ABB

Month DD, YYYY | Slide 13

Reduced technology dependency

Security is inherent part of architecture and

implementation

Simplified security configuration

Future? Security impact of Cloud Computing

© ABB

Month DD, YYYY | Slide 14

Factory

Headquarter

Factory