Information Revolution 2014 Microsoft Conference Center, Redmond, WA August 5th – 6th
Nathan Pocock Darek Kominek Paul Hunkar Technical Director Strategic Marketing Manager Technical Director OPC Foundation MatrikonOPC DS Interoperability LLC Security Backgrounder OPC UA Security Overview Questions
2 HMI Historian Valid Systems Connecting Securely UA Client
UA UA UA Server
Embedded UA Server Device
Authorized Users Gaining Access
3 Must uphold: C I A
Confidentiality Integrity Availability
How? • Build standard with security in mind • Use industry accepted standards & best practices (Ex. WS-*,NERC, ISA99, NIST…) • Keep it flexible: Account for evolution
4 1. Should the Client and Server trust each other? 2. Should the Server trust the current user of a trusted application? 3. How can the data be protected?
5 Backgrounder
6 Physical Security Digital Security
Physical Keys & Locks Cryptographic Keys & Algorithms
Keys - Physical Keys - Large Prime numbers (hard to guess) Locks - Physical Locks - Cryptographic Algorithms
Lock & Unlock Encrypt & Decrypt
Block Access, protect contents Block Access, protect contents, prove identity
7 Focus: Mechanics
Side A Side B
Private Key A Public Key A Public Key B Private Key B
Sides A & B: Exchange Public Keys
8 Focus: Mechanics
Side A Side B
TestTest Phrase Phrase A
Private Key A Public Key B Public Key A Private Key B
Test Phrase(B)
Side A: Encrypt “Test Phrase” with Public Key B, send to B
9 Focus: Mechanics
Side A Side B
Test Phrase Test Phrase
Private Key A Public Key B Public Key A Private Key B
Test Phrase(A) Test Phrase(B)
Side B: Decrypt with Private Key B, then Encrypt with Public Key A, send to A
10 Focus: Mechanics
Side A Side B
Test Phrase Test Phrase
PrivateTest Phrase Key AA Public Key B Public Key A Private Key B
Test Phrase(A)
Side A: Decrypt with Private Key A – ensure both sides can process message
Asymmetric Encryption: Each side uses different key to encrypt messages.
Symmetric Encryption: Both sides use agreed to key for encrypt/decrypt
11 Focus: Signing vs. Encryption
Private and public keys can be used for both functions:
• Signing: Proving you are who you say you are • Encrypting: Protecting the data being sent so only receiver can read
Operation What’s Generated Consumed Generated Using Using Signing CRC / Hash Sender’s Sender’s Private Key Public Key Encrypting Scrambled Receiver’s Receiver’s Message Public Key Private Key
12 Focus: What is a Certificate
Side A Certificate (X.509)
Public Key A • Key Thumbprint • Key Size PrivateTest Phrase Key AA Public Key B • Location • Expiration • URI • Usage…
Certificates provide: 1. standardized key encoding format 2. additional context (expiry date)
13 Focus: Trusting Certificates Side A
PrivateTest Phrase Key AA Public Key B Administrator
Unknown Reject Trust
Certificates must be evaluated before they are trusted…
14 Example: Not Trusted Certificate
15 Focus: Certificate Management
Public Key Infrastructure (PKI) ◦ System for managing certificates ◦ Management options:
Self-Signed Local Certificate External Certificate (Manual Process) Authority (CA) Authority (CA)
Pro: Pro: Pro: - Low infrastructure cost - Medium/Large - Large installations installations - Multiple CA’s Con: - Local trust Con: - work intensive - Chaining - Medium/high cost - does not scale well Con: - 3rd Party trust - Medium cost
16 Focus: Scalable Certificate Management
Certificate Authority “chains” CN=Company Root CA Create hierarchy
Improve organization Issues CAs issue/revoke certificates Applications selectively trust CAs
CN=Factory Root CA CN=Factory 2 Root CA CN=Factory 3 Root CA
Issues Revokes
SN=1234 CN=Application X CN=Application X CN=Application X CN=Application X CN=Application X SN=1235 CN=Application X
SN=1236
Revocation List Focus: Example Certificate Management Utility (OPC Foundation)
Available for OPC Foundation members
18 18 High Level Overview
19 Security built into specification from ground up.
Utility Type Specification Parts
Part 12 - Discovery
Part 13 - Aggregates
20 20 • Objectives, Threats, & Mitigations • Secure Infrastructures • Secure Applications
OPC UA Part 2 Security Model
OPC UA Part 4 OPC UA Part 6 OPC UA Part 7 OPC UA Part Services Mappings Profiles 12 Discovery
21 Application Authentication ◦ All application must have a unique Application instance Certificate ◦ URI should identify the instance, vendor and product
User Authentication ◦ Username / password, WS-Security Token or X.509 ◦ Fits into existing infrastructures like Active Directory
User Authorization ◦ Granular control over user actions: read, write, browse, execute
Server Availability ◦ Minimum processing before authentication Restricting message size No security related error codes returned … System Auditability ◦ Generating audit events for security related operations
22 Availability Fast & Efficient Authentication
Integrity Signing of Messages OPC UA Write: Variable X Value 1 Information and Functionality
Confidentiality Encrypting of Messages
OPC UA Write: Variable X Value 1 Information and Functionality
23 - Trusted applications Create Channel - Communication Setup
Create Session - User Authentication
Control Actions - User Authorization
Audit - Traceability via logging
24 End-User: Select needed security level, then connect. Easy.
Easily choose security level:
- Sign & Encrypt - Sign - None (Least desirable)
25 End-Users: Have a choice on how to best identify self. Easy.
3 user login types (Token types): 1. Username/password 2. X509Certificate (Smart Card) 3. WS-Security Token (Kerberos or SAML)
26 Operation User 1 User 2 User 3
Browse
Read
Write
Execute
27 Log all actions Audit regularly as required Act on suspicious activity Integrate with IDS/IPS
28 OPC UA Part 2 Security Model
OPC UA Part 4 OPC UA Part 6 OPC UA Part 7 OPC UA Part Services Mappings Profiles 12 Discovery
• Secure Channel • Sessions • Audits
29 OPC UA UA Server UA Client
Application Layer Sessions Application Layer
Communication Layer Channels Communication Layer
Transport Layer Wire Protocol Transport Layer
30 Get Endpoints
OPC UA Server End Points & Security Info
Certificate Valid?
31 Open Secure Channel
OPC UA Server Secure Channel Open
Certificate Valid?
32 Create Session
OPC UA Server Session ID
33 Directory Service
Activate Session
OPC UA Server Session Activated
Token Authentication
34 Symmetric Security
OPC UA Session established! Server Routine Communication
35 OPC UA Part 2 Security Model
OPC UA Part 4 OPC UA Part 6 OPC UA Part 7 OPC UA Part Services Mappings Profiles 12 Discovery
• Technology Mapping • Standards • Algorithms
36 OPC UA relies upon approved security standards ◦ WS-Security ◦ WS-Trust ◦ WS-Secure Conversation ◦ Public Key Cryptography Standards (PKCS) ◦ Digital Signature Standard (DSS) ◦ Advanced Encryption Standard (AES)
37? OPC UA Part 2 Security Model
OPC UA Part 4 OPC UA Part 6 OPC UA Part 7 OPC UA Part Services Mappings Profiles 12 Discovery
• Make OPC UA Future Friendly • Allow for use of different encryption algorithms
38 OPC UA Part 2 Security Model
OPC UA Part 4 OPC UA Part 6 OPC UA Part 7 OPC UA Part Services Mappings Profiles 12 Discovery
Global Discovery Service
39 OPC UA OPC UA OPC UA Client Client Client NEW
GDS Features: - Security Config Central Server - Find Servers - Certificate creation / management GDS (Port:4840) - Certificate Authority (CA) Pull / Push CA - Management of Certificate Certificates Revocation Lists (CRL) List of registered UA Servers - Push / Pull of Certificates / CRL - Security Config - Network wide server registry - Register Server
PLC OPC LDS PC LDS UA Server OPC UA OPC UA Server Server
40 OPC UA security should be part of a security management system
OPC UA is secure-by-design addressing security concerns by providing: ◦ Authentication of Users, Application instances (Software) ◦ Confidentiality and integrity by signing and encrypting messages ◦ Availability by minimum processing before authentication ◦ Auditability by defined audit events for OPC UA operations
OPC UA allows different levels of security
OPC UA certificate management can be retrofitted or new!
41 Nathan Pocock Darek Kominek Paul Hunkar Technical Director Strategic Marketing Manager Technical Director OPC Foundation MatrikonOPC DS Interoperability LLC
42 Nathan Pocock Darek Kominek Paul Hunkar Technical Director Strategic Marketing Manager Technical Director OPC Foundation MatrikonOPC DS Interoperability LLC
43 44 Main goal(s) Algorithm(s)/ Usage Standard(s) MACs Authentication, ► HMAC-SHA1 ► Message authentication Integrity ► HMAC-SHA256 Signature Authentication, ► RSA-SHA1 ► Signing certificates, security Integrity handshaking
Symmetric Confidentiality ► AES-128-CBC ► Message encryption Encryption ► AES-192-CBC ► AES-256-CBC Asymmetric Confidentiality ► RSA-PKCS1 ► Security handshaking Encryption ► RSA-OAEP Key Generation Confidentiality ► P-SHA1 ► Session key generation (for message encryption)
Certificates Authentication, ► X.509 ► Application authentication, user Authorization ► X.509v3 (Extensions) authentication, key exchange
45? Subject names identify the holder of the certificate ◦ Structured value with multiple fields ◦ Common Name (CN) ◦ Organization (O) ◦ Country (C) ◦ Domain (DC)
String syntax for display purposes ◦ CN=UASampleServer,O=MyCompany,DC=MyComputer
Subject names are not guaranteed to be unique ◦ Thumbprints better choice when a unique id is required ◦ Thumbprint is the SHA1 digest of the DER encoded certificate
46 46 Specify additional names for the certificate ◦ Used for validation purposes ◦ Domain Name, IP Address, Application URI
The alternate name binds the certificate to a context ◦ Domain/IP address must match the host in the Endpoint URL ◦ The URI must match the URI in the Application Description
Helps prevent spoofing
47 47 Certificates Authorities Auditing
Certificates stored in a “trust list”: ◦ File structure ◦ Windows Certificate Store
Application’s certificates must be trusted, to connect
Move certificates from “rejected” to “trusted” Certificates Authorities Auditing
Certificate stores scale poorly in large environments.
Administrative burden of trusts and no-trusts etc.
Certificate Authorities (CA) can issue certificates.
Trust the CA, and implicitly trust all apps who certificate was issued Certificates Authorities Auditing
CA issues App Certificate
Easier to maintain
Organization create have >1 CA
CA’s can also “revoke” certificates that have been compromised. Flexibility and Extensibility ◦ Profiles and Policies Profiles list various functionalities of UA applications
Security Profile 1 Application Layer • Encryption Alg. 1 • Security Policy 1 • Signature Alg. 2 • Security Policy 2
Security Profile 2 Communication Layer • Encryption Alg. 3 Crypto Library • Signature Alg. 4 • Encryption Alg. 1 • Encryption Alg. 2 • Encryption Alg. 3 • Encryption Alg. 4 • Encryption Alg. 5 • Signature Alg. 1 • Signature Alg. 2 • Signature Alg. 3 • Signature Alg. 4
Transport Layer
51 51 Flexibility and Extensibility ◦ Profiles and Policies Profiles list various functionalities of UA applications
Security Profile 1 Application Layer • Encryption Alg. 1 • Security Policy 1 • Signature Alg. 2 • Security Policy 3
Security Profile 2 Communication Layer • Encryption Alg. 3 Crypto Library • Signature Alg. 4 • Encryption Alg. 1 Security Profile 3 • Encryption Alg. 2 • Encryption Alg. 5 • Encryption Alg. 3 • Signature Alg. 4 • Encryption Alg. 4 • Encryption Alg. 5 • Signature Alg. 1 • Signature Alg. 2 • Signature Alg. 3 • Signature Alg. 4
Transport Layer
52 52 MyDevice MyServer
53 53 MyDevice MyServer
54 54