The OPC UA security model

The OPC UA security model is implemented through the definition of a secure channel, on which a session is based. A secure channel makes the exchange of data secure in different ways:

• It ensures the integrity of the data using digital signatures.
• It ensures confidentiality through encryption.
• It carries out the authentication and authorization of applications using X.509 certificates.

The entities involved, as shown in the following diagram, are the Application Layer, the Session, and the Transport Layer:

• The Application Layer is used to transmit information between clients and servers that have established an OPC UA session.
• An OPC UA session is established on a secure channel (located in the Communication Layer), which makes it safe to exchange data.
• The Transport Layer is the level responsible for transmitting and receiving data through a socket connection, to which error-handling mechanisms are applied to ensure the system is protected against attacks such as denial-of-service (DoS):

The creation of a secure channel is based on the endpoint and each server offers one or more endpoints. Each endpoint has the following features:

• Endpoint URL: This is the network address of the endpoint used by the client to establish a secure channel.
• Server application instance certificate: This is the public key of the server used by the client to make the exchange of data secure.
• Security policy: This is the set of algorithms used in security mechanisms and also includes the length of the key that is used. An example of a security policy is Advanced Encryption Standard (AES) with a 128-bit key.
• Security mode: This ensures the authentication at the level of application. There are three different modes that can be used: SignAndEncrypt, Sign, or None.
• Authentication: This refers to the mechanisms used to authenticate a user during the creation of a session by means of a username and password, a certificate, or through anonymous authentication.
• Transport protocol: This specifies the network protocol used.

The creation of a secure channel is based on three discovery services: FindServers, RegisterServer, and GetEndpoints. We also have a discovery server, where all the active OPC UA servers (RegisterServer) are registered. It is the client's responsibility to ask the discovery server for a list of the active OPC UA servers (using FindServers) and then to request to the chosen server and the list of available endpoints (using GetEndpoints). To establish a connection between an OPC UA client and an OPC UA server, we have to follow four steps. The first two are shown in the following diagram:

1. Set the configuration options for the secure connection. If the application is preconfigured and already knows how to connect to the server, we can skip this step. If not, the client must send a GetEndpoints request to the discovery endpoint of the server to which it wants to connect in order to receive the descriptions of the existing session endpoint and the related available security configurations, including security policies, security modes, and server Application Instance Certificate. The security policy defines the algorithms to be used for signing and encrypting messages, while the security mode defines the type of security.

The client selects a session endpoint with a supported security configuration and validates the server Application Instance Certificate. This is done by checking its validity status with the associated Validation Authority (VA).

1. If the certificate is reliable, we send an Open Secure Channel request in line with the security policy and the security mode of the selected session endpoint:
   
   • If the security mode is None, the Open Secure Channel request is sent without any security mechanisms.
   • If the security mode is Sign, the Open Secure Channel request is sent using the private key of the client Application Instance Certificate as a signature.
   • If the security mode is SignAndEncrypt, the Open Secure Channel request is sent after encrypting it using the public key of the server Application Instance Certificate.

The security policy specifies which encoding and signature algorithms should be used for signing and encrypting messages:

• • Once the server receives the Open Secure Channel message, the server validates the client's Application Instance Certificate by a request to the VA.
  • If the certificate is considered valid, the message is interpreted according to the security policy and the security mode. The message is decoded using the server private key and the signature is verified using the client's public key.
  • The server sends the response to the client in the same way as the client sent the request.
  • The secure channel is established.

The creation of the secure channel is mainly to create symmetric keys, which enable the exchange of secret information between clients and servers. The symmetric keys mean we can avoid using public key cryptography (asymmetric keys), which is less efficient in terms of computational speed.

1. Create a session on top of the previously-established secure channel:

A CreateSession request is sent to the server. The server replies and provides its software certificates to communicate its functionality and to demonstrate the ownership of the certificate used in the creation of the underlying secure channel.

1. Activate the session that was just created. The customer sends an ActivateSession request to the server, including the credentials of the current user and the client's software certificates. The credentials can either be represented by a X.509 certificate that has been validated by a VA, or by a username and password pair. Once the user credentials and the software certificates have been validated by the server, the session is established and active, and the client can start accessing the server data.