stefan-helmut leitner, abb corporate research germany ... · classic opc and opc ua opc ua abstract...
TRANSCRIPT
© ABB
Month DD, YYYY | Slide 1
Secure Communication in Industrial Automation by Applying OPC UA
Stefan-Helmut Leitner, ABB Corporate Research Germany, Zukunft der Netze 2011, Hamburg
© ABB
Month DD, YYYY | Slide 2
Agenda
Industrial Automation
Classic OPC and OPC UA?
All problems solved?
Future?
Industrial Automation
© ABB
Month DD, YYYY | Slide 3
Manufcturing Process Input Output
Inte
rve
ntio
n
Industrial Automation deals with automation of
manufacturing processes
Automotive Food Paper
Su
pe
rvis
ion
Industrial Automation
© ABB
Month DD, YYYY | Slide 4
Interaction with
Business IT
Systems
Plant supervision
and control
Process supervision
and intervention
Process data
acquisition and
device control
Process data
acquisition and
device control
Manufacturing Process Input Output
Industrial Automation
Differences compared to Business IT
Availability has highest security goal
Safety is (often) more important than security
Long system lifetime (<20 years without interruption)
Other Challenges
Increasing interconnectivity
Increasing usage of COTS and Open Source
Interoperability and standardization
Example: OPC
© ABB
Month DD, YYYY | Slide 5
Classic OPC and OPC UA
OPC
Widely adopted industry
standard
Data exchange with process
devices
Pure interface specification
Based on Microsoft COM/DCOM
Deficiencies
Technology Dependency
(COM/DCOM retires)
Complicated security configuration
Security not sufficiently considered
in architecture
Application X ...
Field Devices Control System Controller
Application Y
Display
Application
Trend
Application OPC OPC
Field Device Control System
Controller
Classic OPC and OPC UA
OPC UA
Abstract protocol specification
and concrete technology
mappings
Service-oriented Architecture
More areas of applications incl.
embedded systems
Benefits compared to OPC
Reduced technology or vendor
dependency
Security is inherent part of
architecture and implementation
Simplified security onfiguration
© ABB
Month DD, YYYY | Slide 7
Display
Application
Trend
Application
Field Device Control System Controller
Display
Application
Trend
Application OPC OPC
Field Device Control System
Controller
OPC UA
Technology
Mapping 1
Classic OPC and OPC UA Reduced technology or vendor dependency
Specification
Abstract service and technology mappings
Allows adding new mappings in case of security
vulnerabilities!
Protocol Stack Implementation
Minimal platform-dependent layer
Allows replacing libraries in case of security
vulnerabilities!
© ABB
Month DD, YYYY | Slide 8
Abstract
Services
Technology
Mapping 2
OPC UA
Client/Server
OPC UA Stack
Platform Layer
Classic OPC and OPC UA Security is inherent part of architecture and implementation
© ABB
Month DD, YYYY | Slide 9
HTTPs
Classic OPC and OPC UA Simplified security configuration
Few well-defined security policies
Consistent set of security-related configuration for
communication
Algorithms for encryption and digital signatures
Type of user credentials
…
Agreement of applied security can be done by
Pre-configuration by client
Selection after server discovery
Automatic negotiation between client and server
© ABB
Month DD, YYYY | Slide 10
Classic OPC and OPC UA Simplified security configuration
© ABB
Month DD, YYYY | Slide 11
Discovery Endpoint OPC UA Client OPC UA Server
Session Endpoint
OPC UA Discovery
Server
Alternative: Offline
Configuration and
skip step 0, 1 and 2
1. Where are the
servers?
3. Connect to the session
endpoint.
Well-known Endpoint
0. Register (What
does the server
support?
2. What session endpoints
are available and how
can I access them?
Classic OPC and OPC UA …and where are remaining challenges?
OPC UA requires up to three types of digital certificates for
different purposes !
Publik Key Infrastructure required which requires significant
efforts.
Usage of digital certificates is quite new to automation
Learning curve is still required
Dealing with certificates in controllers
Limited resources (processing power, memory)
Long lifetime without interruption (up to 10-20 years)
Poor entropy sources
© ABB
Month DD, YYYY | Slide 12
All problems solved?
© ABB
Month DD, YYYY | Slide 13
Reduced technology dependency
Security is inherent part of architecture and
implementation
Simplified security configuration
Future? Security impact of Cloud Computing
© ABB
Month DD, YYYY | Slide 14
Factory
Headquarter
Factory