The consideration of OPC UA security in constrained environments
draft-wei-ace-opc-ua-security-00

Document Type Active Internet-Draft (individual)
Last updated 2017-01-16
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
ACE Working Group                                               M. Wei
Internet Draft                                               QQ. Huang
Intended status: Standards Track                                SY. Li
Expires: July 20, 2017                                         P. Wang
                                                             SD. Zhang
                                               Chongqing University of
                                          Posts and Telecommunications
                                                      January 16, 2017

      The consideration of OPC UA security in constrained environments
                     draft-wei-ace-opc-ua-security-00

Abstract

   OPC Unified Architecture (OPC UA) is a communication protocol for
   industrial automation developed by the OPC Foundation. Compared with
   OPC, OPC UA provides a complete set of security mechanisms to ensure
   data confidentiality, data integrity and data availability. With the
   development of industrial internet of things, more and more nodes
   are expected to be implemented OPC UA, which are resource
   constrained. This draft discusses OPC UA security mechanisms and the
   applicability in a constrained environment. An outline of a
   lightweight security mechanism for OPC UA using in constrained
   device is proposed.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on July 20, 2017.

Wei, et al.             Expires July 20, 2017                 [Page 1]
 Internet-Draft            ACE OPC UA security             January 2017

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents

   1. Introduction ...................................................2
      1.1. Requirements Notation......................................3
      1.2. Terms Used ................................................3
   2. OPC UA security model...........................................3
   3. The security requirements of OPC UA in constrained environments.5
   4. A lightweight security mechanism for OPC UA ....................6
   5. Security Considerations.........................................7
   6. IANA Considerations ............................................7
   7. References .....................................................7
      7.1. Normative References.......................................7
      7.2. Informative References ....................................7

1. Introduction

   With the development of industrialization and information technology,
   the requirement of information sharing is more and more intense in
   industrial automation system. However, there are generally a number
   of equipments from different manufacturers and different information
   exchange standards in the industrial automation system. It is
   difficult to achieve interconnection of information. The problem of
   "Information Island" is easy to cause. In order to achieve cross
   network and platform communication, OPC foundation proposes an OPC
   communication protocol. OPC Unified Architecture (OPC UA) [IEC62541]
   is proposed, which provide a path forward from the original OPC
   communications model (namely, the Microsoft Windows only process
   exchange COM/DCOM) to a cross-platform service-oriented architecture
   (SOA) for process control, while enhancing security and providing an
   information model.
Show full document text