Secure Transfer Of Messages - Siemens SIMATIC ET 200AL System Manual

OPC UA communication
9.2 Security at OPC UA
9.2.6

Secure transfer of messages

Establishing secure connections with OPC UA
OPC UA uses secure connections between client and server. OPC UA checks the identity of the
communication partners. OPC UA uses certificates in accordance with X.509-V3 from the ITU
(International Telecommunication Union) for client and server authentication. Exception: A
secure connection is not established with the "No security" security policy.
Message security mode
OPC UA uses the following security policies to protect messages:
• No security
All messages are unsecured. In order to use this security policy, establish a connection to a
None end point of a server.
• Signing
All message are signed. This allows the integrity of the messages received to be checked.
Manipulations are detected. In order to use this security policy, establish a connection to a
Sign end point of a server.
• Sign & Encrypt
All messages are signed and encrypted. This allows the integrity of the messages received
to be checked. Manipulations are detected. What is more, no attacker can read the
content of the message (protection of confidentiality). In order to use this security policy,
establish a connection to a "SignAndEncrypt" end point of a server.
The security policies are also named according to the algorithms used. Example:
"Basic256Sha256 - Sign & Encrypt" means: Secure endpoint, supports a series of algorithms
for 256-bit hashing and 256-bit encryption.
182
Function Manual, 05/2021, A5E03735815-AJ
Communication