Secure Transfer Of Messages - Siemens SIMATIC ET 200AL System Manual

OPC UA communication
9.2 Security at OPC UA
9.2.6

Secure transfer of messages

Establishing secure connections with OPC UA
OPC UA uses secure connections between client and server. OPC UA checks the identity of
the communication partners. OPC UA uses certificates in accordance with X.509-V3 from
the ITU (International Telecommunication Union) for client and server authentication.
Exception: A secure connection is not established with the "No security" security policy.
Message security mode
OPC UA uses the following security policies to protect messages:
● No security
All messages are unsecured. In order to use this security policy, establish a connection to
a None end point of a server.
● Signing
All message are signed. This allows the integrity of the messages received to be
checked. Manipulations are detected. In order to use this security policy, establish a
connection to a Sign end point of a server.
● Sign & Encrypt
All messages are signed and encrypted. This allows the integrity of the messages
received to be checked. Manipulations are detected. What is more, no attacker can read
the content of the message. (confidentiality protected). In order to use this security policy,
establish a connection to a "SignAndEncrypt" end point of a server.
The security policies are also named after the algorithms used. Example: "Basic256Sha256 -
Sign & Encrypt" means: Secure endpoint, supports a series of algorithms for 256-bit hashing
and 256-bit encryption.
154
Function Manual, 12/2017, A5E03735815-AF
Communication