Secure Provisioning of OPC UA Applications Using the Asset Administration Shell

Modern Industry 4.0 environments are highly interconnected and have therefore an increased need for security. Protocols for machine-to-machine communication, like OPC UA, can provide this security. However, before using their security mechanisms, a trust relationship between the application and operator network first needs to be established. This trust and key exchange is performed during secure provisioning, a process often performed manually and without security in mind. In OPC UA, there are already automated provisioning mechanisms planned and partly existing, but they either involve high manual effort or cannot provide mutual authentication between application and operator network. The Asset Administration Shell (AAS), as a realization of the digital twin concept, already provides the possibility of a secured data and information exchange between manufacturer and operator. In this work, we combine the security mechanisms of OPC UA and AAS to provide a more secure and automated provisioning of new OPC UA applications.