Portable Trust Anchor for OPC UA Using Auto-Configuration

With increasing connectivity between industrial devices their attack surface grows. Consequently, secure setups have to allow these devices to distinguish trustworthy and untrustworthy communication partners. One of the most significant and wide-spread protocols for Ethernet-based data exchange between industrial devices and controls is the Open Platform Communications Unified Architecture (OPC UA). Although the OPC UA standard includes certificate-based security measures, it lacks of applicable solutions for bootstrapping trust. For secure communication, each OPC UA application is supposed to hold an application certificate which can be managed by a Global Discovery Server (GDS). Simply put, applications request their certificate from the GDS as well as information about trustworthy and revoked certificates of third parties. However, the OPC UA specifications do not suggest a secure method to establish the initial trust for the communication between an application and the GDS. Moreover, in current implementations, the administrator has to manually interchange the certificates between the peers to build sufficient trust relationships. This paper proposes an evaluated portable trust-anchor-based concept to establish this initial trust and demonstrates it solely based on standardized OPC UA communication.