Resting on Feet of Clay: Securely Bootstrapping OPC UA Deployments

Presented at Black Hat Europe 2021, Nov. 10, 2021, 2:30 p.m. (30 minutes)

While most protocols in industrial control systems (ICS) rarely implement security features, the OPC Foundation's Unified Architecture (OPC UA) promises security features such as authentication, authorization, integrity, and confidentiality. Nevertheless, researchers have found large numbers of insecurely configured OPC UA devices exposed to the Internet. That means that specified security features will not always lead to secure systems in practice. Challenges in the adoption of those security features by product vendors, libraries implementing the standard, and end-users were not investigated so far. In particular, the initial distribution of public keys is a fundamental issue.

On the Internet, the initial distribution of public keys is commonly solved by shipping devices (or OS) with certificates of a set of core root certificate authorities (CAs). Servers (identified by unique DNS names) then provide certificates authenticated directly (or indirectly) by those root CAs. Such a solution is not possible for ICS networks, as they are air-gapped and do not provide (externally verifiable) unique addressing. Local self-signed CAs are an alternative, but their certificates will not be shipped together with devices newly introduced into the system. That implies that bootstrapping the security in an OPC UA system critically relies on the manual pre-distribution of certificates. In this talk, we will discuss the practical challenges to configure OPC UA securely. We review 48 publicly available artifacts consisting of products and libraries for OPC UA and show that 38 out of the 48 artifacts have one (or more) security issues related to missing support for certificate management features or recommend insecure behaviors for certificate exchange. Consequently, relying on those products and libraries will result in vulnerable implementations of OPC UA security features.

Based on the identified security pitfalls in OPC UA implementations, we will implement and demonstrate three attacks that exploit insecure features in key exchange and management. Through these attacks, we will demonstrate that signed and encrypted OPC UA traffic does not guarantee any security property and it is possible to steal user credentials, eavesdrop on process information, manipulate the physical process through sensor values and actuator commands, and prevent the detection of anomalies in the physical process. We will showcase a video of these attacks implemented on an Industrial testbed operated with OPC UA.

In conclusion, we will discuss possible countermeasures against the presented attacks.


Presenters:

  • Nils Ole Tippenhauer - Faculty, CISPA Helmholtz Center for Information Security
    Nils Ole Tippenhauer is a faculty at the CISPA Helmholtz Center for Information Security, heading the SCy-Phy research group. Until 2018, he was an Assistant Professor at the Singapore University of Technology and Design (SUTD). He earned his Dr. Sc. in Computer Science from ETH Zurich (Switzerland) in 2012. At ETH, he was part of the System Security group led by Prof. Srdjan Capkun. In 2007, he received a degree in Computer Engineering (Dipl. Ing.) from the Hamburg University of Technology (Germany). As part of his undergraduate studies, he visited the University of Waterloo, Ontario (Canada) between 2004-2005 supported by a DAAD scholarship.
  • Anne Müller - PhD Student, CISPA Helmholtz Center for Information Security
    Anne Müller completed a Bachelors Degree in Bioinformatics at Saarland University. Then she continued studying Computer Science as a Master student at Saarland University and joined Cispa as a PhD student in 2021
  • Alessandro Erba - PhD Student, CISPA Helmholtz Center for Information Security
    Alessandro Erba is a PhD student at CISPA Helmholtz Center for Information Security and Saarbrücken Graduate School of Computer Science, advised by Dr. Nils Ole Tippenhauer. His research interests are Cyber-Physical Systems Security, Industrial Control Systems security, and Adversarial Machine Learning. He holds Master's and Bachelor's degrees in Computer Science Engineering from Politecnico di Milano. During his master's, he joined the iTrust lab at the Singapore University of Technology and Design as a visiting student.

Links:

Similar Presentations: