Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB 
Short description of the project
In the BMBF-funded HardShiP project, we are developing advanced security mechanisms based on trusted computing technologies for the industrial communication protocol OPC UA. We particularly work on attestation of communication partners using Trusted Platform Modules (TPM).
Project objectives
In OPC UA, clients and servers can already authenticate each other using certificates and generate key material to establish confidential communication channels. However, security in OPC UA can be further enhanced by using trusted computing technologies. In HardShiP we focus on the utilization of Trusted Platform Modules (TPMs) in OPC UA. TPMs chips are integrated into the hardware platform, provide cryptographic functions and can generate unique fingerprints of a system. The following approaches for increasing the security of communication in OPC UA are researched in HardShiP.
- TPMs can be used to generate key material for digital certificates and to store the private keys securely in trusted hardware.
- TPMs can serve as hardware trust anchors for attestation. Attestation can be used to remotely verify that a specific, trusted software configuration is running on a system.
Project results
The use of TPM-based attestations in particular can sustainably increase security in OPC UA-based infrastructures. In the course of establishing communication channels between client and server, an attestation protocol ensures that the software stacks of the devices are in an expected state that is considered trustworthy. In the simplest case, the expected system configuration describes the initial boot state of the device. In addition, however, the integrity of the dynamically loaded application software can also be verified as part of the software identity of the device. This results in two advantages for security.
- We can detect changes to the installed device software at runtime that indicate an infection with malware.
- We can link authorization decisions to successful attestation.
In the second case, for example, it is only possible to give an OPC UA client access to certain server functions if it has previously been attested that it is in a trustworthy software state. Once an OPC UA server has been successfully attested by a client, the client can then rely on the fact that it is only retrieving sensor or process data from a non-manipulated device.
As part of the HardShiP project, we are developing corresponding TPM-based security mechanisms for OPC UA. This will enable OPC UA users to benefit from the additional possibilities offered by devices equipped with TPMs or other trusted computing technologies.