Simulating and Detecting Attacks of Untrusted Clients in OPC UA Networks

Abstract

The usage of machine to machine communication and Industrial Internet of Things is increasing nowadays, in particular in industry environments. Devices with low hardware capabilities may e.g. be used for sensing data, for example, on an industrial network. Specific protocols and frameworks were being developed for these use cases. One such framework is OPC UA, which allows signed and encrypted communication and therefore addresses already important security requirements. However, an attacker may also be able to encrypt malicious packets so that it may bypass security systems and/or empower the attack, as encrypted packets typically need more hardware consumption to be handled. In this paper the focus is on Denial of Service attacks in OPC UA networks. An analysis of possible Denial of Service attacks is presented and an approach to detect such attacks is implemented in the context of a simulation scenario. Our evaluations show how such attacks may affect server CPU consumption and could be very powerful when a large number of devices is compromised.