View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009520 | 10000-002: Security | Spec | public | 2024-04-15 12:56 | 2024-04-17 15:44 |
Reporter | dziegler | Assigned To | randyarmstrong | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | acknowledged | Resolution | open | ||
Summary | 0009520: Update SecurityPolicy [ECC-B] – ECC-nistP256 Encryption Algorithm | ||||
Description | The current implementation of SecurityPolicy [ECC-B] – ECC-nistP256 relies on AES128-CBC for encryption, as outlined in the specification. However, AES128-CBC should be considered for "legacy" systems only according to (H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018; available at https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf) , signaling the need for an update to more modern encryption variants. The report highlights the necessity of transitioning to more robust encryption algorithms, such as AES-128-GCM, for enhanced security and resilience against evolving threats. To address this concern and ensure the security of OPC UA implementations, it is proposed to update SecurityPolicy [ECC-B] – ECC-nistP256 to utilize AES-128-GCM instead of AES-128-CBC. This transition will align OPC UA with contemporary security practices and provide a stronger defense against potential vulnerabilities. | ||||
Tags | Security | ||||
Commit Version | |||||
Fix Due Date | |||||
|
Agreed that adding GCM profiles is best for the long term. |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-04-15 12:56 | dziegler | New Issue | |
2024-04-15 12:56 | dziegler | Tag Attached: Security | |
2024-04-17 15:44 | randyarmstrong | Assigned To | => randyarmstrong |
2024-04-17 15:44 | randyarmstrong | Status | new => acknowledged |
2024-04-17 15:44 | randyarmstrong | Note Added: 0021133 |