View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009520 | 10000-002: Security | Spec | public | 2024-04-15 12:56 | 2024-04-17 15:44 |
| Reporter | dziegler | Assigned To | randyarmstrong | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | acknowledged | Resolution | open | ||
| Summary | 0009520: Update SecurityPolicy [ECC-B] – ECC-nistP256 Encryption Algorithm | ||||
| Description | The current implementation of SecurityPolicy [ECC-B] – ECC-nistP256 relies on AES128-CBC for encryption, as outlined in the specification. However, AES128-CBC should be considered for "legacy" systems only according to (H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018; available at https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf) , signaling the need for an update to more modern encryption variants. The report highlights the necessity of transitioning to more robust encryption algorithms, such as AES-128-GCM, for enhanced security and resilience against evolving threats. To address this concern and ensure the security of OPC UA implementations, it is proposed to update SecurityPolicy [ECC-B] – ECC-nistP256 to utilize AES-128-GCM instead of AES-128-CBC. This transition will align OPC UA with contemporary security practices and provide a stronger defense against potential vulnerabilities. | ||||
| Tags | Security | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
Agreed that adding GCM profiles is best for the long term. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-04-15 12:56 | dziegler | New Issue | |
| 2024-04-15 12:56 | dziegler | Tag Attached: Security | |
| 2024-04-17 15:44 | randyarmstrong | Assigned To | => randyarmstrong |
| 2024-04-17 15:44 | randyarmstrong | Status | new => acknowledged |
| 2024-04-17 15:44 | randyarmstrong | Note Added: 0021133 |
