当前位置:首页 > 报告详情

无需 VPN?针对 OPC UA 协议的加密攻击.pdf

上传人: 竿*** 编号:981872 2025-11-29 31页 4.28MB

1、#BHUSA BlackHatEventsNo VPN Needed?No VPN Needed?Cryptographic Cryptographic Attacks Against the OPC UA ProtocolAttacks Against the OPC UA ProtocolTom TervoortINTRO2#BHUSA BlackHatEventsOutlineWhat is OPC UA?OPC UA CryptographyAttack 1:signing oracle auth bypassAttack 2:padding oracle auth bypassFol

2、low-up and conclusions#BHUSA BlackHatEventsWhat is OPC UA?Photos by Magda Ehlers,Tom Fisk,Pixabay,Mattcmoi#BHUSA BlackHatEventsWhy investigate it?#BHUSA BlackHatEventsOPC UA securityImage by OPC FoundationSecurity ModeClient/Server AuthIntegrityConfidentialityNoneSign SignAndEncrypt Client/server au

3、thentication:X.509 certificatesUser authentication:password,JWT,cert,etc.Can have both,either or neitherTrust models:pre-configured,first-time approval,PKISecurity Mode,user authentication method,and ciphers are negotiated between client and server#BHUSA BlackHatEventsSecure channel handshakeSecurit

4、y PolicyEncryption schemeSigning schemeNone-Basic128Rsa15RSA PKCS#1v1.5SHA1+RSA PKCS#1v1.5Basic256RSA-OAEP-SHA1SHA1+RSA PKCS#1v1.5 Basic256Sha256RSA-OAEP-SHA1SHA256+RSA PKCS#1v1.5 Aes128_Sha256_RsaOaepRSA-OAEP-SHA1SHA256+RSA PKCS#1v1.5 Aes256_Sha256_RsaPssRSA-OAEP-SHA256SHA256+RSA-PSS(simplified)Als

5、o various ECC policies;rarely used yet#BHUSA BlackHatEventsSession handshake Symmetric crypto based on AES and HMAC Challenge signing with same certificates as channel phase Password-based user auth:encrypt password with server public key,even with None policy Certificate-based user auth:sign same s

6、erver challenge with“user certificate”Session bound to channel+key Very inefficient protocol:three expensive RSA decrypt/sign operations on each side!But is it secure?#BHUSA BlackHatEventsAttacking the session handshakeIn servers CreateSessionResponse:In clients ActivateSessionResponse:Looks rather

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **OPC UA 协议安全**:OPC UA 是一种用于工业自动化和控制系统通信的协议,其安全性依赖于加密和认证机制。 2. **安全模式**:OPC UA 提供多种安全模式,包括无安全、签名、签名和加密等,支持客户端/服务器认证、用户认证和信任模型。 3. **加密攻击**:研究人员发现了针对 OPC UA 协议的加密攻击,包括签名和填充预言机攻击,以及基于时间攻击。 4. **攻击影响**:攻击可能导致信息泄露和会话劫持,影响包括 KEPServerEX、Prosys OPC UASimulation Server 和 UA-.NETStandardReference Server 等软件。 5. **响应措施**:OPC Foundation 与厂商合作快速响应,发布了 CVE 和修复措施,包括软件更新和配置建议。 6. **建议**:建议用户检查供应商文档,禁用不安全的加密方案,并使用 HTTPS。
"OPC UA协议遭破解?" "揭秘OPC UA加密攻击!" "无需VPN?OPC UA安全漏洞!"
客服
商务合作
小程序
服务号
折叠