Design World

  • Home
  • Articles
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
  • 3D CAD Models
    • PARTsolutions
    • TraceParts
  • Leadership
    • 2020 Winners
    • 2019 Winners
    • LEAP Awards
  • Resources
    • Subscribe
    • DIGITAL ISSUES
      • EE World Digital Issues
    • Future of Design Engineering
    • LEAP Awards
    • MC² Motion Control Classroom
    • Motion Design Guide Library
    • Podcasts
    • Suppliers
    • Webinars
  • Women in Engineering
  • Ebooks / Tech Tips
  • Videos
  • COVID-19

CIP Security updated to support user level authentication

By PR Editor | March 30, 2021

Share

ODVA announces that user-level authentication has been added to CIP Security, the cybersecurity network extension for EtherNet/IP. Previous specifications for CIP Security included key security properties including a broad trust domain across a group of devices, data confidentiality, device authentication, device identity, and device integrity. CIP Security now adds a narrow trust domain by user and role, an improved device identity including the user, and user authentication.

As IT and OT converge in industrial automation, the ability for controls engineers, IT administrators, and maintenance operators to securely access and modify device parameters grows even more critical. Device-level security is a building block requirement of IIoT to protect critical assets and people from potential physical and increasingly likely financial harm. To meet this requirement, the robust CIP Security User Authentication Profile will provide user-level authentication with a fixed user access policy based on well-defined roles and basic authorization via both local and central user authentication. CIP Security’s ability to authenticate via the device or through a central server allows for simplicity in smaller, simple systems and efficiency in large, complicated installations.

CIP Security already included robust, proven, and open security technologies including TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security); cryptographic protocols used to provide secure transport of EtherNet/IP traffic, hashes or HMAC (keyed-Hash Message Authentication Code) as a cryptographic method of providing data integrity and message authentication to EtherNet/IP traffic; and encryption as a means of encoding messages or information in such a way as to prevent reading or viewing of EtherNet/IP data by unauthorized parties. The new CIPTM User Authentication Profile provides user-level authentication for CIP communication at the application layer. In the future, CIP Security may make use of a CIP authorization profile that will enhance CIP to provide additional security properties such as general, flexible authorization where access policy can be based on any attribute of the user and/or system and potentially extending CIP Security to support other non-EtherNet/IP networks.

The User Authentication Profile makes use of several open, common, ubiquitous technologies, including OAuth 2.0 and OpenID Connect for cryptographically protected token-based user authentication, JSON Web Tokens (JWT) as proof of authentication, usernames and passwords, and already existing X.509 certificates to provide cryptographically secure identities to users and devices. It uses a cryptographically secure user authentication session ID, generated by the target on presentation of a valid JWT by the user, to map between an authentication event and the messages sent by a user for CIP communications. The user authentication session ID is transmitted over EtherNet/IP using (D)TLS and a confidentiality-enabled cipher suite per CIP Security’s EtherNet/IP confidentiality profile.

Through this update, CIP Security now offers even stronger device-level security with a narrow trust domain by user and role, an improved device identity including the user, and fixed user authentication. ODVA continues to work to make sure that CIP Security stays on the cutting edge of device defense to best protect critical industrial automation assets to make sure that the promise of IIoT and Industry 4.0 can be fully achieved. Visit odva.org to obtain the latest version of The EtherNet/IP Specification including CIP Security.

ODVA
www.odva.org

MOTION DESIGN GUIDES

“motion

“motion

“motion

“motion

“motion

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Drilling rig OEM benefits from a PLC with edge computing technology: IIoT case study
  • The industry shift to smart electromechanical actuators
  • Commemorating a great entrepreneurial personality – Oskar Lapp at 100 – A pioneer for the future
  • SE motor – uncompromised motion performance
  • With virtual commissioning, commissioning time and prototype waste is reduced
  • Master Bond Supreme 10HT High strength, NASA low outgassing approved epoxy
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Tweets by @DesignWorld
Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2021 WTWH Media, LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media. Site Map | Privacy Policy | RSS

Search Design World

  • Home
  • Articles
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
  • 3D CAD Models
    • PARTsolutions
    • TraceParts
  • Leadership
    • 2020 Winners
    • 2019 Winners
    • LEAP Awards
  • Resources
    • Subscribe
    • DIGITAL ISSUES
      • EE World Digital Issues
    • Future of Design Engineering
    • LEAP Awards
    • MC² Motion Control Classroom
    • Motion Design Guide Library
    • Podcasts
    • Suppliers
    • Webinars
  • Women in Engineering
  • Ebooks / Tech Tips
  • Videos
  • COVID-19