Modbus, Step-by-step, A.3.4. modbus – BECKHOFF IPC-Security User Manual

A.3.3.2. Integrity

The signing of messages prevents a third party from changing the contents of a message. This prevents,
for example, a write statement to open a switch being falsified by a third party and the switch being closed
instead.

A.3.3.3. Confidentiality

The confidentiality of the exchanged information is secured by the encryption of the exchanged messages.
For this, modern cryptographic algorithms are used. Different security levels can be selected according to
the requirements of the respective application. In some areas, it may be sufficient to sign the messages in
order to prevent changes being made by third parties, while additional message encryption is necessary in
other areas where the data must also not be read by third parties.

A.3.3.4. Authentication and authorization of applications

Each OPC-UA application identifies itself via so-called software and application instance certificates. With
the aid of software certificates it is possible to grant certain client applications extended access to the in-
formation on an OPC-UA Server. Application instance certificates can be used to ensure that an OPC-UA
Server communicates only with preconfigured clients. On the other hand, a client can ensure by means of
the server’s application instance certificate that it is really speaking to the correct server (similar to the SSL
certificates of a website/webserver).

By implementing this protocol in the TwinCAT product “TwinCAT OPC-UA Server”, Beckhoff Automation
enables customers to use this modern technology to establish a secure connection via a standardized com-
munication protocol between a third party product and TwinCAT PLC.

A.3.4. Modbus

The original Modbus protocol is a serial communications protocol that has been developed in the late 1970s.
The main goals were to provide a communication protocol that had industrial applications in mind, is easy
to deploy and maintain, and moves raw bits or words without implementing an information model. This sim-
plicity made it very popular during the last 30 years. However, this simplicity also makes it more challenging
to use Modbus in modern industrial systems because today we have other, more complex requirements to
a communication protocol than 30 years ago, e.g. the need for security and information models to transfer
complex data and metadata. The original Modbus protocol does not implement security mechanisms, e.g.
it is not possible to encrypt data communications or use client/server authentication.

Although Beckhoff also provides two TwinCAT Functions for Modbus RTU and Modbus TCP, we recommend
customers to use more modern communication protocols that already implement security mechanisms, e.g.
OPC-UA.

A.4. Step-by-Step

The following chapter provides step-by-step explanations of all previously addressed topics. Please note
that some menu items or controls may have other names, depending on the operating system that is used.

38