CIP Security: The EtherNet/IP Object

All the Common Industrial Protocol™ (CIP) technologies – EtherNet/IP™, CompoNet™, ControlNet™, and DeviceNet™ – are object-based technologies. That means that users interact with CIP devices by interacting with the objects implemented in those devices.

There are three components to a CIP object: Attributes identify the data managed by an object, Services define the actions an object can perform on the request of an external device and Behaviors describe the state of an object as it reacts to service requests and external stimuli.

This article describes the EtherNet/IP Security Object in the CIP Security architecture. It is the third of three CIP Security objects. The previous articles in this series described the CIP Security Object and the Certificate Management Object.

ETHERNET/IP SECURITY OBJECT

DESCRIPTION: The EtherNet/IP Security Object is the CIP Security object that manages the parameters that govern how CIP Security operates on an EtherNet/IP device. It manages the parameters that control TLS and DTLS operation, the cipher security suites, the lists of trusted authorities and the mechanisms for obtaining X.509 certificates. It identifies the currently active device certificate that the device is using for secure communications.

INSTANCES: The EtherNet/IP Security Object supports a single instance.

CLASS ATTRIBUTES: The are no class specific attributes in the EtherNet/IP Security Object.

INSTANCE ATTRIBUTES: EtherNet/IP Security object attributes include a current State, a Cipher Suite attribute containing the list of supported cipher suites, an Allowed Cipher Suite attribute containing the enabled cipher suites, the pre-shared key (if enabled), the certificate revocation list and various flags for certificate validation and management.

The two most important attributes are the current State attribute and the Active Device Certificate attribute. The State attribute specifies the state of the object and can assume one of five values:

The current State attribute indicates the status of the device commissioning process. In some applications, the Pull Model for loading certificates will be used to load new certificates and the state will reflect that. In other applications, a commissioning tool will be used, and the state attribute will indicate the progress of that effort.

The Active Device Certificate attribute is one of the more important attributes in the EtherNet/IP Security object. The Active Device Certificate attribute points to the certificate in the Certificate Management Object that is currently being used to secure communications. If this certificate contains a non-null authority certificate, then that certificate provides the authority for the active certificate.

COMMON SERVICES: The EtherNet/IP Security object supports several common services including Reset, Get Attribute All and Get/Set Single Attribute. The Reset service is used to reset all EtherNet/IP device attributes to factory defaults.

OBJECT SPECIFIC SERVICES: The EtherNet/IP Security object provides four object specific services used while configuring a secure EtherNet/IP device: BEGIN_CONFIG, KICK_TIMER, APPLY_CONFIG, and ABORT_CONFIG. Tools and devices performing configuration can initiate configuration with the BEGIN_CONFIG service and apply the configuration or abort it without saving it using the APPLY_CONFIG and ABORT _CONFIG services, respectively. Like the CIP Security object, devices and tools configuring the EtherNet/IP Security object have 10 seconds to complete the configuration. If more time is required, the KICK_TIMER service is used to extend the session timer by an additional 10 seconds.

BEHAVIORS: The behavior of the EtherNet/IP Security Object is consistent with the current State attribute. The Begin, Apply and Abort services or the Pull Model configuration loading process provide the state transitions that drive the state transition diagram from state to state.