The CIP Security Object

CIP Security Object

All the Common Industrial Protocol™ (CIP) technologiesEtherNet/IP™, CompoNet™, ControlNet™, and DeviceNet™ – are object-based technologies. That means that users interact with CIP devices by interacting with the objects implemented in those devices.

There are three components to a CIP object: Attributes identify the data managed by an object, Services define the actions an object can perform on the request of an external device and Behaviors describe the current State of an object as it reacts to service requests and external stimuli.

This article describes the CIP Security Object and is the first of three. Following articles describe the Certificate Management Object and the EtherNet/IP Security Object. A later article will also describe the changes to the TCP/IP object to support CIP Security.

CIP Security Object

EtherNet/IP Chart of Data Object Modeling

DESCRIPTION: The CIP Security Object is a high-level control object. It is the simplest of the CIP Security objects. It provides a flag that external entities can check to determine if a device is in the CIP Security configuration state. It maintains a trusted authorities list, and it identifies the CIP Security profiles that the device supports.

INSTANCES: The CIP Security Object supports a single instance.

CLASS ATTRIBUTES: The are no class specific attributes in the CIP Security Object.

INSTANCE ATTRIBUTES: The CIP Security Object supports only two attributes: a current State attribute and Security Profiles attributes. The State attribute can assume one of four values:

0 Factory Default
1 Configuration in Progress
2 Configured
3 Incomplete Configuration

When a device is in the Configuration in Progress state, other external entities should not attempt to modify any of the device’s security configuration. Note that CIP Security does not require a device to implement any programmatic barrier preventing multiple devices from modifying the security configuration concurrently.  The CIP Security architecture assumes that configuration tools will exhibit “good behavior” and not modify the configuration of a device when the current State attribute indicates that configuration is in progress.

The other attribute of the CIP Security object is a bit array identifying the Security Profiles supported by the device. Two profiles are planned: the Confidentiality profile and the Authorization profile. The Confidentiality profile is being released with the first edition of CIP Security.

COMMON SERVICES: The CIP Security object supports several common services including Get Attribute All and Get/Set Single Attribute.

OBJECT SPECIFIC SERVICES: The CIP Security Object supports three object-specific services: BEGIN_CONFIG, END_CONFIG, and KICK_TIMER. The two configuration services transition the device into and out of the configuration state. The KICK_TIMER service extends the configuration session timer for an additional ten seconds. A session timer is initialized to ten seconds when a device enters the configuration. If that timer expires prior to receipt of the END_CONFIG, the device transitions to the Incomplete Configuration state.

BEHAVIORS: The behavior of the CIP Security object is specified by a state transition diagram. The state diagram represents the condition of the object using states and finite state transitions. There are four states in the state diagram of the CIP Security object. The states of the state transition diagram are the states described by the current State attribute: factory default, the configuration in progress, configured and incomplete configuration. The object specific services provide the external stimulus that initiates each of the state transitions.