Running OPC Server with Raspberry Pi

By Matthew Loong

Interoperability in ICS/OT

Open Platform Communications (OPC) is an industrial automation standard used for manufacturer independent data exchange. Some pioneers in the industry still know it as Object Linking and Embedding (OLE) for Process Control. The OPC foundation was established in 1996, growing in membership with big boys like Siemens, Honeywell, Yokogawa, ABB, Rockwell, Schneider Electric and Wago coming onboard.

Originally, classic OPC was based on Microsoft's Component Object Model (COM) or Distributed COM (DCOM). COM/DCOM was an object oriented technology in Microsoft which allowed its developers to create software components that could interact regardless of the language in which they were created or the platform on which they were run; it also allowed its applications to communicate with one another. Hence, OPC's original name relating to OLE.

(Source: National Instruments)

However that also meant that hosts had to be running on Microsoft operating systems. Later, OPC Unified Architecture (OPC UA) was set up, allowing interoperability independent of Microsoft systems; it was based on basic web technologies such as TCP/IP, HTTP, SOAP. This allowed Programmable Logic Controllers (PLCs) to communicate with an OPC UA server in its native protocol, and in the OPC UA server would in turn communicate with an OPC client.

(Source: OPC Router)

You can read the OPC UA specifications for respective models in the link below.

I will now demonstrate setting up communication between an OPC UA server simulated by my Raspberry Pi 3B+ communicating with a client open on my PC.

Set up OPC Server

First I hooked up a Raspberry Pi 3B+ (on the right, connected to the monitor) to my PC (on the left) via an ethernet cable.

Next, I ran the Python 3 script below on my Raspberry Pi to act as the server. In the script below, temperature and pressure variables are randomly generated, from a range of 10 to 50, and 200 to 999 respectively; time is generated using datetime.

from opcua import Server
from random import randint
import datetime
import time


server = Server()


url = "opc.tcp://169.254.247.115:4840"
server.set_endpoint(url)


name = "OPCUA_SIMULATION_SERVER"
addspace = server.register_namespace(name)


node = server.get_objects_node()


Param = node.add_object(addspace, "Parameters")


Temp = Param.add_variable(addspace, "Temperature", 0)
Press = Param.add_variable(addspace, "Pressure", 0)
Time = Param.add_variable(addspace, "Time", 0)


Temp.set_writable()
Press.set_writable()
Time.set_writable()


server.start()
print("Server started at {}".format(url))


while True:
    
    Temperature = randint(10,50)
    Pressure = randint(200,999)
    TIME = datetime.datetime.now()
    
    print(Temperature, Pressure, TIME)
    
    Temp.set_value(Temperature)
    Press.set_value(Pressure)
    Time.set_value(TIME)
    
    time.sleep(2)

(Credits: Rocket Systems)

Set Up OPC Client

My PC acts as the client side running UA Expert which can be downloaded from the link below.

The screen shot below shows OPC client on the left, connected to the OPC server on the right (viewed using VNC Viewer). The pressure, temperature and time values are constantly being updated in the client as they are generated on the server.

Watch the video demo below.

Cybersecurity Concerns

As useful as OPC is, it has its risks as well. The Havex Remote Access Trojan (RAT) discovered in 2013 is one such example. Havex was designed to scan classic OPC communications and map devices within ICS networks. This insidious reconnaissance attack, downloaded unsuspectingly by the victim from a watering hole in form of an OEM website, was used by Dragonfly APT group to conduct an espionage campaign against energy, aviation. pharmaceutical, defense, and petrochemical victims primarily in the United States and Europe.

Therefore system integrators should secure OPC UA communication with SSL and AES authentication and encryption, and segmenting the network with firewalls, and sensors for intrusion detection. This is crucial in propagation of IoT technology in the new age.