Dataset to "Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments"

这是“使用 OPC UA 缓解良心：不安全部署的互联网范围内研究”[在 ACM 互联网测量会议 (IMC '20)] 中的数据集。它包含我们在 2020 年 2 月 9 日至 2020 年 8 月 31 日期间使用我们的 zgrab2 扩展编译的每周扫描结果，即它包含有关 OPC UA 部署及其安全配置的 Internet 范围的视图。为了编译数据集，我们匿名化了 zgrab2 的输出，即我们从该数据集中删除了主机和网络标识符。更准确地说，我们将所有 IP 地址、完全限定的主机名和自治系统 ID 映射到数字，并删除了包含任何标识符的证书。有关详细信息，请参阅 README 文件。使用此数据集，我们发现 93% 的面向 Internet 的 OPC UA 部署存在有问题的安全配置，例如缺少访问控制（24% 的主机）、禁用的安全功能 (24%) 或使用过时的加密原语 (25% ）。此外，我们发现多个自治系统中的数百台设备共享相同的安全证书，从而为模拟攻击打开了大门。总体而言，通过对该数据集的分析，我们支持如果安全协议需要按照定期更新的指导方针正确配置，则安全协议通常不能保证安全部署，这些指导方针说明基本原语失去了安全承诺。

This is the dataset from "Using OPC UA to Ease Conscience: An Internet-Wide Study of Insecure Deployments" [at the ACM Internet Measurement Conference (IMC '20)]. It contains weekly scan results compiled using our zgrab2 extension between February 9, 2020 and August 31, 2020, providing an internet-wide overview of OPC UA deployments and their security configurations. To compile this dataset, we anonymized the zgrab2 output by removing host and network identifiers from the raw data. More specifically, we mapped all IP addresses, fully qualified domain names (FQDNs), and autonomous system (AS) IDs to numerical values, and removed certificates containing any identifiable information. For further details, please refer to the README file. Using this dataset, we found that 93% of internet-facing OPC UA deployments have problematic security configurations, such as missing access controls (24% of hosts), disabled security features (24%), and use of outdated cryptographic primitives (25%). Additionally, we discovered that hundreds of devices across multiple autonomous systems share identical security certificates, opening the door to impersonation attacks. Overall, analysis of this dataset leads to the conclusion that security protocols generally cannot ensure secure deployments unless properly configured per regularly updated guidelines, which stipulate that fundamental cryptographic primitives have lost their security guarantees.