Dnp3 Security Options - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

Configuration
4.16 Security
4.16.3

DNP3 security options

Partner'X'
Preliminary remarks: Authentication and key exchange
If the security function is enabled, the DNP3 master and CP authenticate themselves with a
secret key, the pre-shared key.
With the help of the common pre-shared key, after the first connection establishment
between master and CP session keys are agreed that are then renewed cyclically. Renewal
of the session keys is normally initiated by the master. The criteria for renewing the key are
specified in the following parameters.
● Key exchange interval
● Authentication requests before key exchange
As soon as one of these conditions is met, the session key is renewed.
Parameters
● Enable DNP3 security options
Enable the option if you want to use the security mechanisms.
● IKE mode
Selection of the mode for key exchange. Range of values:
– Aggressive Mode
– Main Mode
Default setting: Aggressive Mode
● Security statistics
Specifies whether the statistics of security events are sent to the master. Security events
are authentication requests to the CP. If the option is enabled, all authentication requests
with date, time and result are saved on the CP and sent to the master for further
evaluation.
Range of values:
– Do not send security statistics
– Send security statistics
Default setting: Do not send security statistics
106
The Aggressive Mode is somewhat faster but transfers the identity unencrypted.
The Main Mode is the standard mode.
Operating Instructions, 02/2018, C79000-G8976-C385-03
CP 1243-8 IRC