Table of Contents
Advertisement
4.9.3
DNP3 security options
Partner'X'
Preliminary remarks: Authentication and key exchange
If the security function is enabled, the DNP3 master and CP authenticate themselves with a
secret key, the pre-shared key.
With the help of the common pre-shared key, after the first connection establishment
between master and CP session keys are agreed that are then renewed cyclically. Renewal
of the session keys is normally initiated by the master. The criteria for renewing the key are
specified in the following parameters.
● Key exchange interval
● Authentication requests before key exchange
As soon as one of these conditions is met, the session key is renewed.
Parameters
● Enable DNP3 security options
Enable the option if you want to use the security mechanisms.
● IKE mode
Selection of the mode for key exchange. Range of values:
– Aggressive Mode
– Main Mode
Default setting: Aggressive Mode
● Security statistics
Specifies whether the statistics of security events are sent to the master. Security events
are authentication requests to the CP. If the option is enabled, all authentication requests
with date, time and result are saved on the CP and sent to the master for further
evaluation.
Range of values:
– Do not send security statistics
– Send security statistics
Default setting: Do not send security statistics
CP 1243-1
Operating Instructions, 04/2017, C79000-G8976-C365-03
The Aggressive Mode is somewhat faster but transfers the identity unencrypted.
The Main Mode is the standard mode.
Configuration
4.9 Security
65
- Quick Links:
- Properties of the Cp
- Configuration Examples
Hide quick links:
Advertisement
Table of Contents
