Partner Stations > Security Options (Dnp3) - Siemens SIMATIC NET S7-1200 Operating Instructions Manual
Hide thumbs
Also See for SIMATIC NET S7-1200:
- Operating instructions manual (98 pages) ,
- Compact operating instructions (50 pages) ,
- Operating instructions manual (55 pages)
Table of Contents
Advertisement
Configuration and operation
5.8 Notes on configuring individual functions
5.8.4
Partner stations > Security options (DNP3)
Partner stations > Partner 'X' > "Security options" (DNP3 CP only)
Preliminary remarks: Authentication and key exchange
If the security function is enabled, the DNP3 master and station (DNP3 CP) authenticate
themselves with a secret key, the pre-shared key.
With the help of the common pre-shared key, after the first connection establishment
between master and DNP3 CP, session keys are agreed that are then renewed cyclically.
Renewal of the session keys is normally initiated by the master. The criteria for renewing the
key are specified in the following parameters.
● Key exchange interval
● Authentication requests before key exchange
As soon as one of these conditions is met, the session key is renewed.
These and several other parameters are explained below.
Parameters
● Key length
Specifies the length of the pre-shared key in bytes.
Permitted range: 16 ... 128. Depending on the secure hash algorithm configured in STEP
7 above, the following lengths are preset:
– For SHA-1: 16
– For SHA-256: 32
The value 0 (zero) is not permitted.
● Max. number of key exchange requests
Maximum number of requests of a master within the key exchange interval configured
below. If the configured number of requests of the master is exceeded within the key
exchange interval, the DNP3 CP enters a message in the diagnostics buffer of the CPU.
Permitted range: 2 ... 255. Default setting: 5.
● Authentication requests before key exchange
● Key exchange interval
48
Maximum number of authentication requests of the DNP3 CP with the master. When this
number is reached, the session key is renewed. The value 0 (zero) is not permitted.
Recommendation: Set the number for the DNP3 CP twice as high as for the master.
Exchange interval for the session key. When time set for this interval is reached, the
session key is renewed.
If the key exchange interval is set to 0 (zero), the key is renegotiated according to the
configured "Authentication requests before key exchange".
Recommendation: Set the key exchange interval for the DNP3 CP twice as high as for
the master.
CP 1243-1 DNP3, CP 1243-1 IEC
Operating Instructions, 02/2014, C79000-G8976-C312-02
Advertisement
Table of Contents
