Table of Contents
Advertisement
Security functions of the "SINAUT ST7" protocol
The RTU uses the transfer protocol "MSCsec" for secure communication.
Security functions of the "DNP3" protocol
The protocol provides encrypted authorization.
OpenVPN
For different connections, the RTU uses the VPN technology of OpenVPN. Between the
RTU and the connection partner a VPN tunnel is established via an open VPN server and
the RTU is the OpenVPN client.
The RTU uses the security functions of the "OpenVPN" service for the following connections:
● Connections of the RTU to a DNP3 master
● Connections of the RTU to an IEC master
● Optional: Connections of the RTU to an ST7 partner
● Optional: Connections der RTU with the telecontrol server
● Optional: FTP file transfer
● Optional: Connections of a configuration PC to the RTU via the Internet (only HTTP) and
the mobile wireless network
For the connection of a service PC to the RTU via the Web server of TCSB no OpenVPN
is required.
● Optional: SNTP
To establish the connections listed above an OpenVPN server is required (see below).
OpenVPN is implemented on the RTU as a TUN device (routing mode). The following
security functions are supported:
● Encryption
The data to be transferred is encrypted with the CBC method. As standard, AES-256 or
BF (Blowfish in Cipher Block Chaining) can be used.
Note: BlowFish is no longer considered secure and is currently only supported for
reasons of compatibility.
● Authentication of the connection partner
As hash algorithms for authenticating the user data SHA-1, SHA-224 or SHA-256 can be
used.
They RTU uses OpenVPN version V2.3.11.
OpenVPN server
The OpenVPN server must support the following functions:
● OpenVPN V2.3.11 or higher
● OpenSSL with TLS as of version 1.2
RTU3030C
Operating Instructions, 09/2017, C79000-G8976-C382-04
Application and functions
1.7 Security functions for communication
29
Advertisement
Table of Contents
