Siemens Version: 1.2 manual Key Management

Page 11

2.Security Services

Exchange of addresses of the internal networks between security modules

Signalizing that a packet was rejected because it was not received via an IPsec tunnel.

The learning is always initiated if a node wants to communicate with another node and devices located in the same subnet actively scan by ICMP messages. The exchange of information about found nodes is sent encrypted over the network.

2.4Key Management

There are several certificates and keys used by the security module as described in the following:

Firmware: In order to authenticate a new firmware for the updating process it is digitally signed with RSA. The private key is handled by Siemens only, the public key for signature verification is stored in the flash memory of each device. Additionally, the firmware to load is symmetrically encrypted with 3DES. The corresponding key is also stored in the flash memory. All devices use the same key. If the secret 3DES key is compromised, then the device must be sent to Siemens where the module is supplied with a new 3DES key.

SSL/configuration: For the communication with SSL for configuration purposes a server certificate with corresponding private key is issued for each security module. If this key is compromised or the secret key is lost, the administrator needs to issue a new certificate.

VPN: There are network certificates issued for each VPN. The corresponding private key is stored on the configuration PC. Every security module that belongs to the VPN holds a certificate which is signed by the secret key of the network certificate. A security module has thus a certificate with private key for every VPN it belongs to. Using this certificate it authenticates to other security modules establishing a secure communication tunnel. If a key is compromised, a new certificate must be issued with the configuration tool.

Configuration: The configuration data on the removable media is encrypted with AES where a global symmetric key is used. If this key is compromised, a new global key needs to be deployed by a firmware update.

19-Aug-05

escrypt GmbH

11

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Version Date 19-Aug-05 VPN IndexExecutive Summary External network internal network IntroductionIntroduction Firewall Security ServicesAssumptions SystemFirewall function of the security module 2 VPNVPN-function of the Security-module Removable Media C-PlugConfiguration Management Firmware UpdateLearning First InitiationUser Management Key Management 1 VPN Security AnalysisFirewall Web Server Operating SystemTime Synchronization and Logging ConfigurationBridge Configuration FilesSummary References
Top Page Image Contents