3. Security Analysis
3 Security Analysis
The security module is designed for the use in automation networks. For automation networks availability and robustness are of first priority since the network must be protected against any failure so that the production never stops. For instance, in the chemical industry this is extremely important.
Of course there are also high demands regarding the data security objectives including data confidentiality, data integrity, and resistance against attacks from the external network. From the technical point of view the security module meets these high security goals. In this chapter the technical aspects will be analyzed in detail.
3.1Network and Protocol Analysis
3.1.1 VPN
The VPN is based on the IPsec protocol family. In the last years this protocol family was established as an industrial standard for VPNs. Hence, interoperability with other systems is provided. Within this analysis the interoperability to the IPsec- implementation of the Linux kernel 2.6.x was confirmed. For the VPN functionality the IKE daemon isakmpd of OpenBSD was used. The
Phase 1
| Authentication |
| RSA , PSK |
|
| Modes |
| Main, Aggressive |
|
|
| 1 (768 bit |
| |
|
|
| (1536 bit) |
|
| Encryption |
| DES, 3DES |
|
|
| 999.999.999 seconds |
| |
| Life cycle |
|
| |
|
| SHA1, MD5 |
| |
| Authentication |
|
| |
|
|
|
| |
|
|
|
|
|
| Phase 2 |
|
|
|
|
|
|
|
|
| Life cycle |
| Time (7200s), limit | |
| Encryption |
| DES, 3DES, AES | |
| Authentication |
| SHA1, MD5 | |
| PFS |
| yes, no | |
|
|
|
|
|
escrypt GmbH | 12 |
