3. Security Analysis

The pf-packet filter of OpenBSD does not include any known weaknesses. A test of the filter rules set by the configuration tool does not identify any implementation failures. Also a test of the Layer-2 filter e2f revealed no security weaknesses.

3.1.3 Firmware Update

A new firmware version is provided in an encrypted way and is also digitally signed by Siemens. Hence, it was not possible to load a manipulated firmware into the device. For the encryption a global key is used that equals for all devices. Hence, with some effort is possible to compromise this encryption key by reading it out of a device. An adversary does not gain much, though, such that the encryption of the firmware is no relevant security objective.

If the secret key of Siemens is compromised that is used for signing the firmware any program could be loaded to the security device. Then, all devices need to be replaced. A mechanism to revoke certificates would be desirable for such a case, e.g. by using a so called certificate revocation list (CRL). Furthermore, the device offers a version control of the loaded firmware but does not avoid that an old version is loaded. For instance, this old version might include known security weaknesses that can be exploited. Preventing such would contradict the objective of robustness, though.

3.1.4 Operating System

The access to the security module is an SSL protected web interface. The handling and upload of the configuration files as well as the download of the logging files is carried out via that interface. A command line access is not available. No weak points could be found in the used operating system VxWorks.

3.1.5 Web Server

The security module uses an SSL web server named MiniWeb which is a development of Siemens. The web server only provides this SSL access. The MiniWeb server is based on OpenSSL and uses standard cryptographic schemes. After the login the user gets the message “Siemens AG, security module”. Further options are not available. An analysis of the configuration tool did not reveal any information about the used URLs. The certificates of the web server are generated by the configuration tool automatically. The certificates hold a 1024 bit sized key and they have a life span of around 32 years. MD5 is used as the hash function. SSL certificates can also be generated individually with other settings by an external certificate authority and loaded with the configuration tool.

19-Aug-05

escrypt GmbH

14

Page 14
Image 14
Siemens Version: 1.2 manual Operating System, Web Server