Siemens Version: 1.2 manual Removable Media C-Plug, VPN-function of the Security-module

2. Security Services

Figure 3: VPN-function of the Security-module

For the communication over a VPN the security modules are collected in groups. For each VPN there is a so called network certificate with corresponding private key that identifies the VPN. Each security module that belongs to the VPN holds a certificate which is signed with the private key of the network certificate. The network certificate is issued by a certification authority (CA) or it is self issued. The VPNs are based on IPsec and use the IKE protocol for the key management. The implementation was adapted from OpenBSD.

2.2.3 Removable Media (C-Plug)

The configuration data is stored on a removable media which is also called C-Plug. A security module can easily be configured by inserting a C-Plug storing an appropriate configuration. The configuration is then loaded by the security module and stored in the internal flash memory. The data on the C-Plug is AES encrypted. The removable media makes replacing a module very simple by exchanging the hardware device and putting in a removable media for easy configuration. The removable media is placed on the back of the module behind a cover which can only be opened with a tool. With that it is more difficult to exchange the card.