Siemens Version: 1.2 Benutzerhandbuch
3. Security Analysis
The pf-packet filter of OpenBSD does not include any known weaknesses. A test of
the filter rules set by the configuration tool does not identify any implementation
failures. Also a test of the Layer-2 filter e2f revealed no security weaknesses.
3.1.3 Firmware Update
A new firmware version is provided in an encrypted way and is also digitally signed
by Siemens. Hence, it was not possible to load a manipulated firmware into the
device. For the encryption a global key is used that equals for all devices. Hence,
with some effort is possible to compromise this encryption key by reading it out of a
device. An adversary does not gain much, though, such that the encryption of the
firmware is no relevant security objective.
If the secret key of Siemens is compromised that is used for signing the firmware
any program could be loaded to the security device. Then, all devices need to be
replaced. A mechanism to revoke certificates would be desirable for such a case,
e.g. by using a so called certificate revocation list (CRL). Furthermore, the device
offers a version control of the loaded firmware but does not avoid that an old
version is loaded. For instance, this old version might include known security
weaknesses that can be exploited. Preventing such would contradict the objective
of robustness, though.
3.1.4 Operating System
The access to the security module is an SSL protected web interface. The handling
and upload of the configuration files as well as the download of the logging files is
carried out via that interface. A command line access is not available. No weak
points could be found in the used operating system VxWorks.
3.1.5 Web Server
The security module uses an SSL web server named MiniWeb which is a
development of Siemens. The web server only provides this SSL access. The
MiniWeb server is based on OpenSSL and uses standard cryptographic schemes.
After the login the user gets the message “Siemens AG, security module”. Further
options are not available. An analysis of the configuration tool did not reveal any
information about the used URLs. The certificates of the web server are generated
by the configuration tool automatically. The certificates hold a 1024 bit sized key
and they have a life span of around 32 years. MD5 is used as the hash function.
SSL certificates can also be generated individually with other settings by an
external certificate authority and loaded with the configuration tool.
19-Aug-05 escrypt
GmbH
14