Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Siemens
  4. Version: 1.2
  5. Benutzerhandbuch

Siemens Version: 1.2 Benutzerhandbuch

Download
Seite von 18
3. Security Analysis 
 
 
The pf-packet filter of OpenBSD does not include any known weaknesses. A test of 
the filter rules set by the configuration tool does not identify any implementation 
failures. Also a test of the Layer-2 filter e2f revealed no security weaknesses. 
3.1.3  Firmware Update 
A new firmware version is provided in an encrypted way and is also digitally signed 
by Siemens. Hence, it was not possible to load a manipulated firmware into the 
device. For the encryption a global key is used that equals for all devices. Hence, 
with some effort is possible to compromise this encryption key by reading it out of a 
device. An adversary does not gain much, though, such that the encryption of the 
firmware is no relevant security objective.  
If the secret key of Siemens is compromised that is used for signing the firmware 
any program could be loaded to the security device. Then, all devices need to be 
replaced. A mechanism to revoke certificates would be desirable for such a case, 
e.g. by using a so called certificate revocation list (CRL). Furthermore, the device 
offers a version control of the loaded firmware but does not avoid that an old 
version is loaded. For instance, this old version might include known security 
weaknesses that can be exploited. Preventing such would contradict the objective 
of robustness, though.    
3.1.4  Operating System 
The access to the security module is an SSL protected web interface. The handling 
and upload of the configuration files as well as the download of the logging files is 
carried out via that interface. A command line access is not available. No weak 
points could be found in the used operating system VxWorks. 
3.1.5  Web Server 
The security module uses an SSL web server named MiniWeb which is a 
development of Siemens. The web server only provides this SSL access. The 
MiniWeb server is based on OpenSSL and uses standard cryptographic schemes. 
After the login the user gets the message “Siemens AG, security module”. Further 
options are not available. An analysis of the configuration tool did not reveal any 
information about the used URLs. The certificates of the web server are generated 
by the configuration tool automatically. The certificates hold a 1024 bit sized key 
and they have a life span of around 32 years. MD5 is used as the hash function. 
SSL certificates can also be generated individually with other settings by an 
external certificate authority and loaded with the configuration tool. 
19-Aug-05 escrypt 
GmbH 
14