Siemens Version: 1.2 User Manual
2. Security Services
• Exchange of addresses of the internal networks between security modules
• Signalizing that a packet was rejected because it was not received via an
IPsec tunnel.
The learning is always initiated if a node wants to communicate with another node
and devices located in the same subnet actively scan by ICMP messages. The
exchange of information about found nodes is sent encrypted over the network.
2.4 Key
Management
There are several certificates and keys used by the security module as described
in the following:
• Firmware: In order to authenticate a new firmware for the updating process it
is digitally signed with RSA. The private key is handled by Siemens only, the
public key for signature verification is stored in the flash memory of each
device. Additionally, the firmware to load is symmetrically encrypted with
3DES. The corresponding key is also stored in the flash memory. All devices
use the same key. If the secret 3DES key is compromised, then the device
must be sent to Siemens where the module is supplied with a new 3DES
key.
• SSL/configuration: For the communication with SSL for configuration
purposes a server certificate with corresponding private key is issued for
each security module. If this key is compromised or the secret key is lost,
the administrator needs to issue a new certificate.
• VPN: There are network certificates issued for each VPN. The
corresponding private key is stored on the configuration PC. Every security
module that belongs to the VPN holds a certificate which is signed by the
secret key of the network certificate. A security module has thus a certificate
with private key for every VPN it belongs to. Using this certificate it
authenticates to other security modules establishing a secure
communication tunnel. If a key is compromised, a new certificate must be
issued with the configuration tool.
• Configuration: The configuration data on the removable media is encrypted
with AES where a global symmetric key is used. If this key is compromised,
a new global key needs to be deployed by a firmware update.
19-Aug-05 escrypt
GmbH
11