Manualsbrain.com
  1. Manuals
  2. Brands
  3. Siemens
  4. Version: 1.2
  5. User Manual

Siemens Version: 1.2 User Manual

Download
Page of 18
2. Security Services 
 
 
2.2.4  Firmware Update 
The firmware of the security device can be updated. For this purpose, Siemens 
supplies an encrypted and digitally signed firmware. The user has to authenticate 
to the security module before loading new firmware. The new firmware is 
transferred to the security module via HTTPs. The signature of the firmware update 
is verified. If the verification is successful, the new firmware is decrypted and stored 
as plain data. A security module accepts only new firmware holding a correct 
signature. Hence, it is guaranteed that no manipulated flash software is loaded into 
the security module but only authentic software. The private key for computing the 
signature is only known to Siemens and stored in a secure way such that new 
firmware can only be distributed by Siemens. The corresponding public key for the 
verification is stored in the EEPROM of each security module. The signature of a 
firmware is checked at updating it, while at booting time only a checksum of the 
stored firmware is verified. The confidentiality of the firmware is not a security 
target but only a barrier if someone wants to reconstruct the firmware. 
2.3 Configuration 
Management 
Before the security module can start the work and protect an automation network, it 
has to be configured. A tool is used to set the parameters for the configuration of 
the security module including switches for the firewall, VPN, and logging. A module 
needs at least the IP parameters which are set automatically in the standard 
settings. It is possible to configure more than one module at the same time. This 
configuration software runs on an external PC and the configuration information is 
sent to the modules via HTTPs. 
The configuration data is stored in the internal flash memory. The data is stored as 
plain data. However, during the data transmission between the configuration PC 
and the security module the data is securely communicated. If a C-Plug is put in 
the module, the data is stored encrypted in the C-Plug. They are deleted from the 
memory of the module after they were stored on the C-Plug. 
Users with restricted rights have only a few choices to configure the module. Even 
non-IT-Experts are able to configure the module in such a way that failures are 
almost impossible. The administrator can configure the module manually in a more 
detailed way. 
19-Aug-05 escrypt 
GmbH