Configuration
4.16 Security
CP 1243-8 IRC
106
Operating Instructions, 02/2018, C79000-G8976-C385-03
4.16.3
DNP3 security options
Partner'X'
Preliminary remarks: Authentication and key exchange
If the security function is enabled, the DNP3 master and CP authenticate themselves with a
secret key, the pre-shared key.
With the help of the common pre-shared key, after the first connection establishment
between master and CP session keys are agreed that are then renewed cyclically. Renewal
of the session keys is normally initiated by the master. The criteria for renewing the key are
specified in the following parameters.
●
Key exchange interval
●
Authentication requests before key exchange
As soon as one of these conditions is met, the session key is renewed.
Parameters
●
Enable DNP3 security options
Enable the option if you want to use the security mechanisms.
●
IKE mode
Selection of the mode for key exchange. Range of values:
–
Aggressive Mode
The Aggressive Mode is somewhat faster but transfers the identity unencrypted.
–
Main Mode
The Main Mode is the standard mode.
Default setting: Aggressive Mode
●
Security statistics
Specifies whether the statistics of security events are sent to the master. Security events
are authentication requests to the CP. If the option is enabled, all authentication requests
with date, time and result are saved on the CP and sent to the master for further
evaluation.
Range of values:
–
Do not send security statistics
–
Send security statistics
Default setting: Do not send security statistics