ASE2000 V2 Communication Test Set User Manual 178
26.8. DNP3–CerticationTests
For a complete description of the procedure to run the DNP3 Certication Tests, refer to the
Help section “DNP3 Certication Test Procedures” or the document “ASE2000 Version 2 DNP3
Certication Procedures”.
26.9. Secure Authentication Version 5 Implementation Notes
Important! Applied Systems Engineering recommends that the Test Set’s Secure Authentication
implementation should be limited to a lab environment. Use of Test Sets in a production
environment could lead to security violation issues.
SAv5 introduces the concept of a Certicate Authority. The Certicate Authority is basically the
keeper of all secrets, and its interface to a master is not dened by the specication. As a lab
tool the test set incorporates the Certicate Authority functionality into the test set, as the test set
needs to know these secrets.
Storage of production secrets in the Test Set could constitute a security violation issue. Please
consult your organization’s security professionals for advice regarding your particular situation.
26.9.1. General
• SAv5 adds three more tasks.
– User Status Change. This allows the addition, deletion and modication of user status.
– User Certicate. This allows the addition, deletion and modication of user certicates.
– Update Key Change. This performs an update key change sequence as dened by the
update key change method option.
• A predened user “Common” is created as user one.
• SAv5 requires quite a bit of state to be maintained. If is highly advised that the Test Set’s
“connect” functionality be utilized when tasks are sent individually. It probably won’t work as
expected otherwise.
• SAv5 provides three basic modes of update key management as described below.
• To exercise SAV5 you need to perform the following tasks:
– Select the desired update key management.
– Distribute and install the appropriate keys.
– “Connect” to the device.
– Issue the “Update Key Change” task. This will establish the update key.
– Continue normal operation, which will establish session keys…
26.9.2. Shared Update Keys
• Fully supported. This is basically the V2 mode of operation with regards to update key
management. Update keys for each user are persisted.
26.9.3. Symmetric Update Key Change
• Fully supported. Key change methods 3, 4 and 5 are supported. A symmetric key is shared
between the Test Set and the device. The symmetric key is persisted.
26.9.4. Asymmetric Update Key Change
• This implementation requires Windows Vista SP1 or better. Key Sizes greater than 1024
require Windows 8 or better. The Key Change Method selection will not display these options
for the incorrect Windows version.
• Each RTU requires a RSA key pair, the RTU uses the private key and the master needs the
public key.
To Next Page
Loading...
Need help?
General
