LISE-MEITNER-ALLEE 4 D - 44801 Bochum TELEFON +49 (0) 234/43 87 02-09 TELEFAX +49 (0) 234/43 87 02-11 E-Mail info@escrypt.com INTERNET www.escrypt com Security Evaluation of the Siemens Scalance S 612/613 Security Module escrypt GmbH – Embedded Security http://www.escrypt.com Version: 1.2 Date: 19-Aug-05 █ escrypt GmbH GESCHÄFTSFÜHRER: WILLI MANNHEIMS; PROF. DR.- ING. CHRISTOF PAAR HANDELSREGISTER: AMTSGERICHT BOCHUM NR. 7877 · ST- NR.
Index Index 1 Introduction........................................................................................................4 2 Security Services...............................................................................................6 2.1 Assumptions ..............................................................................................6 2.2 System.......................................................................................................6 2.2.1 Firewall .............
Executive Summary Executive Summary The Scalance S 612/S 613 is a security module to protect the communication between automation networks and to avoid attacks to the networks. The security module provides the functionality of a firewall and a virtual private network (VPN). The system is based on the operating system VxWorks and the firewall and VPN from OpenBSD, the web server and the packet filter for layer 2 were developed by Siemens.
1. Introduction 1 Introduction The Siemens Scalance S 613 is a security module which protects the communication between automation networks. It provides authentication, data integrity and confidentiality and protects against data theft and data manipulation. In automation engineering more and more components are being connected.
1. Introduction Automation networks demand for a variety of security goals such that only basic default-rules are preset. Nonetheless, these default rules provide a secure configuration. The security modules are supposed to be easy to configure and handle, also by non IT-experts. The security module can still be precisely configured according to the user’s requirements. With expert knowledge the configuration can be set manually in the advanced modus.
2. Security Services 2 Security Services The security module has two Ethernet interfaces, one to the internal network which is protected, and the other one to the external network. The interfaces are easily recognizable by a color marker in green and red color. The processor is an Intel IXP425, it supports AES, SHA-1, MD5, DES and 3DES in hardware. RSA is implemented in software. 2.1 Assumptions Assumptions were made for the security module in a way to suffice the special needs of automation networks.
2. Security Services and 3 on the security module. The packet filter controls the communication between the internal network and the external network (see Figure 2). Figure 2: Firewall function of the security module The firewall offers a packet filter adapted from OpenBSD for IP-packets with stateful packet inspection. Another packet filter for Non-IP-packets (Ethernet packets or Layer-2-packets) was developed by Siemens for the security module.
2. Security Services Figure 3: VPN-function of the Security-module For the communication over a VPN the security modules are collected in groups. For each VPN there is a so called network certificate with corresponding private key that identifies the VPN. Each security module that belongs to the VPN holds a certificate which is signed with the private key of the network certificate. The network certificate is issued by a certification authority (CA) or it is self issued.
2. Security Services 2.2.4 Firmware Update The firmware of the security device can be updated. For this purpose, Siemens supplies an encrypted and digitally signed firmware. The user has to authenticate to the security module before loading new firmware. The new firmware is transferred to the security module via HTTPs. The signature of the firmware update is verified. If the verification is successful, the new firmware is decrypted and stored as plain data.
2. Security Services 2.3.1 First Initiation At first initialization an IP address is assigned to the Scalance S moduls. After the IP configuration the modules can also be configured over the network. The first user to take the module in operation enters a user name and password which puts him in the position of administrator.
2. Security Services • Exchange of addresses of the internal networks between security modules • Signalizing that a packet was rejected because it was not received via an IPsec tunnel. The learning is always initiated if a node wants to communicate with another node and devices located in the same subnet actively scan by ICMP messages. The exchange of information about found nodes is sent encrypted over the network. 2.
3. Security Analysis 3 Security Analysis The security module is designed for the use in automation networks. For automation networks availability and robustness are of first priority since the network must be protected against any failure so that the production never stops. For instance, in the chemical industry this is extremely important.
3. Security Analysis The implementation of the IKE protocol does not show any known security weaknesses. No known security weaknesses of the OpenBSD-Isakmpd daemon were found. Additionally, the system incorporates a VPN bridge to transport nonIP-packets through the IPsec-tunnel Broadcast and multicast packets can be transported and also ISO-protocols. The key length of 1024 bit for the DH group 2 key exchange offers sufficient protection for the next three to five years.
3. Security Analysis The pf-packet filter of OpenBSD does not include any known weaknesses. A test of the filter rules set by the configuration tool does not identify any implementation failures. Also a test of the Layer-2 filter e2f revealed no security weaknesses. 3.1.3 Firmware Update A new firmware version is provided in an encrypted way and is also digitally signed by Siemens. Hence, it was not possible to load a manipulated firmware into the device.
3. Security Analysis The MiniWeb server is well implemented. The SSL implementation does not show any failures. The only security weakness is the long life span of the certificate and the use of MD5 for the generation of the certificates. The key length of 1024 bits is sufficient for the next three to five years. 3.1.6 Time Synchronization and Logging The security module allows time synchronization based on the (simple-)networktime-protocol (NTP). The NTP protocol is an UDP protocol.
3. Security Analysis 3.2.1 Configuration Files The configuration tool transfers the configuration data via SSL. Hence, eavesdropping of the connection and determination of the data is not possible. The analysis of the configuration files gives only information about the default settings of the firewall. The rules defined in the configuration file reveal no failures. The files are very well documented and do not show any logical mistake. 3.2.
4. Summary 4 Summary The security module is designed for using it in an automation network in order to protect the network from data theft and manipulation as well as attacks from the external network. The reliability of the network is of first priority, the aspect of security follows right after. Furthermore, the device needs to be easy to configure. These basic assumptions are reflected in the standard settings. The security module performs excellent under these assumptions.
5. References 5 References Functional Specification, Version 1.0, 7.10.2003 Security Target, Version 0.2, 31.10.2003 Instruction Handbook, 1/2005 Design Specification, 19.1.
