Access the Settings

Access the DNP3 SECURE AUTHENTICATION page from the SETUP web page:

Step

Action

1

Access the cyber security web pages for the module.

2

Select the SETUP tab in the page banner.

3

Expand the MENU navigation tree.

4

Expand the DNP3 SECURE AUTHENTICATION in the navigation tree banner to see these settings:

  • Client Configuration

  • Server Configuration

  • Key Management

NOTE: These security settings are described individually below.

Refer to these discussions:

NOTE: The implemented HMAC setting is the main difference between networked and serial DNP3 authentication:
Communications Protocol HMAC Setting
serial HMAC SHA-1 (8 bytes)
HMAC SHA-256 (8 bytes)
networked HMAC SHA-1 (10 bytes)
HMAC SHA-256 (16 bytes)

Key Management

Create a list of users that can access your module:

Step

Description

1

In the Key Management web page, press the Create Table button and follow the directions to assign a name to the table.

NOTE: The tables you create appear in a pull-down menu next to the Create Table button.

2

Press the Add User button to add a list of authorized users at the supervision (SCADA) environment.

NOTE: You can configure a maximum of 64 users for DNP3 Secure Authentication.

3

Populate the fields in the Add User dialog box.

NOTE: When the Control Expert window is active you can hover over the blue circle (i) next to the feature to see an explanation for each field.

4

optional step: For the pre-shared key field (Update Key), you have the option to click the Generate button to use a randomly generated key.

5

optional step: You can copy the Update Key information by clicking the copy icon next to the Generate button.

NOTE: You can copy the key to share the key more easily with the SCADA system.

6

Press the Apply button to add the user to the table of authorized users.

7

Repeat these steps to add additional users.

NOTE: The DNP3 standard limits the number of users to 64.
NOTE: Observe these maximums for the number of DNP3 users that can participate in key management configuration:

  • DNP3 SAv2: 10

  • DNP3 SAv5: 64

The user(s) in your table will be able to access your module from the SCADA environment.

This table describes the Key Management parameters:

Parameter

Description

CLIENT (tab)

User Number : This number corresponds to the current DNP3 user.

NOTE: Use the value 1 when this user is assigned SAv5.

User Name : This field shows the current user.

NOTE: Because the BMENOR2200H RTU module acts as a data concentrator, the current user role on the CLIENT side is SINGLE USER.

Key Wrap : Select the appropriate wrap algorithm (AES-128 , AES-256 ). Encryption Standard.

NOTE: AES-256 does not work with SAv2. In this case, the Update Key value is 32 Hex.

Key : This column shows the content of the Update Key value.

SERVER (tab)

User Number : This number corresponds to the current DNP3 user.

User Name : This field shows the current user.

User Role : This field shows the role performed by the user (OPERATOR , ENGINEER , INSTALLER , SECURITY ADMINISTRATOR , VIEWER, SINGLE USER).

Key Wrap : Select the appropriate wrap algorithm (AES-128 , AES-256 ). Encryption Standard.

NOTE: AES-256 does not work with SAv2. In this case, the Update Key value is 32 Hex.

Key : This column shows the content of the Update Key value.