Setup
Document No. D113-015
Page 24 of 77
Revision 1.9
populated accordingly.
A Logix tag can now be associated with the Advanced Diagnostic parameter. This can be done
by either entering the tag name or by using the Tag Browser to browse for a tag.
NOTE:
It is important to ensure that the selected Logix tag type matches that
of the expected HART command parameter. Failing to do so can cause
unexpected results.
Figure 3.20. – Complete Advanced Diagnostic item
If one of the DNP3 protocols (DNP3 TCP or DNP3 UDP) have been selected, then the DNP3
Security tab will be enabled. This DNP3 Security configuration consists of the following
parameters:
Parameter
Description
Enable Security
DNP3 Secure Authentication can be enabled or disabled. When enabled there will
be no unsecured exchange of data (for critical functions).
Key Change Method
This setting determines the method by which security keys are exchanged
between two devices. Currently the HART 4 only supports the Pre-Shared Key
method. This method requires both devices to have update keys entered by
means outside the DNP3 protocol, (i.e. using Slate).
MAC Algorithm
The MAC algorithm is used to encrypt the challenge data for secure
authentication. DNP3 allows for various encryption standards in different formats
to be used for secure authentication:
HMAC SHA-1 encryption (4 octets – serial) – for legacy support
HMAC SHA-1 encryption (8 octets – serial)
HMAC SHA-1 encryption (10 octets – networked)
HMAC SHA-256 encryption (8 octets – serial)
HMAC SHA-256 encryption (16 octets – networked)
AES-GMAC (12 octets)
Key Wrap Algorithm
DNP3 uses various keys for secure authentication. The keys that are used for data
exchange and called the session keys and these keys may be updated frequently.
To exchange the session keys between two DNP3 devices the update key (refer
to the Secure Authentication section for further detail) is used to encrypt the data
and session keys before exchanging it between parties. DNP3 allows for two
standards to encrypt the session keys: