Professional Documents
Culture Documents
The new version of DNP3 security adds three new In the enrollment process, a human user provides a
capabilities. Low-Entropy Shared Secret (LESS), essentially a one-
time-use password, to approve and commission the
Firstly, in response to many requests, DNP3-SA will now
communications between the two devices.
support simultaneous authentication and encryption of
data for confidentiality. The algorithm used will be Lastly, the addition of AMP provides an optional
AEAD-AES-256-GCM, which is used by TLS 1.2 and centralized authorization mechanism in which a
found in open security software packages. It will still be person, through a system called an Authority, approves
possible to use DNP3-SA using authentication only, and the connectivity and RBAC roles permitted for each pair
many utilities may prefer to operate in this mode for of devices in the system, after the devices have
troubleshooting purposes. generated their keys.
Secondly, as shown in Figure 3,in DNP3-SAv6, the Figure 3. Enrollment and Authorization
Update Key is initialized using a “device enrollment”