Product Manual
18 | Introduction
Aprisa SR+ Product Description 1.5.0
Radio and user interface redundancy (provided with Aprisa SR+ Protected Station)
Protected Station fully hot swappable and monitored hot standby
Transparent to all common SCADA protocols; e.g. Modbus, IEC 60870-5-101/104, DNP3 or similar
Complies with international standards, including ETSI, FCC, IC, ACMA, EMC, safety and
environmental standards
Security
The Aprisa SR+ provides security features to implement the key recommendations for industrial control
systems. The security provided builds upon the best in class from multiple standards bodies, including:
IEC/TR 62443 (TC65) ‘Industrial Communications Networks – Network and System Security’
IEC/TS 62351 (TC57) ‘Power System Control and Associated Communications – Data and
Communication Security’
FIPS PUB 197, NIST SP 800-38C, IETF RFC3394, RFC3610 and IEEE P1711/P1689/P1685
FIPS 140-2: Security Requirements for Cryptographic Modules
The security features implemented are:
Data encryption
Counter Mode Encryption (CTR) using Advanced Encryption Standard (AES) 128, 192, 256 bit,
based on FIPS PUB 197 AES encryption (using Rijndael version 3.0)
Data authentication
NIST SP 800-38C Cipher Block Chaining Message Authentication Code (CBC-MAC) based on RFC
3610 using Advanced Encryption Standard (AES)
Data payload security
CCM Counter with CBC-MAC integrity (NIST special publication 800-38C)
Secured management interface protects configuration
L2 / L3 / L4 Address filtering enables traffic source authorization
Proprietary physical layer protocol and modified MAC layer protocol based on standardized IEEE
802.15.4
Licensed radio spectrum provides recourse against interference
SNMPv3 with Encryption for NMS secure access
Secure USB software upgrade
Key Encryption Key (KEK) based on RFC 3394, for secure Over The Air Re-keying (OTAR) of
encryption keys
User privilege allows the accessibility control of the different radio network users and the user
permissions