Session Keys are used to authenticate Aggressive Mode requests and any messages that are challenged.
Two Session Keys are in use per outstation at any particular time—one Session Key per communications direction. This means that if a Session Key is compromised in one direction, it does not compromise communications in the other direction.
The DNP3 master initializes the Session Keys on communications start-up (for instance, when the DNP3 driver starts up, or when communications are first established with the outstation). The Session Keys are changed periodically thereafter, to maintain security (see Session Key Change).
On systems on which ClearSCADA is the DNP3 master, the size of the Session Keys is set using the ClearSCADA Server Configuration Tool (see Define the Session Key Length).