The IEEE 802.1AE defines the IEEE MAC security standard (also known as MACsec) which defines connectionless data confidentiality and integrity for media access independent protocols. The standard specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs. It is standardized by the IEEE 802.1 working group. The standard defines:
- The MACsec frame format, which is similar to the Ethernet frame, but includes additional fields such as the Security Tag and the Message Authentication Code or ICV
- Secure Connectivity Associations that represent groups of stations connected via unidirectional Secure Channels
- Security Associations within each secure channel. Each Security Association uses its own key. More than one Security Association is permitted within the channel for the purpose of facilitating key change without traffic interruption
- A default cipher suite (the Galois/Counter Mode Advanced Encryption Standard authenticating cipher with 128-bit keys)
MACsec protects against invalid network operations by identifying unauthorized actions on a LAN. It allows unauthorized LAN connections to be identified and excluded from communication within the network. Similar to IPsec and SSL/TLS/DTLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity and data origin authentication.
Elliptic’s broadest portfolio of highly-integrated and proven security solutions includes Layer 2 security processors and accelerators that protect Gigabit Ethernet Networks, cover a wide range of performance options and integrate seamlessly in latency sensitive applications.
A solution for 802.1X-REV – the management layer protocol for 802.1AE - will be introduced shortly. It has been developed using Elliptic’s Ellipsys Cryptography Middleware. Licensed as fully proven, NIST-certified C source code, the Ellipsys library offers algorithms for symmetric and asymmetric cryptography including AES, SHA, RSA, ECC and PKI capabilities.
Security Protocol Accelerators and Processors
- LLP-06: Ultra Low Latency 802.1AE/MACsec PDU Processor
- LLP-04: 802.1AE/MACsec Link Encryptor
- LLP-05: 802.1AE/MACsec PDU Processor
- CLP-600: Security Protocol Accelerator
- CLP-200: Pipelined GCM-AES Core
- CLP-45: Configurable Look Aside AES Cipher
- CLP-300: High Performance RSA and Elliptic Curve Cryptography Public Key Accelerator
- CLP-27: Compact True Random Number Generator
- CLP-26: Configurable SHA and MD5 Hash Core
- CLP-100: Flow-Through Hash Core
Ellipsys Cryptography Middleware
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.