The IEEE 802.1AE defines the IEEE MAC security standard (also known as MACsec) which defines connectionless data confidentiality and integrity for media access independent protocols. The standard specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs. It is standardized by the IEEE 802.1 working group. The standard defines:
- The MACsec frame format, which is similar to the Ethernet frame, but includes additional fields such as the Security Tag and the Message Authentication Code or ICV
- Secure Connectivity Associations that represent groups of stations connected via unidirectional Secure Channels
- Security Associations within each secure channel. Each Security Association uses its own key. More than one Security Association is permitted within the channel for the purpose of facilitating key change without traffic interruption
- A default cipher suite (the Galois/Counter Mode Advanced Encryption Standard authenticating cipher with 128-bit keys)
MACsec protects against invalid network operations by identifying unauthorized actions on a LAN. It allows unauthorized LAN connections to be identified and excluded from communication within the network. Similar to IPsec and SSL/TLS/DTLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity and data origin authentication.
Elliptic’s broadest portfolio of highly-integrated and proven security solutions includes Layer 2 security processors and accelerators that protect Gigabit Ethernet Networks, cover a wide range of performance options and integrate seamlessly in latency sensitive applications.
A solution for 802.1X-REV – the management layer protocol for 802.1AE - will be introduced shortly. It has been developed using Elliptic’s Ellipsys Cryptography Middleware. Licensed as fully proven, NIST-certified C source code, the Ellipsys library offers algorithms for symmetric and asymmetric cryptography including AES, SHA, RSA, ECC and PKI capabilities.
Security Protocol Accelerators and Processors
- LLP-06: Ultra Low Latency 802.1AE/MACsec PDU Processor
- LLP-04: 802.1AE/MACsec Link Encryptor
- LLP-05: 802.1AE/MACsec PDU Processor
- CLP-600: Security Protocol Accelerator
- CLP-200: Pipelined GCM-AES Core
- CLP-45: Configurable Look Aside AES Cipher
- CLP-300: High Performance RSA and Elliptic Curve Cryptography Public Key Accelerator
- CLP-27: Compact True Random Number Generator
- CLP-26: Configurable SHA and MD5 Hash Core
- CLP-100: Flow-Through Hash Core
Ellipsys Cryptography Middleware
ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
CLP - 630: 멀티 패킷 관리자 보안 엔진
고기능적이고 독특한 보안 프로토콜 가속기는 고용량 무선 및 네트워크 응용 소프트웨어의 데이터를 효율적으로 처리하기 위해 특별히 설계되었습니다. 이 엔진은 여러 활성 연결 및4G LTE - 고급 무선 셀룰러 기지국과 펨토셀 등 다양한 내용의 상당한 트래픽 로드를 다루는 응용 소프트웨어에 완벽히 적합합니다.