+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

MACsec

The IEEE 802.1AE defines the IEEE MAC security standard (also known as MACsec) which defines connectionless data confidentiality and integrity for media access independent protocols. The standard specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs. It is standardized by the IEEE 802.1 working group. The standard defines:

  • The MACsec frame format, which is similar to the Ethernet frame, but includes additional fields such as the Security Tag and the Message Authentication Code or ICV
  • Secure Connectivity Associations that represent groups of stations connected via unidirectional Secure Channels
  • Security Associations within each secure channel. Each Security Association uses its own key. More than one Security Association is permitted within the channel for the purpose of facilitating key change without traffic interruption
  • A default cipher suite (the Galois/Counter Mode Advanced Encryption Standard authenticating cipher with 128-bit keys)

MACsec protects against invalid network operations by identifying unauthorized actions on a LAN. It allows unauthorized LAN connections to be identified and excluded from communication within the network. Similar to IPsec and SSL/TLS/DTLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity and data origin authentication.  

Elliptic’s broadest portfolio of highly-integrated and proven security solutions includes Layer 2 security processors and accelerators that protect Gigabit Ethernet Networks, cover a wide range of performance options and integrate seamlessly in latency sensitive applications.

A solution for 802.1X-REV – the management layer protocol for 802.1AE - will be introduced shortly. It has been developed using Elliptic’s Ellipsys Cryptography Middleware. Licensed as fully proven, NIST-certified C source code, the Ellipsys library offers algorithms for symmetric and asymmetric cryptography including AES, SHA, RSA, ECC and PKI capabilities.

 

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.