• 日本語
• 한국어
• 简体中文
• English

MACsec

The IEEE 802.1AE defines the IEEE MAC security standard (also known as MACsec) which defines connectionless data confidentiality and integrity for media access independent protocols. The standard specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs. It is standardized by the IEEE 802.1 working group. The standard defines:

• The MACsec frame format, which is similar to the Ethernet frame, but includes additional fields such as the Security Tag and the Message Authentication Code or ICV
• Secure Connectivity Associations that represent groups of stations connected via unidirectional Secure Channels
• Security Associations within each secure channel. Each Security Association uses its own key. More than one Security Association is permitted within the channel for the purpose of facilitating key change without traffic interruption
• A default cipher suite (the Galois/Counter Mode Advanced Encryption Standard authenticating cipher with 128-bit keys)

MACsec protects against invalid network operations by identifying unauthorized actions on a LAN. It allows unauthorized LAN connections to be identified and excluded from communication within the network. Similar to IPsec and SSL/TLS/DTLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity and data origin authentication.  

Elliptic’s broadest portfolio of highly-integrated and proven security solutions includes Layer 2 security processors and accelerators that protect Gigabit Ethernet Networks and cover a wide range of performance options. The LLP-04 offers all of the features of the LLP-05 but is enhanced through the inclusion of a MACsec look-up function for Connectivity Associations.

Security Protocol Accelerators and Processors

• LLP-06: Ultra Low Latency 802.1AE/MACsec PDU Processor
• LLP-04: 802.1AE/MACsec Link Encryptor
• LLP-05: 802.1AE/MACsec PDU Processor
• CLP-600: Security Protocol Accelerator

Cryptographic Engines

• CLP-200: Pipelined GCM-AES Core
• CLP-45: Configurable Look Aside AES Cipher
• CLP-300: High Performance RSA and Elliptic Curve Cryptography Public Key Accelerator
• CLP-27: Compact True Random Number Generator

A solution for 802.1X-REV – the management layer protocol for 802.1AE - will be introduced shortly. It has been developed using Elliptic’s Ellipsys Cryptography Middleware. Licensed as fully proven, NIST-certified C source code, the Ellipsys library offers algorithms for symmetric and asymmetric cryptography including AES, SHA, RSA, ECC and PKI capabilities.

• ESS-01: Symmetric Middleware
• ESS-02: Asymmetric Middleware