The Media Access Control Security (MACsec) products comply with the requirements of IEEE 802.1AE. They are available as intellectual property cores for FPGAs or SoC technology to cover the needs of gigabit Ethernet for 1 GbE and 10 GbE throughputs. The architectural design allows 10 Gbps to be achieved in readily available 40-nm or 28-nm FPGAs, while the 1G data rate product can use lower cost families.
The design has been carefully crafted to support both jumbo frames and minimum size packets with a key change on every packet, which represents the worst case situation for the system. The cores support both 128-bit encryption keys as well as the newly standardised 256-bit keys used for enhanced security in applications such as Metropolitan Area Networks.
“The MACsec cores evolved from our popular AES-GCM encryption cores, as they add the extensive logic required to perform the validation, statistics and Connectivity Associations. We have seen an upsurge in enquiries for the MACsec products, even before they are publicly announced”, said Tom Kean, Algotronix Managing Director. “These early customers operate in markets as diverse as military, communications and test equipment. Our ability to hit the performance requirements in existing FPGAs is a testament to the efficiency of the architecture”.
Algotronix Ltd., Edinburgh, UK announces that it is shipping MACsec cores that are used to secure data on Ethernet links at up to 10 Gbps.
The Media Access Control Security (MACsec) products comply with the requirements of IEEE 802.1AE. They are available as intellectual property cores for FPGAs or SoC technology to cover the needs of gigabit Ethernet for 1 GbE and 10 GbE throughputs. The architectural design allows 10 Gbps to be achieved in readily available 40-nm or 28-nm FPGAs, while the 1G data rate product can use lower cost families.
The design has been carefully crafted to support both jumbo frames and minimum size packets with a key change on every packet, which represents the worst case situation for the system. The cores support both 128-bit encryption keys as well as the newly standardised 256-bit keys used for enhanced security in applications such as Metropolitan Area Networks.
“The MACsec cores evolved from our popular AES-GCM encryption cores, as they add the extensive logic required to perform the validation, statistics and Connectivity Associations. We have seen an upsurge in enquiries for the MACsec products, even before they are publicly announced”, said Tom Kean, Algotronix Managing Director. “These early customers operate in markets as diverse as military, communications and test equipment. Our ability to hit the performance requirements in existing FPGAs is a testament to the efficiency of the architecture”.
MACsec provides confidentiality and authentication in the link layer (layer 2) and prevents eavesdropping and so-called “man-in-the-middle” attacks, because it detects any alteration or replay of frames. This differs from other schemes, such as IPsec, which are set up as an end-to-end session based encryption at layers 3/4. MACsec does not compete with IPsec, and should be considered as a complementary cyber security technology. MACsec is agnostic to the Ethernet traffic type, and with the introduction of these cores can be easily added to systems to provide an additional layer of protection to a network.
Enterprise customers can adopt MACsec to provide protection behind their fire wall. System administrators can authorise ports to communicate in a secure fashion, and can detect misuse such as attempted Denial of Service (DOS).