A combination of data integrity checks and encryption safeguards transmitted data.
Network security protocols are the primary means of securing data in motion; that is, data communicated between closely connected physical devices or between devices and even virtual machines connected using a complex, geographically distributed infrastructure. This blog will explore Media Access Control security (MACsec) and how it can be used to provide foundational level network security for a wide range of applications requiring the highest levels of speed and performance.
There are three common network security protocol standards: Transport Layer Security (TLS), IP security (IPsec), and MACsec. At the top of the Open Systems Interconnection (OSI) model there is application-layer communication security with TLS providing an improved version of SSL (Secure Sockets Layer). TLS is mostly used to protect connections from web browsers and mobile applications end-to-end or to cloud services. Lower down the stack at Layer 3 there is or IPsec. IPsec is typically used to protect communication across private or public networks, so if you are connecting a laptop to your corporate network via a VPN, security is most likely provided by IPsec. Finally, at Layer 2 there is MACsec, where the scope of protection is applied to basically all types of packets sent across a direct link between two Ethernet ports. The industry has adopted MACsec for various use cases, including protecting multiple individual communication flows over the same physical link. In contrast to IPsec, MACsec can protect multicast, broadcast, and non-IP packets and in some use cases, MACsec is used to replace IPsec, or both are used within the same infrastructure.
Like typical network security protocols, when MACsec is enabled, a secure bi-directional link is established between connected devices following an exchange and verification of a shared secret (which can be a secret key or more complex scheme). A combination of data integrity checks and encryption is used to safeguard the data transmitted via the secure link. Usage of secure packet numbering and validation of this during reception provides protection against replay and bounded receive delay attacks.
MACsec link encryption within a system is made up of several different blocks with the major ones being data plane and control plane. Data plane is responsible for packet protection, including encryption, decryption, filtering, and possibly firewalling; the control plane is responsible for setting up mutual authentication and managing access control along with the lifecycle of a secure connection. Each of these blocks has their own protocol, and these protocols need to interoperate through the same port as the main traffic (default use) or control protocol may communicate through the separate management ports or networks.
Data plane for MACsec is based on IEEE802.1AE. The standard describes principles and options for transforming the plaintext network frame into a secure frame, along with data flow charts for implementing various policies, exceptions handling and counting the associated security statistics. The 802.1AE standard does not cover classification and filtering/firewalling. This allows the industry to adopt MACsec security for various scenarios and topologies; it provides the opportunity to reach the right balance between the features versus silicon cost and power. Leading system vendors drive implementation guidelines to ensure that various silicon implementations and devices are interoperable and offer the mandatory feature set.
Control plane for MACsec is specified in IEEE802.1X and covers two protocols: MKA (MACsec Key Agreement) and EAP (Extensible Authentication Protocol). MKA manages a MACsec secure channel via a secure connection management API of the data plane (Layer Management Interface or LMI) and mainly does encryption key (SAK) generation, distribution, and its periodic refresh (switching). All MKA components at each peer participating in the secure communication group (called MACsec Connectivity Association or CA) must have a shared secret (called Connectivity Association Key or CAK) from which all short-living encryption keys are derived. MKA also supports non-disruptive update of the CAK, which usually has much longer lifetime.
The EAP is a higher-level protocol, responsible for port access control (with or without MACsec). In the case of MACsec, it can generate and distribute a shared secret. If the system needs an external authentication server, this can be supported by EAP. As an alternative to EAP, system vendors may have their own implementation of similar functionality, or alternatively offer a pre-shared key (PSK) option, where CAK is programmed by administrators of the equipment and networks, allowing the interoperability at control plane level.
MACsec is defined to be very scalable with respect to throughput. The AES-GCM cryptographic algorithm used within the MACsec protocol is especially suitable for high network speeds because it can be parallelized. The protocol also has low latency, because processing of the head of the packet does not require knowing the tail of the packet. With such properties, MACsec can be implemented to operate at line rate (full wire speed) and low latency.
The continued exponential growth of data has been the driving force for developments in Ethernet performance in recent years. 800G Ethernet is quickly ramping up and is seeing substantial deployments at leading hyperscalers and service providers due to volume production of 5nm silicon devices like switch ASICs, retimers, and DSPs along with 100Gbit per lane copper and optical modules. At the same time, the multi-lane nature of high-speed Ethernet ports require them to be compatible with previous generations through port-breakout, requiring MACsec implementation to offer flexible bandwidth allocation and resource sharing through channelization.
For many years Rambus has played a leading role in the industry with its multi-channel MACsec Silicon IP (MACsec-IP-164), which originally started at 100G, then progressed to 400G, and for several years now has served the 800G market. In addition to the 800G variant, this product is offered in functionally equivalent configurations optimized for applications requiring an aggregate 100G to 400G throughput. This product anchors full-featured line-rate MACsec data plane created in close collaboration with leading system vendors. In addition, it offers an option for line-rate IPsec. With this product, silicon and system vendors can combine the full performance benefits of 800G Ethernet, and the security benefits of MACsec and IPsec.
Based on the success of the MACsec-IP-164, Rambus developed additional products to address secure protocol data planes embedded deeper in the SoC architecture and suitable for other protocols like TLS, DTLS:
Additional resources:
Leave a Reply