Using security anchored in hardware at the communication layer to protect data in motion.
For end-to-end security of data, it must be secured both when at rest (processed or stored in a device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all data security is built. Applications, OS, and boot code all depend on the root of trust as the source of confidentiality, integrity and authenticity. Similarly, for data in motion, security anchored in hardware at the foundational communication layer provides that basis for trust in communications across the entire network. That’s where MACsec enters the picture.
Media Access Control security (MACsec) provides security of data between Ethernet-connected devices. The MACsec protocol is defined by IEEE standard 802.1AE. Originally, MACsec secured the link between two physically connected devices, but in its current form can secure data communications between two devices over provider networks or used in more complex topologies.
Ethernet has become the ubiquitous communication solution from the desktop to the carrier network. In data centers at the heart of the network, the need to process and move an exponentially growing torrent of data has driven the rapid jumps in the performance of Ethernet. 800G Ethernet represents the latest milestone in the evolution of the standard.
Concurrent with the rise in data volume has been the rise in data value, making securing data communications an imperative. MACsec has emerged as the foundational security technology for safeguarding data in motion. As such, the use cases for MACsec are many. From data center routers and switches, to the servers and networked storage, to LAN switches and IP-connected phones and cameras, communication between all these devices can be secured by MACsec.
Given the enormous economies of scale achieved by Ethernet connecting all things computing and networking, many other industries are adopting Ethernet as a replacement for legacy communication protocols. Industries and applications including radio access network (RAN), aerospace, automotive, manufacturing, and utilities are moving to Ethernet. Applications across these markets often require deterministic behavior of the Ethernet link and this is implemented with Time-Sensitive Network (TSN) standards: traffic shaping, priority queues, preemption, and time synchronization.
As you can imagine, there is an even greater imperative for data security when a breach could put at risk lives and property. So, where Ethernet goes, so too must MACsec. With this need in mind, Rambus, with the industry’s leading portfolio of MACsec IP solutions, has introduced a new MACsec solution specifically tailored for protecting TSN traffic.
The Rambus MACsec-IP-161 engine is a highly scalable solution that can secure data between TSN capable Ethernet devices operating at rates from 1 to 50G. It is also highly flexible in its implementation. It can be integrated into the network SoC or in the PHY allowing to protect time synchronization, pre-empted traffic, all or selected flows while keeping deterministic behavior of the Ethernet port.
Ethernet has grown dramatically from its humble beginnings as a LAN communications protocol. Over its evolution, new capabilities such as TSN features have allowed it to tackle new markets beyond the traditional networking space. In parallel fashion, MACsec has evolved its capabilities to safeguard data in motion in new applications. Chip and device makers as well as system developers can protect the critical traffic at various rates using MACsec in combination with TSN features.
Additional Resources:
Website: MACsec IP 160
Website: MACsec IP 161
Website: MACsec IP 163/164
Download: Rambus MACsec Toolkit
White Paper: MACsec Fundamentals: Securing Data in Motion
Leave a Reply