Introducing MACsec - Layer 2 Packet Protection 

 

Introduction:

 

MACsec is an IEEE 802 standard that specifies how encryption may be used at the Link Layer level to secure links behind external firewalls on an Ethernet Local Area Network (LAN). MACsec can be used on a Metropolitan Area Network (MAN) and in some cases even a Wide Area Network (WAN).

 

As encryption-based security is often required by organizations and governments. Given its capability to provide for such a network-wide encryption-based security (rather than for each application), MACsec stands as the most relevant means to achieve such a level of security.

 

The need to prevent costly data breaches within the physical network infrastructure of routers, bridges, and switches, as well as across a range of connected devices, such as IP phones, laptops, PC’s, printers, and network servers is becoming increasingly important. In a Local Area Network, any connected devices can listen to broadcast messages sent by any other connected device. IP phones used in an office may interact with the network; Security cameras on the wall of a building may be access points to a network. This serves as an indication of how easily a maliciously connected device can disturb communication over its network

 

With MACsec, only authenticated peers are able to connect to the network and therefore attacks that “trick” switches and routers to redirect network traffic to attacker machines do not work when MACsec is enabled.

Figure 1: Link layer vulnerabilities

 

Link Layer Vulnerabilities:

 

If Layer 2 security has not been adequately addressed, this layer can be a very weak link indeed. Upper layer security mechanisms may not be able to detect that communication has been compromised.

Here are a few examples of Layer 2 vulnerabilities:

  • ARP (Address Resolution Protocol) cache poisoning: false ARP replies cause false entries in ARP table - which converts an IP address into a MAC address

  • MAC flooding: Fixed-size CAM tables at switches filled with false MAC addresses in forged ARP packets

  • Port stealing: forged ARP packets with host’s MAC address source cause race condition in a switch.

  • Broadcasting attack: Spoofed ARP replies set router MAC address as broadcast address -> all outbound traffic broadcasted.

  • Denial of Service: ARP caches filled with non-existent MAC addresses.

  • MAC cloning: Legitimate host rendered inoperable by Denial of Service attack, then its IP and MAC used by the attacker

  • Hijacking attack: Gaining control of e.g. Telnet session after login

  • Eaves dropping (= unauthorized interception of private communication) e.g. directly from the fiber

  • Layer 2 security is too often based on the physical security of the equipment location, on trust in users or on configuration: physical port on switch tied to MAC address, static ARP entries, etc. As soon as you need to use your hardware device in publicly accessible locations, you no longer have the benefit of your usual environment, and your device is at risk for data breaches. A MACsec-equipped device is less likely to let its data be captured as it requires mutual authentication when connecting to a network.

 

MACsec Security Properties:

 

The MACsec protocol provides the following functionality:

 

Hop-by-hop security architecture

 

MACsec helps secure the network from the inside by securing data exchange on a hop-by-hop basis. A “hop-by-hop” security architecture means that data is secured from one node of a network to a consecutive node, then decrypted and encrypted again to the next node of the network, and likewise all the way to its final destination.

 

MACsec also allows each hop to act as an IT insertion point for security purposes. This enables IT departments, through their security devices, to monitor and inspect internal “in the clear” LAN traffic at each node.

 

Connectionless Data Integrity

 

Unauthorized changes to data cannot be made without being detected. Each MAC frame carries a separate integrity verification code, hence the term connectionless.

 

Data origin authenticity

 

A received MAC frame is guaranteed to have been sent by the peer LAN station. However, in a shared media LAN a received MAC frame is guaranteed to have been sent by one of the authorized MACsec stations in the LAN, although the individual originating station cannot be verified.

Confidentiality 

 

The user data of each MAC frame is encrypted to prevent it from being snooped by unauthorized parties.

Replay protection

 

MAC frames copied from the LAN by an attacker cannot be resent into the LAN without being detected. In special configurations with the possibility of frame reordering within a LAN, limited replay can be permitted.

 

Bounded receive delay

 

MAC frames cannot be intercepted by a Man-in-the-Middle attacker and delayed by more than a few seconds without being detected.

 

Here is the structure of a MACsec-conformant frame: MACsec protection of Ethernet frames is based on an additional header, called a SecTAG, inserted in the frame after the MAC addresses and before the original Ethertype. The original Ethertype and payload comprise the MAC Service Data Unit (MSDU) of the original frame.

Figure 2: MACsec frame format

 
Standards and applications

 

MACsec is comprised of the following IEEE standards.

  • 802.1AE-2006, base standard for frame processing with 128-bit cipher key and 32-bit packet numbering.

  • 802.1AEbn-2011 amendment for option to use 256-bit keys for stronger security.

  • 802.1AEbw-2013 amendment for option to use 64-bit (extended) packet numbering that is required for 100Gbit and beyond.

  • 802.1X-2010 standard for port-based Network Access Control that also covers key management for MACsec.

 

MACsec had been adopted to protect WAN links by excluding some of the network headers from the MACsec authentication. In such way the network nodes can inspect and modify these headers. With a number of additional enhancements this make MACsec to be fully transparent for intermediate devices.

Inside Secure's Solutions:

Inside Secure's MACsec-IP-163/164 (EIP-163/164) is a family of IP cores that implements full MACsec processing for all standards with up to 400 Gbps throughput and beyond.

The family comprises of two products:

 

  • EIP-163/164 v1, Multi-Channel MACsec Engine for 100 Gbps and serving up to 4 Ethernet channels with optional support of the full ClearTags specification.

  • EIP-163/164 v2, Multi-Channel MACsec Engine for 400G Ethernet and 500G FlexE Gbps and serving up to 32 Ethernet channels with optional support of the full ClearTags specification.

 

The information below covers the EIP-163/164 v1, a 100G product. For more information on the EIP-163/164 v2 400G product, please see the highlighted frame below and / or drop me a note.

EIP-163/164 v1, a 4 channel 100G MACsec

 

The EIP-164 is a high-performance MACsec frame processing engine that provides complete MACsec SecY frame transformation for multiple channels and virtual ports; the EIP-164 works with the EIP-163 virtual port matching classifier for a complete MACsec processing solution. To facilitate building an integrated solution, INSIDE Secure also offers the EIP-218 Rate Controller IP which is required in the egress path and can be optionally used in the ingress path as well.

 

Both the EIP-163 and EIP-164 are FIPS-certified and support AES-ECB, AES-CTR, AES-GCM/GMAC transformations for FIPS certification. It is delivered together with a Driver Development Kit and the QuickSec MACsec toolkit. The EIP-163/164 v1 and EIP-218 IP blocks are silicon proven and available now.  You may get more information about the EIP-163/164 HERE

Figure 3: EIP-163/164 Typical Application Diagram

 
Features:
The main features of Inside Secure’s EIP-163/164 v1 are as follows:

Multi-Channel Support

  • Time-sliced interface with 4 channels.

  • Aggregate throughput of 100G (scales linearly with the frequency).

  • Supported modes: 1x100G, 2x50G, 2x40G, 4x25G, 4x10G.

  • Combined modes: 1x40/50G+2x10/25G.

  • Low-rate modes: 10 Mbit, 100 Mbit and 1G in combination with other rates.

  • Each channel has two modes: MACsec and low-latency bypass

 

High Performance

  • Achieves 100Gbps for all packet sizes and transformations at 468.75MHz with 8-byte IPG for standard MACsec and mixed lengths for the extended modes.

  • Achieves 100Gbps for ClearTags MACsec extensions.

  • For ingress, 100Gbps including Deficit Idle Count is achieved at 500MHz.

  • Cut-through processing with minimum latency of 144ns at 500 MHz.

  • Latency is configurable, allowing reaching constant start-of-frame latency of 204 ns for all channels and all types of transformations at 500 MHz.

  • Large latency fixing value, covering throughputs down to 10 Mbit.

  • Bypass mode latency is 12 ns at 500 MHz.

 

MACsec Processing Features

  • Full SecY processing.

  • IEEE 802.1AE compliant.

  • IEEE 802.1AEbn compliant (256-bit key).

  • IEEE 802.1AEbw compliant (extended packet numbering).

  • All cipher suites supported.

  • All ClearTags extensions supported.

  • Automatic MAC SA switching for egress processing.

  • Hardware offload for the nextPN and lowestPN update from the host (KaY).

  • SA rollover mode for debug purposes.

 

Interfaces

  • 512-bit time-sliced packet interface with fixed time slot.

  • Built-in filtering of missing SOP/EOP sequences and violations of time-sliced protocol.

  • Packet interface is tolerant to Deficit Idle Counter mode.

  • A pass-through bus on which data is passed unmodified along with the packet (its width is compile-time configurable).

  • Transparent synchronized transfer of line/local/remote fault detection signals through the processing engine.

  • Passing low-power pseudo frame indication.

  • 32-bit handshaked control register interface.

  • On-chip RAM interfaces. Allow Error Detection and Correction implementation (external to EIP-163/164).

  • Local interrupt controller to combine internal interrupts and per-channel interrupts into one interrupt output.

 

FIPS Certification

  • Support for AES-ECB, AES-CTR, AES-GCM/GMAC transformation for FIPS certification of the crypto core.

 

Verification

  • Set of test vectors for chip integration verification.

  • Integration test vectors in a human-readable format.

  • Python / Verilog based verification environment.

  • 100% verification coverage.

 

EIP-163/164 v2: multi-channel 400GE / 500G FlexE MACsec


This new high-bandwith IP is AVAILABLE NOW with the same features and properties as the v1 4-channel engine, but with a configurable number of channels, and servicing speeds up to 500Gbps.

 

Examples of supported modes: 4x100G, 10x50G, 10x25G+3x50G+1x100G, 20x25G, 20x10G.

IPro   -   Great Silicon IP

Your virtual one-stop shop for advanced   digital   IP   in   Israel.

Packet Protocols - Security - CPUs

C o p y r i g h t    (C)    I P r o    S i l i c o n    I P    L t d .   -    a l l    r i g h t s    r e s e r v e d . 

IPro Silicon IP Ltd.

+972 (545) 441579

mauro@ipro-great-ip.com

www.ipro-great-ip.com

our profile at Semi360.png