91³Ô¹ÏÍø

Go Back
By Industry
By Technology
Synopsys Cloud
Synopsys Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Trial →
Multi-Die Solution
Multi-Die Solution

A comprehensive and scalable solution for fast heterogeneous integration

Discover Multi-Die →
View All 91³Ô¹ÏÍø →
Explore Silicon Design, Verification & Manufacturing

Synopsys is a leading provider of electronic design automation solutions and services.

Families
Optical Design
Photonic Design
Design
3D Image Processing
Verification
Modeling & Simulation
Manufacturing
Try Synopsys Cloud
Synopsys Cloud

Unlimited access to EDA software licenses on-demand

Request a Free Trial →
Explore Silicon IP

Synopsys is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

Interface IP
Processor IP
Memories & Libraries
SoC Architecture
Security IP
SoC Infrastructure IP
IP Accelerated
IP Markets
Synopsys IP Portfolio Cover
Synopsys IP Portfolio
Download Brochure →
Synopsys IP Technical Bulletin
Read Latest Issue →
Explore Systems Verification and Validation

Synopsys is a leading provider of hardware-assisted verification and virtualization solutions.

Emulation
System Test Generation
Verification IP
FPGA Development
Prototyping
Virtual Prototyping
View All Products →
Company Overview
Resources
Success Stories | Synopsys
Success Stories

Explore our success stories.

Learn More →

Securing Network Traffic using MACSec Over Ethernet

VIP Expert

Jun 25, 2020 / 2 min read

Table of Contents

In today¡¯s digital age, networking requirements have become increasingly crucial. The possibility of unauthorized access to networks and confidential information have increased the need for secure network access.

In 2006, the IEEE officially identified a MAC Security standard, also known as MACSec/802.1AE and GCM-AES/GCM-AES-XPN Cipher Suite, to meet the requirements for secure data traversal. MACSec helps users to maintain confidentiality by securing the data with the use of secured point-to-point Ethernet links.

Why MACSec?

The MACSec security protocol provides encryption to the entire Ethernet packet except for its source and destination MAC addresses (including upper layer frames). MACSec offers point-to-point encryption, meaning it is performed for every hop unlike IPsec which works only for end-to-end connections. Thus, the MACSec protocol protects the data from getting tampered giving users the data security.

Key protocol features:

  • Maintains data confidentiality by providing strong encryption and marks an end to intrusion threats
  • Integrity check to prevent data tampering, this makes sure that the data is not manipulated during traversal ¨C MACSec frame can be both encrypted and authenticated to provide privacy and integrity
  • The protocol flexibility ensures that MACSec security can be enabled/disabled as needed

How MACSec works?

The point-to-point Ethernet link forms the backbone of the MACSec protocol. These links are secured after matching the keys. The secured keys are dynamically available and can also be configured by the users.

The process of matching these keys takes place only after validating each end of the point-to-point connection on the interface and exchanging the keys. Once the MACSec is established on the link, all the traffic is secured using encryption and data integrity or ICV check.

MACSec over Ethernet security diagram

Fig1: MACSec Frame Format
 

The MACSec Frame adds Security TAG (SecTAG) and Integrity Check Value (ICV) in the Ethernet Frame to provide secure connectivity associations with the GCM-AES Cipher Suite using 128/192/256-bit key.

MACSec over Ethernet architecture diagram

Fig2: MACSec at layer2

Who needs MACSec?

A common use case for MACSec requirements can be picked up from our daily routine where we want to encrypt the traffic between two devices such as a remote site connected to a central site or a central site connected to its branches via MACSec enabled routers.

To prevent the data from getting spied and manipulated, data centers/ IT networks require comprehensive protection programs. Many high-speed routers and data centers have employed the WAN MACSec feature. MACSec can be used across multiple switches using VLAN/SVLAN TAGs (as mentioned in IEEE Std 802.1AEcg?-2017).

In recent years, the automotive industry has also required support for MACSec compatible hardware like controllers and switches, to provide a complete security solution. MACSec along with AVB-TSN features provide a good level of security preventing the network from getting paralyzed.

For more information on Synopsys Ethernet VIP and Test Suite offerings, please visit 

Read our previous blogs on 800G and Terabit Speeds with Ethernet 802.3ck, Ethernet Time-Sensitive Network (TSN): A Boon for Automotive Audio-Video Bridging (AVB) Applications

Continue Reading

Industry First Verification IP for Arm AMBA DTI-G
Blog
2 min read / Sep 12, 2024

Industry First Verification IP for Arm AMBA DTI-G

Gunjan Kumar Gupta
By Gunjan Kumar Gupta
Tags: Verification Central, Data Center, Internet of Things, Verification IP, Automotive, Verification
Read Article
The Journey of Coverage Closure
Blog
2 min read / Sep 10, 2024

The Journey of Coverage Closure

Taruna Reddy
By Taruna Reddy
Tags: Verification Central, AI & Machine Learning, Simulation, Verification
Read Article
UCIe 2.0 - Setting the Tone for Chiplet Interoperability
Blog
3 min read / Aug 08, 2024

UCIe 2.0 - Setting the Tone for Chiplet Interoperability

Deepak Nagaria
Prasad Subudhi K. S
Narasimha Babu G V L
By Deepak Nagaria , Prasad Subudhi K. S , Narasimha Babu G V L
Tags: Verification Central, Multi-Die System, Verification IP, Verification
Read Article