The folks from Algotronix – experts in creating and licencing cryptographic intellectual property (IP) cores for FPGAs – have announced that they are shipping MACsec cores that are used to secure data on Ethernet links at up to 10 Gbps.
The Media Access Control Security (MACsec) products comply with the requirements of IEEE 802.1AE. They are available as intellectual property cores for FPGAs or SoC technology to cover the needs of gigabit Ethernet for 1 GbE and 10 GbE throughputs. The architectural design allows 10 Gbps to be achieved in readily available 40-nm or 28-nm FPGAs, while the 1G data rate product can use lower cost families.
The design has been carefully crafted to support both jumbo frames and minimum size packets with a key change on every packet, which represents the worst case situation for the system. The cores support both 128-bit encryption keys as well as the newly standardised 256-bit keys used for enhanced security in applications such as Metropolitan Area Networks.
“The MACsec cores evolved from our popular AES-GCM encryption cores, as they add the extensive logic required to perform the validation, statistics and Connectivity Associations. We have seen an upsurge in enquiries for the MACsec products, even before they are publicly announced”, said Tom Kean, Algotronix Managing Director. “These early customers operate in markets as diverse as military, communications and test equipment. Our ability to hit the performance requirements in existing FPGAs is a testament to the efficiency of the architecture”.
MACsec provides confidentiality and authentication in the link layer (layer 2) and prevents eavesdropping and so-called “man-in-the-middle” attacks, because it detects any alteration or replay of frames. This differs from other schemes, such as IPsec, which are set up as an end-to-end session based encryption at layers 3/4. MACsec does not compete with IPsec, and should be considered as a complementary cyber security technology. MACsec is agnostic to the Ethernet traffic type, and with the introduction of these cores can be easily added to systems to provide an additional layer of protection to a network.
Enterprise customers can adopt MACsec to provide protection behind their fire wall. System administrators can authorise ports to communicate in a secure fashion, and can detect misuse such as attempted Denial of Service (DOS).
Data Center and Cloud-based systems can benefit from the confidentiality and data source authentication offered by MACsec.
Commenting on the new products, Paul Dillien, a consultant from High Tech Marketing in the UK said, “There is a rapidly growing awareness of the emerging MACsec standard. Telecoms links and data centers will most probably focus on the 10 Gbps product, with the 1G version being the target for enterprise and military customers”.
Each MACsec core can support a range of popular FPGA families. The IP is supplied as source code with a very extensive verification testbench. Customers can select from various modes and parameterise the performance to match their needs. All AES products are built around cores that are NIST certified for compliance. Applying the cores to ASIC technology provides a route to lower power and even higher performance. The cores comply with the full specification, however customers who do not need all the features can be provided with a sub-set to save resources. Algotronix can also quote for bespoke cores with additional capabilities.
MACsec typically works in conjunction with IEEE 801.1X-2010 which provides the secure key distribution around the network.
The 1G and 10G MACsec cores are shipping now, and the architecture is designed to scale to 40G and 100G for future product releases.
for more information
If you found this article to be of interest, visit Programmable Logic Designline
where you will find the latest and greatest design, technology, product, and news articles with regard to programmable logic devices of every flavor and size (FPGAs, CPLDs, CSSPs, PSoCs...).
Also, you can obtain a highlights update delivered directly to your inbox by signing up for my weekly newsletter – just Click Here
to request this newsletter using the Manage Newsletters tab (if you aren't already a member you'll be asked to register, but it's free and painless so don't let that stop you [grin]).