MACsec Engine IP

The MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE.
It protects components in Ethernet networks especially very high-speed Ethernet used in cloud, data center, and backhaul networks.
The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.

The MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE.
It protects components in Ethernet networks especially very low-speed Ethernet used in automotive, industrial, and consumer applications.
The MACsec IP is a fully compliant solution that provides line-rate encryption and is optimized for the smallest area size.

The MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE.
It protects components in Ethernet networks especially high-speed Ethernet used in automotive, industrial, cloud, data center, and wireless infrastructure.
The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.

The MSP7 implementation fully supports the IEEE 802.1ae (MACsec) algorithm for 128-bit bit keys, including AES support in Galois Counter Mode (GCM) per NIST publication SP800-38D.
The core is designed for flow-through operation. MSP7 supports encryption and decryption modes (encrypt-only and decrypt-only options are available.

Small size: Starting at less than 13K ASIC gates, 1.5 Gbps performance at less than 20K gates
Scalability to throughputs of 128 bits per clock with the capability of parallel cores at throughputs of 100 Gbps and above
Supports Galois Counter Mode Encryption and authentication (GCM-AES a.k.a. AES-GCM)
Includes AES-GCM encryption, AES-GCM decryption, key expansion and data interface

The MACsec Intel® FPGA IP core implements the IEEE Media Access Control Security standard as defined in 802.1AE (2018) as fully configurable soft IP
MACsec provides data confidentiality and integrity for the Ethernet protocol and is commonly used to secure network traffic in 5G systems, between the cloud and data center, and between IoT devices.

Provides Ethernet fully compliant to 802.3-2018 supporting all media independent interfaces for (1/10/25/40/50/100/200/400/800 G)
Provides MacSec as per IEEE standard 802.1AE-2018 specification
- Supports controlled and uncontrolled ports
- Encodes and decodes MacSeC PDUs
- Protects and validates macSec Pdus using AES-GCM-128 Cipher suites
- Cryptographic protection
- Modification and Addition of MSDU
- Uses configurable secure association key for encryption and authentication
- Supports Vlan and jumbo frames
- Supports Replay protection and ICV Works in tandem with gPTP (IEEE 802.1AS)/ PTP (IEEE 1588)
Supports controlled and uncontrolled ports
Encodes and decodes MacSeC PDUs

The Crypto Coprocessors are a hardware IP core platform that accelerates cryptographic operations in System-on-Chip (SoC) environment on FPGA or ASIC.
Symmetric operations are offloaded very efficiently as it has a built-in scatter/gather DMA. The coprocessor can be used to accelerate/offload IPsec, VPN, TLS/SSL, disk encryption, or any custom application requiring cryptography algorithms.

One input word per clock without any backpressure
Design can switch stream, algorithm, mode, key and/or direction every clock cycle
GCM: throughput is solely determined by the data width, data alignment and clock frequency
XTS: block processing rate may be limited by the number of configured tweak encryption & CTS cores; a configuration allowing 1 block/clock is available