10G-100G MACsec Security Module for Ethernet

Overview

Data security between Ethernet-connected devices is expanding due to multiple factors: exponential growth of data containing sensitive and private information, new laws and regulations, and also technology advances in markets such as high-performance computing, high-performance networking, mobile/5G, and automotive to support faster, more scalable and ultimately more efficient networking architectures. Media Access Control Security (MACsec) is the foundational Ethernet (Layer2) security protocol to protect network communication against denial-of-service (DoS) attacks, eavesdropping, and man-in-the-middle attacks by enabling a bi directional secure link. MACsec is the main security standard to secure ethernet traffic, which provides data security in motion between Ethernet-connected devices. The pre-shared key used in the first step of MACsec negotiation can prevent non-trusted devices from successfully connecting to a secured ethernet fabric. Synopsys’ MACsec Security Modules provide confidentiality, integrity, origin authentication, and replay protection based on scalable AES-GCM cryptography enabling end-to-end security for Ethernet traffic. Synopsys MACsec Security Modules are standards-compliant, complete inline full-duplex solutions and seamlessly integrate with the Synopsys Ethernet MAC & PCS IP. The solution supports scalable data rates with optimal latency, network prioritization, and diversity for a range of secure Ethernet connections. Figure 1 depicts the Synopsys Ethernet IP solution with Synopsys MACsec Module offering that enables system-on-chip (SoC) designers to quickly integrate security in their system for a fast time-to-market and reduced risk

Key Features

  • Supports MACsec IEEE 802.1AE-2018 standard
  • Per frame processing, including encapsulation/decapsulation and frame validation
  • Scalable throughput up to 100+ Gbps
  • Based on state-of-the-art, highly optimized
  • AES-GCM crypto
  • Configurable for optimal latency and PPAScalable number of secure channels and secure associations
  • FIPS 140-3 certification ready
  • Jumbo frames support
  • SecTag insertion & removal
  • Programmable confidentiality offset
  • Extended packet numbering as per IEEE 802.1AEbn standard
  • Support for VLAN tags in the clear
  • GMII/XGMII/XLGMII interfaces
  • Secure ABP4 configuration interface
  • Efficient key control & refresh
  • Seamless integration with Synopsys Ethernet and PCS IP

Benefits

  • Standards compliant (IEEE 802.1AE)
  • Solution standalone or integrated with Ethernet interface controllers
  • Per frame security processing including encapsulation/decapsulation and frame validation
  • Scalable throughput to 100+ Gbps based on pipelined AES-GCM cryptography with optimized latency
  • Jumbo frames support
  • SecTag insertion & removal
  • Configurable number of Secure Channels and Associations
  • Programmable confidentiality offset
  • VLAN tag in the clear support

Applications

  • High-Performance Networking
  • Mobile/5G
  • Automotive

Technical Specifications

Maturity
Available on request
Availability
Available
×
Semiconductor IP