Unveiling Ultra-Compact MACsec IP Core with optimized Flexible Crypto Block for 5X Size Reduction and Unmatched Efficiency from Comcores
In the ever-changing landscape of cybersecurity, the need for advanced security solutions that don’t compromise on performance or resource efficiency is paramount. We’re excited to unveil our latest MACsec IP core, which is an impressive 5x smaller than its predecessor. This innovation marks a significant stride in network security, offering unmatched efficiency, adaptability, and scalability.
Understanding MACsec
Media Access Control Security (MACsec) is a Data Link Layer (Layer 2) security protocol standardized by the IEEE that protects Ethernet frames. MACsec operates at the ethernet port level on a frame-by-frame basis providing line-rate security comparied to upper layer security protocols, hence, minimizing the impact on performance. MACsec is designed to provide authentication, confidentiality & integrity and replay protection for data transported on point-to-point links in the enterprise Local Area Network (LAN) using the Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) data cryptography algorithm with 128-bit key and 256-bit key versions. The MACsec key agreement (MKA) is a companion protocol that provides multiple authentications between hosts in a network. It creates a Connectivity Association and generates session keys.
MACsec provides authentication by ensuring that only known nodes are allowed to communicate on the LAN. It provides confidentiality through encryption of the Payload data and only end-points with the correct encryption key can see the contents. Integrity is provided through a cryptographic mechanism ensuring that data has not been tampered with while in motion. Finally, replay protection ensures in-order delivery of Ethernet frames by specifying a replay window.
MACsec was first introduced in 2006 in the IEEE 802.1AE standard. Between 2011 and 2017, multiple updates were made to introduce support for stronger encryption using AES-GCM-256, support for higher speed interfaces and the ability to monitor and inspect MACsec encrypted frames. The 802.1AE-2018 standard consolidated all these updates into a single standard specifying MACsec.
To read the full article, click here
Related Semiconductor IP
- High speed MACsec Engine 100G/200G/400G/800G/1.6T
- MACsec Protocol Engine for 1G/10G+ Ethernet
- HPC MACsec Security Modules for Ethernet
- ASIL B / ISO 26262 and ISO 21434 Compliant 1G-25G MACsec Security Module
- P1619 / 802.1ae (MACSec) GCM/XTS/CBC-AES Core
Related Blogs
- Keep Legacy Systems Running with a DO-254 HDLC & SDLC Part Replacement IP Core
- Tech Note: Use this Flexible and Efficient AC’97 IP Core for Simple Audio Interfaces and Legacy System Upgrades
- Automotive Ethernet with Comcores – Safety, Quality and ASIL certification of IP
- World First: Synopsys MACsec IP Receives ISO/PAS 8800 Certification for Automotive and Physical AI Security
Latest Blogs
- Cadence Achieves Successful Silicon Validation of 1st IP Test Chips on Intel 18A
- From Classical CAN and CAN FD to CAN XL: Functional Safety and Security for Next-Generation In-Vehicle Communication
- Accelerating Embedded Memory Performance with 16-bit xSPI PSRAM IP
- Why nonce reuse can break AES-GCM security in embedded systems
- PQSecure™-Agility Earns NIST CAVP Validation