...that are used to secure data on Ethernet links at up to 10 Gbps. The Media Access Control Security (MACsec) products comply with the requirements of IEEE 802.1AE. They are available as intellectual property cores for commercial FPGAs to cover the needs of gigabit Ethernet for 1 GbE and 10 GbE throughputs for terrestrial applications. The architectural design allows 10 Gbps to be achieved in readily available 40-nm or 28-nm FPGAs, while the 1G data rate product can use lower cost families. The design has been carefully crafted to support both jumbo frames and minimum size packets with a key change on every packet, which represents the worst case situation for the system. The cores support both 128-bit encryption keys as well as the newly standardised 256-bit keys used for higher levels of security.
“The MACsec cores evolved from our popular AES-GCM encryption cores, as they add the extensive logic required to perform the validation, statistics and Connectivity Associations. We have seen an upsurge in enquiries for the MACsec products, even before they are publicly announced”, said Tom Kean, Algotronix Managing Director. “In addition, we have completed a feasibility study funded by the U.K. government for adapting the design for use in satellites”. MACsec provides confidentiality and authentication in the link layer (layer 2) and prevents eavesdropping and so-called “man-in-the-middle” attacks, because it detects any alteration or replay of frames. MACsec is agnostic to the Ethernet traffic type, and with the introduction of these cores can be easily added to systems to provide an additional layer of protection to a network. Systems not equipped with MACsec can, of course, still communicate, but without the secure features provided by the system. MACsec typically works in conjunction with IEEE 801.1X-2010, which provides the secure key distribution around the network.