April 25, 2012 -- Algotronix, Ltd. is shipping MACsec cores that are used to secure data on Ethernet links at up to 10Gbps. The Media Access Control security (MACsec) products comply with the requirements of IEEE 802.1AE. They are available as intellectual property cores for FPGAs or SOC technology to cover the needs of gigabit Ethernet for 1-GbE and 10-GbE throughputs. The architectural design allows 10Gbps to be achieved in readily available 40-nm or 28-nm FPGAs, while the 1G data-rate product can use lower-cost families.

The design has been crafted to support both jumbo frames and minimum size packets with a key change on every packet, which represents the worst-case situation for the system. The cores support both 128-bit encryption keys as well as the newly standardized 256-bit keys used for enhanced security in applications such as Metropolitan Area Networks.

"The MACsec cores evolved from our AES-GCM encryption cores, as they add the extensive logic required to perform the validation, statistics and connectivity associations. We have seen an upsurge in enquiries for the MACsec products, even before they are publicly announced," said Tom Kean, Algotronix Managing Director. "These early customers operate in markets as diverse as military, communications and test equipment."

MACsec provides confidentiality and authentication in the link layer (layer 2) and prevents eavesdropping and so-called "man-in-the-middle" attacks, because it detects any alteration or replay of frames. This differs from other schemes, such as IPsec, which are set up as an end-to-end session based encryption at layers 3/4. MACsec does not compete with IPsec, and should be considered as a complementary cyber security technology. MACsec is agnostic to the Ethernet traffic type, and with the introduction of these cores can be easily added to systems to provide an additional layer of protection to a network.

Enterprise customers can adopt MACsec to provide protection behind their fire wall. System administrators can authorize ports to communicate in a secure fashion, and can detect misuse such as attempted Denial of Service (DoS). Data center and cloud-based systems can benefit from the confidentiality and data source authentication offered by MACsec.

Each MACsec core can support a range of popular FPGA families. The IP is supplied as source code with an extensive verification testbench. Developers can select from various modes and parameterize the performance to match their needs. All AES products are built around cores that are NIST-certified for compliance. Applying the cores to ASIC technology provides a route to lower power and even higher performance. The cores comply with the full specification, but those who do not need all the features can be provided with a sub-set to save resources. Algotronix can also quote for bespoke cores with additional capabilities.

MACsec typically works in conjunction with IEEE 801.1X-2010 which provides the secure key distribution around the network.

Availability

The 1G and 10G MACsec cores are shipping now, and the architecture is designed to scale to 40G and 100G for future product releases.