MACsec Engine
Overview
Comcores MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE. It protects components in Ethernet networks especially high-speed Ethernet used in cloud, data center, 5G, industrial and automotive. The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.
The core is configurable to have multiple Security Entities, SecYs, in a single IP to support multiple Connectivity Associations per port for traffic differentiation, and is prepared for easy interfacing with Comcores or third-party MAC, PCS and TSN Switch IPs.
It implements 64-bit AXI-S input and output data interfaces. It offers flexibility on integration with IEEE 1588 PTP Timestamping Unit (TSU). It additionally includes a software tool for MACsec Key Agreement Protocol IEEE 802.1X integration.
Learn more by reading our blog post, MACsec for deterministic Ethernet whitepaper, O-RAN Fronthaul Security using MACsec whitepaper or watch our webinar on the MACsec IP.
Block Diagram
Key Features
Delivers Performance
- Compliance with IEEE Std 802.1AE-2018
- Line-rate traffic encryption and decryption
Highly Configurable
- Supports 10G/25G data rates
- Multiple Connectivity Associations (SecYs) with Traffic Mapping Rules
- Multiple number of peers with 4 Security Associations (SA) per Transmit and Receive Secure Channels (SC)
Feature Rich
- AES-GCM-128 and AES-GCM-256 Cipher Suites
- VLAN-in-Clear
- Confidentiality Offset
- SW tool for MACsec Key Agreement Protocol IEEE 802.1X integration
Silicon Agnostic
- Designed in SystemVerilog and targeting both ASICs and FPGAs
Deliverables
The IP Core can be delivered in Source code or Encrypted format. The following deliverables will be provided with the IP Core license:
- Solid documentation, including User Manual and Release Note.
- Simulation Environment, including Simple Testbed, Test case, Test Script.
- Programming Register Specification.
- Timing Constraints in Synopsys SDC format.
- SW integration tool for IEEE 802.1X MACsec Key Agreement Protocol.
- Access to support system and direct support from Comcores Engineers.
- Synopsys SGDC Files (optional)
- Synopsys Lint, CDC and Waivers (optional)
What Comcores IP will do for you
Proven Quality
Solid process and predictability
Strong verification
Faster Time-to-Market
First in bringing out new solutions
Tremendous investments in research
Know-How
Long-term experience in communication protocols
Expert in executing digital design projects
Related material
Comcores TSN technology and 5G communication expertise to be deployed in a significant EU funded project with pan-European partners
Morten Kofoed Esbjørn - Jan 20, 2023. The OCTAPUS initiative is an EU funded project, which started in September 2022 and is funded until February 2026. OCTAPUS stands for “Optical Circuit switched Time-Sensitive Network (TSN) architecture for highspeed Passive optical networks and next generation Ultra-dynamic & reconfigurable central office environments”, and the goal is to deliver an agile, low-cost and energy efficient Photonic Integrated Circuit (PIC) technology framework. OCTAPUS was...
O-RAN Fronthaul Security using MACsec
WHITEPAPER - O-RAN Fronthaul Security using MACsec With 5G being deployed for time-sensitive applications, security is becoming an important consideration. At the same time, Open Radio Access Networks (RAN) are gaining more interest from mobile carriers and governments. Yet, Open RAN networks have serious security challenges, especially in the RAN fronthaul where there are strict timing requirements. This paper proposes MACsec as an efficient data link layer security solution that can assist...
MACsec for Deterministic Ethernet applications
WHITEPAPER - MACsec for Deterministic Ethernet applications Why MACsec is a compelling security solution for Deterministic Ethernet networks and how Packaged Intellectual Property solutions can accelerate time-to-market for chip developers. Security has long been a top priority in communications networks. However, networks that support time-sensitive applications face challenges in implementing adequate security mechanisms that also meet latency and jitter requirements. This includes networks...