Overview

Comcores MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE. It protects components in Ethernet networks especially high-speed Ethernet used in cloud, data center, 5G, industrial and automotive. The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.

The core is configurable to have multiple Security Entities, SecYs, in a single IP to support multiple Connectivity Associations per port for traffic differentiation, and is prepared for easy interfacing with Comcores or third-party MAC, PCS and TSN Switch IPs. It implements 64-bit AXI-S input and output data interfaces. It offers flexibility on integration with IEEE 1588 PTP Timestamping Unit (TSU). It additionally includes a software tool for MACsec Key Agreement Protocol IEEE 802.1X integration.

Block Diagram

Comcores MACsec diagram

Key Features

Delivers Performance

  • Compliance with IEEE Std 802.1AE-2018
  • Line-rate traffic encryption and decryption

Highly Configurable

  • Supports 10G/25G data rates
  • Multiple Connectivity Associations (SecYs) with Traffic Mapping Rules
  • Multiple number of peers with 4 Security Associations (SA) per Transmit and Receive Secure Channels (SC)

    Feature Rich

    • AES-GCM-128 and AES-GCM-256 Cipher Suites
    • VLAN-in-Clear
    • Confidentiality Offset
    • SW tool for MACsec Key Agreement Protocol IEEE 802.1X integration

    Silicon Agnostic

    • Designed in SystemVerilog and targeting both ASICs and FPGAs

    Deliverables

    The IP Core can be delivered in Source code or Encrypted format. The following deliverables will be provided with the IP Core license:

    • Solid documentation, including User Manual and Release Note.
    • Simulation Environment, including Simple Testbed, Test case, Test Script.
    • Programming Register Specification.
    • Timing Constraints in Synopsys SDC format.
    • SW integration tool for IEEE 802.1X MACsec Key Agreement Protocol.
    • Access to support system and direct support from Comcores Engineers.
    • Synopsys SGDC Files (optional)
    • Synopsys Lint, CDC and Waivers (optional)

    What Comcores IP will do for you

    Proven Quality

    Solid process and predictability

    Strong verification

    Faster Time-to-Market

    First in bringing out new solutions

    Tremendous investments in research

    Know-How

    Long-term experience in communication protocols

    Expert in executing digital design projects

    Related material

    O-RAN Fronthaul Security using MACsec

    WHITEPAPER 5G is now in full deployment with numerous services available across the globe, especially for time-sensitive applications. 5G provides a range of improvements over existing 4G Long-Term Evolution (LTE) mobile networks with regard to capacity, speed and latency. It also provides better security. Nevertheless, security risks still remain and these need to be addressed quickly to ensure that 5G can address all of the target applications that drove original specifications. One of the...

    read more

    MACsec for Deterministic Ethernet applications

    WHITEPAPER MACsec provides authentication by ensuring that only known nodes are allowed to communicate on the LAN. It provides confidentiality through encryption of the data so only end-points with the correct encryption key can see the contents. Integrity is provided through mechanisms that can detect any interference with data in motion. MACsec operates at the data link layer acting as a client of the Ethernet Media Access Control. While the ability of MACsec to scale to high speeds is...

    read more

    O-RAN Fronthaul Transport Security using MACsec

    Daniel Dik Sep 14 2022 5G provides a range of improvements compared to existing 4G LTE mobile networks in regards to capacity, speed, latency and security. One of the main improvements is in the 5G RAN; it is based on a virtualized architecture where functions can be centralized close to the 5G core for economy or distributed as close to the edge as possible for lower latency performance. The functional split options for the baseband station processing chain results in a separation between...

    read more