Overview

Comcores MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE. It protects components in Ethernet networks especially high-speed Ethernet used in cloud, data center, 5G, industrial and automotive. The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.

The core is configurable to have multiple Security Entities, SecYs, in a single IP to support multiple Connectivity Associations per port for traffic differentiation, and is prepared for easy interfacing with Comcores or third-party MAC, PCS and TSN Switch IPs.

The MACsec Engine implements 64-bit AXI-S input and output data interfaces. It offers flexibility on integration with IEEE 1588 PTP Timestamping Unit (TSU). It additionally includes a software tool for MACsec Key Agreement Protocol IEEE 802.1X integration.

Learn more by reading our MACsec blog post, MACsec for Deterministic Ethernet whitepaper, O-RAN Fronthaul Security using MACsec whitepaper or watching our webinar on the MACsec IP.

Block Diagram

Comcores MACsec diagram

Key Features

Delivers Performance

  • Compliance with IEEE Std 802.1AE-2018
  • IEEE 802.1X MACsec Key Agreement
  • Line-rate traffic encryption and decryption

Highly Configurable

  • Supports 10G/25G data rates
  • Multiple Connectivity Associations (SecYs) with Traffic Mapping Rules
  • Multiple number of peers with 4 Security Associations (SA) per Transmit and Receive Secure Channels (SC)

Feature Rich

  • AES-GCM-128 and AES-GCM-256 Cipher Suites
  • VLAN-in-Clear
  • Confidentiality Offset
  • SW tool for MACsec Key Agreement Protocol IEEE 802.1X integration
  • Controlled/Uncontrolled Port

Silicon Agnostic

  • Designed in SystemVerilog and targeting both ASICs and FPGAs

Deliverables

The IP Core can be delivered in Source code or Encrypted format. The following deliverables will be provided with the IP Core license:

  • Solid documentation, including User Manual and Release Note.
  • Simulation Environment, including Simple Testbed, Test case and Test Script.
  • Programming Register Specification.
  • Timing Constraints in Synopsys SDC format.
  • SW integration tool for IEEE 802.1X MACsec Key Agreement Protocol.
  • Access to support system and direct support from Comcores Engineers.
  • Synopsys SGDC Files (optional).
  • Synopsys Lint, CDC and Waivers (optional).

MACsec Content

Related Products

What Comcores IP will do for you

Proven Quality

Solid process and predictability

Strong verification

Faster Time-to-Market

First in bringing out new solutions

Tremendous investments in research

Know-How

Long-term experience in communication protocols

Expert in executing digital design projects

O-RAN Fronthaul Transport Security using MACsec

Daniel Dik - Sep 14, 2022. In this webinar, we will take a look at MACsec as a persuasive security solution for the O-RAN Fronthaul. We will understand the very sensitive data that the fronthaul transports, its strict high-performance requirements, and the urgent need to secure it against several threats and attacks. We will learn the features that MACsec has to protect the fronthaul together with its implementation challenges. Finally, we will see how the Comcores’ MACsec solution can be...

read more

What is MACsec?

What is MACsec? Morten Kofoed Esbjørn - Sep 08, 2022. Media Access Control Security (MACsec)  is a layer2 security protocol standardized by the IEEE that operates on Ethernet frames. It uses AES GCM cryptography with 128-bit key and 256-bit key versions. MACsec is designed to provide authentication, confidentiality and integrity for data transported on point-to-point links in the enterprise Local Area Network (LAN) using the Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) data...

read more