Go Back
By Industry
By Technology
Synopsys Cloud
Synopsys Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Trial →
Multi-Die System Solution
Multi-Die System Solution

A comprehensive solution for fast heterogeneous integration

Discover Multi-Die →
View All Solutions →
Explore Silicon Design, Verification & Manufacturing

Synopsys is a leading provider of electronic design automation solutions and services.

Families
Optical Design
Photonic Design
Design
3D Image Processing
Verification
Modeling & Simulation
Manufacturing
Try Synopsys Cloud
Synopsys Cloud

Unlimited access to EDA software licenses on-demand

Request a Free Trial →
Explore Silicon IP

Synopsys is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

Interface IP
Processor IP
Analog IP
Memories & Libraries
SoC Architecture
Security IP
SoC Infrastructure IP
IP Accelerated
IP Markets
Synopsys IP Portfolio Cover
Synopsys IP Portfolio
Download Brochure →
Synopsys IP Technical Bulletin
Read Latest Issue →
Explore Application Security

Synopsys helps you protect your bottom line by building trust in your software—at the speed your business demands.

Integrated AppSec Solutions
Software Risk Analysis
AppSec Program Services
Your guide to securing your open source supply chain
Your guide to securing your open source supply chain
Read the report →
View All Products →
Company Overview
Resources
SNUG 2024 | Synopsys
SNUG 2024

Synopsys User Group Conference

Learn more →
Synopsys Job Search Thumbnail
Pursue Your Passion

Start Your Job Search

Apply Now →

Securing Network Traffic using MACSec Over Ethernet

VIP Expert

Jun 25, 2020 / 2 min read

Table of Contents

In today’s digital age, networking requirements have become increasingly crucial. The possibility of unauthorized access to networks and confidential information have increased the need for secure network access.

In 2006, the IEEE officially identified a MAC Security standard, also known as MACSec/802.1AE and GCM-AES/GCM-AES-XPN Cipher Suite, to meet the requirements for secure data traversal. MACSec helps users to maintain confidentiality by securing the data with the use of secured point-to-point Ethernet links.

Why MACSec?

The MACSec security protocol provides encryption to the entire Ethernet packet except for its source and destination MAC addresses (including upper layer frames). MACSec offers point-to-point encryption, meaning it is performed for every hop unlike IPsec which works only for end-to-end connections. Thus, the MACSec protocol protects the data from getting tampered giving users the data security.

Key protocol features:

  • Maintains data confidentiality by providing strong encryption and marks an end to intrusion threats
  • Integrity check to prevent data tampering, this makes sure that the data is not manipulated during traversal – MACSec frame can be both encrypted and authenticated to provide privacy and integrity
  • The protocol flexibility ensures that MACSec security can be enabled/disabled as needed

How MACSec works?

The point-to-point Ethernet link forms the backbone of the MACSec protocol. These links are secured after matching the keys. The secured keys are dynamically available and can also be configured by the users.

The process of matching these keys takes place only after validating each end of the point-to-point connection on the interface and exchanging the keys. Once the MACSec is established on the link, all the traffic is secured using encryption and data integrity or ICV check.

MACSec over Ethernet security diagram

Fig1: MACSec Frame Format
 

The MACSec Frame adds Security TAG (SecTAG) and Integrity Check Value (ICV) in the Ethernet Frame to provide secure connectivity associations with the GCM-AES Cipher Suite using 128/192/256-bit key.

MACSec over Ethernet architecture diagram

Fig2: MACSec at layer2

Who needs MACSec?

A common use case for MACSec requirements can be picked up from our daily routine where we want to encrypt the traffic between two devices such as a remote site connected to a central site or a central site connected to its branches via MACSec enabled routers.

To prevent the data from getting spied and manipulated, data centers/ IT networks require comprehensive protection programs. Many high-speed routers and data centers have employed the WAN MACSec feature. MACSec can be used across multiple switches using VLAN/SVLAN TAGs (as mentioned in IEEE Std 802.1AEcg™-2017).

In recent years, the automotive industry has also required support for MACSec compatible hardware like controllers and switches, to provide a complete security solution. MACSec along with AVB-TSN features provide a good level of security preventing the network from getting paralyzed.

For more information on Synopsys Ethernet VIP and Test Suite offerings, please visit http://synopsys.com/vip

Read our previous blogs on 800G and Terabit Speeds with Ethernet 802.3ck, Ethernet Time-Sensitive Network (TSN): A Boon for Automotive Audio-Video Bridging (AVB) Applications

Continue Reading

Verifying CXL 3.1 Designs with Synopsys Verification IP

Verifying CXL 3.1 Designs with Synopsys Verification IP

Zongyao Wen
Nikhil Jain
By Zongyao Wen, Nikhil Jain

Apr 11, 2024 / 4 min read

Tags: Verification Central, Verification IP, Verification
Customer Spotlight: NXP's S32N Family of Processors Enables Vehicle Super-Integration for Central Compute Applications

Customer Spotlight: NXP's S32N Family of Processors Enables Vehicle Super-Integration for Central Compute Applications

Marc Serughetti
By Marc Serughetti

Apr 10, 2024 / 4 min read

Tags: Verification Central, Automotive, Verification, Virtual Prototyping
Synopsys and Arm Collaboration -Accelerating Development and Innovation for Arm-based Automotive Systems

Synopsys and Arm Collaboration -Accelerating Development and Innovation for Arm-based Automotive Systems

Marc Serughetti
By Marc Serughetti

Mar 15, 2024 / 4 min read

Tags: Verification Central, Design, Automotive, Verification, Virtual Prototyping