Network Access & Telecommunications Equipment - RAD Data Communications
Home  |  Contact Us  |  Site Map  |  
search:

   GO
InfoCenter

Infocenter

 

Telecommunications Standards

 
Infocenter
  • White Papers
  • Case Studies
  • Application Notes
  • Brochures
  • Presentations
  • Audio Presentations
  • Data Sheets
  • Technology 101
  • End User Warranty
  • Performance Guarantee
  • Telecommunications Standards
  • Third Party Certified Solutions

    Setting the Standards with Dr. Yaakov Stein

    Ethernet Security

    Dr. Yaakov Stein is RAD’s Chief Scientist, and has a regular column in TechTalk in which he discusses developments in the world of telecommunications standards.

     

    Of the 7000 or so languages in use around the world today, about seven are spoken by 40% of the world’s population. These are sometimes called steamroller languages, as their proportion is rapidly increasing over time, at the expense of hundreds of languages that are becoming extinct. Similarly, of all the communications protocols that have been developed over the years, two are steamrollers in this sense: IP and Ethernet. These two have emerged as the Mandarin and English of communications, and as universal languages they both need certain functionalities. In previous “Setting the Standards” columns I have discussed how Ethernet, originally a simple LAN standard, has been upgraded by features such as OAM, QoS, and synchronization. It is thus becoming truly carrier class. This time I will talk about “MACsec”, Ethernet’s new communications security mechanism. Think of it as IPsec, but for Ethernet.

     

    A year ago the IEEE 802 standards committee approved 802.1AE, entitled Media Access Control (MAC) Security, or “MACsec” for short. Like IP’s security suite “IPsec”, 802.1AE addresses the three main communications security objectives:

    1. integrity,

    2. authentication, and

    3. confidentiality.

     

    Data integrity means ensuring that an Ethernet frame has been received as it was sent, without having been maliciously altered on-route. MACsec achieves this by appending a 16-Byte Integrity Check Value that depends on the entire Ethernet frame. Unlike the simple Frame Check Sequence, the ICV can not be computed without knowledge of a 128/256-bit key, known only to trusted network entities. Thus frames injected or modified by an attacker who does not know the key will be found to have incorrect ICV, and will be safely rejected.

     

    Authentication means ensuring that the Ethernet frame is indeed sent by the entity claiming to be its source, and not injected to the network by an attacker. This is done by protecting the Ethernet header (which includes the source MAC address) by the ICV. Thus the attacker can not impersonate a trusted colleague without knowledge of the key.

     

    MACsec also provides replay protection, another version of the injection attack where the attacker attempts to copy valid packets and fool the recipient into accepting them as new data. It does this by assigning a number to each packet, and protecting this packet number with the ICV. Without replay protection copies of valid packets would pass the integrity and authentication checks.

     

    Confidentiality means hiding the packet content from unintended eyes, and is achieved by encryption of the Ethernet frame (not including the source and destination MAC addresses). Although most people think of encryption when they hear the term “security”, encryption is actually an optional feature of MACsec. Integrity and authentication are mandatory, as they are features that are always required. Confidentiality is often less important, as not all communications are secretive in nature.

     

    MACsec does not thwart all types of attacks. Since the destination and source addresses are sent in the clear, the network is still exposed to traffic analysis by an attacker who has gained access to the physical media. Yet, this type of weakness is clearly of lower importance than those previously discussed.

     

    How does MACsec accomplish what it does? After the destination and source MAC addresses that reside at the beginning of the MAC frame, 802.1AE inserts a newly defined element called the SecTAG. The SecTAG is identified by a new EtherType of 88E5, followed by 14 Bytes that include (amongst other things) the four-Byte Packet Number and an eight-Byte optional Secure Channel Identifier. The PN is the numbering already mentioned, while the SCI identifies which key is to be used for cases where a single switch participates in multiple secure associations.

     

    After the SecTAG follows the rest of the Ethernet frame, either encrypted or not. If encryption is employed, it may start immediately after the SecTAG, or may start after an offset, leaving VLAN tags and other information unencrypted.. Following the possibly encrypted data comes the ICV, and finally the regular Ethernet FCS. This FCS must always be recomputed after applying MACsec, as the original Ethernet frame has been altered.

     

    What is truly special about MACsec is the default algorithm that was chosen by the MAC Security Task Force for 802.1AE. Of course, nowadays the use of the Advanced Encryption Standard is to be expected, but 802.1AE chose an unusual variant called AES-GCM. Unlike more conventional AES usage, AES-GCM computes the ICV and performs the encryption at the same time using the same algorithm. For comparison, IPsec can use AES-CBC for the encryption, but then uses a different algorithm, such as SHA-1 for the integrity and authentication functions. By performing both functions via the same algorithm, AES-GCM saves on computational complexity and reduces computational latency.

     

    MACsec has further advantages as compared to IPsec. MACsec secures at the Ethernet level, and thus is applicable not only for IP traffic, but for anything that can be carried over Ethernet. Even when the traffic is IP, MACsec is more suitable for the Ethernet Service Provider who prefers not to be involved at the IP level. MACsec is ideal for protecting an entire layer-2 link, but can also be used for individual Ethernet Virtual Connections.

     

    However, MACsec as presently defined has a major limitation. 802.1AE only addresses securing a single link, under the assumption that each Ethernet link at risk will be separately secured. It provides no mechanism for end-to-end protection, leaving that field for IPsec (which is not always applicable). Nor can the design be easily extended for end-to-end protection. For example, note that the SecTAG must always be the first EtherType, and thus VLAN tags may be encrypted, and even if left in the open (when encryption is not performed, or when using an offset) the VLAN tags are not in their normal location, and will not be recognized by VLAN-aware switches that are not MACsec-aware.

     

    At present, the only standards-based method of overcoming this limitation is by employing MACinMAC, whereby the entire MAC frame is encapsulated in another MAC frame, thus transforming the entire end-to-end Ethernet connection into a single “link”. MACinMAC is defined in 802.1ah, which is in its final stages of standardization, and is used by PBT, which I discussed in an earlier “Setting the Standards” column.

     
      |  legal  |  tell a friend  |  print page  |  (c) 2008 RAD Data Communications, Ltd.
     Products    Solutions    About Us    News    InfoCenter    Support    Where to Buy