IEEE 802.1AE-2006

$85.58

IEEE Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security

Published By	Publication Date	Number of Pages
IEEE	2006	154

Guaranteed Safe Checkout

Category: IEEE

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

New IEEE Standard – Superseded. This standard specifies how all or part of a network can be secured transparently to peer protocol entities that use the MAC Service provided by IEEE 802® LANs to communicate. MAC security (MACsec) provides connectionless user data confidentiality, frame data integrity, and data origin authenticity.

PDF Catalog

PDF Pages	PDF Title
1	IEEE Standard for Local and metropolitan area networks: Media Access Control (MAC) Security
3	Titile page
6	Introduction Notice to users
7	Participants
9	CONTENTS
13	1. Overview 1.1 Introduction
14	1.2 Scope
15	2. Normative references
17	3. Definitions
20	4. Abbreviations and acronyms
22	5. Conformance 5.1 Requirements terminology 5.2 Protocol Implementation Conformance Statement (PICS) 5.3 Required capabilities
23	5.4 Optional capabilities
25	6. Secure provision of the MAC Service 6.1 MAC Service primitives and parameters
27	6.2 MAC Service connectivity
28	6.3 Point-to-multipoint LANs 6.4 MAC status parameters 6.5 MAC point-to-point parameters
29	6.6 Security threats
30	6.7 MACsec connectivity
31	6.8 MACsec guarantees 6.9 Security services
32	6.10 Quality of service maintenance
34	7. Principles of secure network operation 7.1 Support of the secure MAC Service by an individual LAN
38	7.1.1 Connectivity Association (CA) 7.1.2 Secure Channel (SC) 7.1.3 Secure Association (SA)
39	7.2 Multiple instances of the secure MAC Service on a single LAN
40	7.3 Use of the secure MAC Service
41	7.3.1 Client policies 7.3.2 Use of the secure MAC Service by bridges
43	8. MAC Security Protocol (MACsec)
44	8.1 Protocol design requirements 8.1.1 Security requirements 8.1.2 Manageability requirements
45	8.1.3 Interoperability requirements 8.1.4 Deployment requirements 8.1.5 Coexistence requirements
46	8.1.6 Scalability requirements 8.1.7 Unauthorized access attempts 8.1.8 Localization and isolation of attacks 8.1.9 Implementation 8.2 Protocol support requirements
47	8.2.1 SC identification requirements 8.2.2 SA Key requirements 8.2.3 KaY independence of MACsec 8.2.4 Discovering connectivity
48	8.2.5 Authentication requirements 8.2.6 Authorization requirements 8.2.7 Key exchange and maintenance 8.3 MACsec operation
50	9. Encoding of MACsec protocol data units 9.1 Structure, representation, and encoding 9.2 Major components
51	9.3 Security TAG 9.4 MACsec EtherType
52	9.5 TAG Control Information (TCI)
53	9.6 Association Number (AN) 9.7 Short Length (SL) 9.8 Packet Number (PN) 9.9 Secure Channel Identifier (SCI)
54	9.10 Secure Data 9.11 Integrity Check Value (ICV)
55	9.12 PDU validation
56	10. Principles of MAC Security Entity (SecY) operation 10.1 SecY overview
58	10.2 SecY functions
59	10.3 Model of operation 10.4 SecY architecture
62	10.5 Secure frame generation 10.5.1 Transmit SA assignment 10.5.2 Transmit PN assignment 10.5.3 SecTAG encoding
63	10.5.4 Cryptographic protection 10.5.5 Transmit request 10.6 Secure frame verification
64	10.6.1 Receive SA assignment 10.6.2 Preliminary replay check
65	10.6.3 Cryptographic validation 10.6.4 Replay check update 10.6.5 Receive indication 10.7 SecY management
66	10.7.1 SCI 10.7.2 Uncontrolled Port status
68	10.7.3 Uncontrolled Port statistics 10.7.4 Controlled Port status 10.7.5 Controlled Port controls 10.7.6 Controlled Port statistics
69	10.7.7 Frame verification capabilities 10.7.8 Frame verification controls 10.7.9 Frame verification statistics
70	10.7.10 Frame validation statistics 10.7.11 Receive SC creation 10.7.12 Receive SC status
71	10.7.13 Receive SA creation 10.7.14 Receive SA status 10.7.15 Receive SA control
72	10.7.16 Frame generation capabilities 10.7.17 Frame generation controls 10.7.18 Frame generation statistics 10.7.19 Frame protection statistics
73	10.7.20 Transmit SC status 10.7.21 Transmit SA creation 10.7.22 Transmit SA status 10.7.23 Transmit SA controls 10.7.24 Implemented Cipher Suites
74	10.7.25 Cipher Suite selection 10.7.26 SAK creation
75	10.7.27 SAK status 10.7.28 SAK controls 10.8 Addressing 10.9 Priority 10.10 SecY performance requirements
77	11. MAC Security in Systems 11.1 MAC Service interface stacks
78	11.2 MACsec in end stations 11.3 MACsec in MAC Bridges
79	11.4 MACsec in VLAN-aware Bridges
80	11.5 MACsec and Link Aggregation
81	11.6 Link Layer Discovery Protocol (LLDP)
82	11.7 MACsec in Provider Bridged Networks
84	11.8 MACsec and multi-access LANs
86	12. MACsec and EPON
88	13. Management protocol 13.1 Introduction 13.2 The Internet-Standard Management Framework 13.3 Relationship to other MIBs 13.3.1 System MIB Group 13.3.2 Relationship to the Interfaces MIB
90	13.4 Security considerations
92	13.5 Structure of the MIB
96	13.6 Definitions for MAC Security MIB
133	14. Cipher Suites 14.1 Cipher Suite use
134	14.2 Cipher Suite capabilities
135	14.3 Cipher Suite specification 14.4 Cipher Suite conformance 14.4.1 Conformance with Cipher Suite variance
136	14.5 Default Cipher Suite (GCM-AES-128)
138	Annex A (normative) PICS Proforma
154	Annex B (informative) Bibliography

Additional information

Standard Title	IEEE Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security
Published Code	IEEE
Publication Date	2006
Pages Count	154

Preview PDF


PDF Format	Searchable	Printable	Preview Now

IEEE 802.1AE-2006

PDF Catalog

Related products