Revision Standard – Active. How all or part of a network can be secured transparently to peer protocol entities that use the MAC Service provided by IEEE 802® LANs to communicate is specified in this standard. MAC security (MACsec) provides connectionless user data confidentiality, frame data integrity, and data origin authenticity.(The PDF of this standard is available at no cost to you compliments of the IEEE GET program https://ieeexplore.ieee.org/browse/standards/get-program/page)

PDF Catalog

PDF Pages	PDF Title
1	IEEE Std 802.1AE™-2018 front cover
2	Title page
4	Important Notices and Disclaimers Concerning IEEE Standards Documents
7	Participants
9	Introduction
10	Contents
14	Figures
15	Tables
17	1. Overview 1.1 Introduction
18	1.2 Scope
19	2. Normative references
20	3. Definitions
24	4. Abbreviations and acronyms
26	5. Conformance 5.1 Requirements terminology 5.2 Protocol Implementation Conformance Statement (PICS)
27	5.3 MAC Security Entity requirements
28	5.4 MAC Security Entity options 5.5 EDE conformance
29	5.6 EDE-M conformance 5.7 EDE-CS conformance
30	5.8 EDE-CC conformance 5.9 EDE-SS conformance
31	6. Secure provision of the MAC Service 6.1 MAC Service primitives and parameters
33	6.2 MAC Service connectivity 6.3 Point-to-multipoint LANs
34	6.4 MAC status parameters 6.5 MAC point-to-point parameters
35	6.6 Security threats
36	6.7 MACsec connectivity 6.8 MACsec guarantees
37	6.9 Security services
38	6.10 Quality of Service maintenance
40	7. Principles of secure network operation 7.1 Support of the secure MAC Service by an individual LAN
45	7.2 Multiple instances of the secure MAC Service on a single LAN
46	7.3 Use of the secure MAC Service
49	8. MAC Security protocol (MACsec) 8.1 Protocol design requirements
52	8.2 Protocol support requirements
54	8.3 MACsec operation
56	9. Encoding of MACsec Protocol Data Units 9.1 Structure, representation, and encoding 9.2 Major components
57	9.3 MAC Security TAG 9.4 MACsec EtherType
58	9.5 TAG Control Information (TCI)
59	9.6 Association Number (AN) 9.7 Short Length (SL) 9.8 Packet Number (PN)
60	9.9 Secure Channel Identifier (SCI) 9.10 Secure Data 9.11 Integrity check value (ICV)
61	9.12 PDU validation
62	10. Principles of MAC Security Entity (SecY) operation 10.1 SecY overview
63	10.2 SecY functions
64	10.3 Model of operation 10.4 SecY architecture
66	10.5 Secure frame generation
69	10.6 Secure frame verification
73	10.7 SecY management
86	10.8 Addressing 10.9 Priority
87	10.10 SecY performance requirements
88	11. MAC Security in systems 11.1 MAC Service interface stacks
89	11.2 MACsec in end stations
90	11.3 MACsec in MAC Bridges
91	11.4 MACsec in VLAN-aware Bridges
92	11.5 MACsec and Link Aggregation
93	11.6 Link Layer Discovery Protocol (LLDP)
94	11.7 MACsec in Provider Bridged Networks
96	11.8 MACsec and multi-access LANs
98	12. MACsec and EPON
99	13. MAC Security Entity MIB 13.1 Introduction 13.2 The Internet-Standard Management Framework 13.3 Relationship to other MIBs
101	13.4 Security considerations
103	13.5 Structure of the MIB module
108	13.6 MAC Security Entity (SecY) MIB definitions
142	14. Cipher Suites 14.1 Cipher Suite use
143	14.2 Cipher Suite capabilities
144	14.3 Cipher Suite specification 14.4 Cipher Suite conformance
146	14.5 Default Cipher Suite (GCM-AES-128)
147	14.6 GCM-AES-256
148	14.7 GCM-AES-XPN-128
149	14.8 GCM-AES-XPN-256
150	15. Ethernet Data Encryption devices 15.1 EDE characteristics
151	15.2 Securing LANs with EDE-Ms
153	15.3 Securing connectivity across PBNs
154	15.4 Securing PBN connectivity with an EDE-M
155	15.5 Securing PBN connectivity with an EDE-CS
157	15.6 Securing PBN connectivity with an EDE-CC
159	15.7 Securing PBN connectivity with an EDE-SS
160	15.8 EDE Interoperability
161	15.9 EDEs, CFM, and UNI Access
162	16. Using MIB modules to manage EDEs 16.1 Security considerations 16.2 EDE-M Management 16.3 EDE-CS Management 16.4 EDE-CC and EDE-SS Management
164	Annex A (normative) PICS proforma A.1 Introduction A.2 Abbreviations and special symbols
165	A.3 Instructions for completing the PICS proforma
167	A.4 PICS proforma for IEEE Std 802.1AE
168	A.5 Major capabilities
170	A.6 Support and use of Service Access Points A.7 MAC status and point-to-point parameters
171	A.8 Secure Frame Generation
172	A.9 Secure Frame Verification
173	A.10 MACsec PDU encoding and decoding A.11 Key Agreement Entity LMI
174	A.12 Management
178	A.13 Additional fully conformant Cipher Suite capabilities A.14 Additional variant Cipher Suite capabilities
181	Annex B (informative) Bibliography
183	Annex C (informative) MACsec test vectors
184	C.1 Integrity protection (54-octet frame)
189	C.2 Integrity protection (60-octet frame)
194	C.3 Integrity protection (65-octet frame)
199	C.4 Integrity protection (79-octet frame)
204	C.5 Confidentiality protection (54-octet frame)
209	C.6 Confidentiality protection (60-octet frame)
214	C.7 Confidentiality protection (61-octet frame)
219	C.8 Confidentiality protection (75-octet frame)
224	Annex D (normative) PICS proforma for an Ethernet Data Encryption device D.1 Introduction D.2 Abbreviations and special symbols
225	D.3 Instructions for completing the PICS proforma
227	D.4 PICS proforma for IEEE Std 802.1AE EDE
228	D.5 EDE type and common requirements
229	D.6 EDE-M Configuration
230	D.7 EDE-CS Configuration D.8 EDE-CC Configuration D.9 EDE-SS Configuration
231	Annex E (informative) MKA operation for multiple transmit SCs
233	Annex F (informative) EDE Interoperability and PAE addresses
236	Annex G (informative) Management and MIB revisions
237	G.1 Counter changes
238	G.2 Available Cipher Suites
239	Back cover

Published By	Publication Date	Number of Pages
IEEE	2018	239


PDF Format	Searchable	Printable	Preview Now

Standard Title	IEEE Standard for Local and metropolitan area networks-Media Access Control (MAC) Security
Published Code	IEEE
Publication Date	2018
Pages Count	239

IEEE 802.1AE 2018

PDF Catalog

Related products