Lorem ipsum dolor

Elbrys Networks Soft-MACsec ™ is a modular, portable implementation of the IEEE Std 802.1AE-2006 ™ MACsec standard for network Layer 2 integrity and confidentiality. Soft-MACsec uses a software implementation of the Advanced Encryption Standard, Galois Counter Mode (AES-GCM) crypto-library, and is intended to handle moderate data-rate applications, such as control plane traffic.

Soft-MACsec serves two primary functions in the target platform: (a) it provides software-driven integrity and confidentiality for Layer 2 protocol traffic and (b) it provides a common framework that can be adapted to support the control and configuration of MACsec with hardware assist, once silicon supporting IEEE Std. 802.1AE is readily available in the market.

The use case for 802.1AE Link Layer Security (MACsec) is network data integrity and optional confidentiality protection at Layer 2 on a hop-by-hop basis. Whenever network traffic passes over physically unprotected links or multiple systems have the ability to send or forward traffic onto a physically protected link, it may be desirable to cryptographically protect the traffic at Layer 2. MACsec is complementary to similar protection provided at Layer 3 by IPsec, and at Layer 4 by SSL/TLS. For protocols that do not run over Layers 3 and 4, a Layer 2 network security mechanism can be important. This can be a significant product differentiator, and one element of a comprehensive network security architecture.

Soft-MACsec implements pre-shared keys. Distinct, derived, shared keys are used for each Secure Association. The MACsec Key Agreement protocol will be incorporated in a future release, once the standards work has stabilized.

Soft-MACsec is portable to different operating system and common-code environments.  The primary reference platform is Linux on an X86 generic PC architecture.

All customer-facing APIs are thoughtfully designed for extensibility and will not be modified in any non-backward-compatible fashion as Soft-MACsec is extended and maintained.

The Soft-MACsec architecture accommodates various network management sub-systems supporting CLI, SNMP and Web-based interfaces, using a common management backplane. Soft-MACsec utilizes a common denominator API such that all supported network management protocols can be channelled through a singe broker layer. The SNMP primitives of SET, GET, GET-NEXT, GET-BULK, NOTIFY and usually a verify operation to allow enforcement of atomic operations on multi-varbind PDUs, are all supported in Soft-MACsec.

Potential Follow-On Products

Full IEEE Std 802.1AE-2006 implementation, including support for data plane protection, using hardware encryption assist.

The Soft-MACsec product architecture envisions the potential for a future product release that supports custom hardware support for MACsec, including support for data plane traffic. The Soft-MACsec product architecture shall be applicable to both software implementations (i.e. of AES-GCM and MACsec encapsulation/decapsulation) and implementations using hardware acceleration (i.e. ASICs or Switch Chips). The adaptation to specific hardware is a deliverable for follow on releases.

Full IEEE P802.1X-REV implementation, including support for node discovery, authentication and automated key management. This includes the functions previously labeled as IEEE P802.1af.

Elbrys is positioning itself for partnership opportunities and product development in the areas of emerging standards for network security and mobility protocols, while continuing to offer Contract Engineering and Quality Assurance Services.