1 / 17

Overview MACsec D2.0

Overview MACsec D2.0. IEEE 802.1 Interim May 2004 Allyn Romanow . Outline. Disposition of comments for D1.2 Changes in D2.0 – Re-org of material Cipher Suite changes – no null C.S., E bit Keys EPON Parameter enhancements Deployment, Debugging, Other Management

saul
Download Presentation

Overview MACsec D2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview MACsec D2.0 IEEE 802.1 Interim May 2004 Allyn Romanow

  2. Outline • Disposition of comments for D1.2 • Changes in D2.0 – Re-org of material • Cipher Suite changes – no null C.S., E bit • Keys • EPON • Parameter enhancements • Deployment, Debugging, Other Management • SecY Operation, Interface with KaY IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  3. Re-organization of Material(Intro notes to current draft) • Cl 8 SecY Operation <-> cl 10 MACsec protocol • State machine – cl 15 • EPON support in cl 8.4 • Cl 7 -> cl 11 MACsec in Systems (ES & B), cl 16 Securing Networks (LAN & PB) IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  4. Keys • Master Key – pre-shared or established by authentication, longer lived • Secure Association Key (SAK) • Key for the SA, short lived • Sometimes called transient key • Shared, private key • Get a new one from Master Key when PN wraps, or timer expires • Need to store 3 SAKs IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  5. Interoperability, Migration • Previously, Null Cipher Suite • Now, through management controls, E bit saying whether there is encryption, cl 10.1 SecY Overview, E bit is bit 3 in TCI • Got rid of Null Cipher Suite and Include Tag- reduces unnecessary complexity IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  6. EPON • Single Copy Broadcast SCB IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  7. Management • Controls, monitors, reports • Maintains and uses info for • The SecY • The CA • Each SC in the CA • Each SA that supports and SC • Operational parameters include • MAC status (cl 6.4)-- MAC_Enabled, MAC_Operational • Point to point (cl 6.5) --operPointToPointMAC, AdminPointToPoint MAC IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  8. SecY Management Parameters • SecY Parameters • List of Cipher Suites • C. S. selected • Cipher Suite Parameters • Confidentiality Provided- E bit • C.S. identifier • Secure data length- user data length • ICV length IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  9. SecY Management Parameters • CA Parameters • Transmit SC • List of Receiver SCs • Transmit SC • SCI • EncodingSA • EncipheringSA IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  10. SecY Management Parameters • Receiver SC • SCITransmit or Receive • SAs(set of 4) • Statistics • Transmit SA • SCI • AN • InUse? • SAK • Next PN IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  11. SecY Management Parameters • Receive SA • SCI • AN • In use? • SAK • LastValidatedPN? IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  12. Deployment & Debugging IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  13. MacSEC Operation IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  14. SecY Overview IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  15. KaY Direct Use of SecY Uncontrolled IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  16. KaY Use of SecY Uncontrolled and Controlled IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

  17. SecY Operation IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

More Related