Overview MACsec D2.0 - PowerPoint PPT Presentation

About This Presentation
Title:

Overview MACsec D2.0

Description:

Allyn Romanow, Cisco Systems. Re-organization of Material (Intro notes to current draft) ... Allyn Romanow, Cisco Systems. Keys ... – PowerPoint PPT presentation

Number of Views:1296
Avg rating:3.0/5.0
Slides: 18
Provided by: allyn8
Learn more at: https://www.ieee802.org
Category:

less

Transcript and Presenter's Notes

Title: Overview MACsec D2.0


1
Overview MACsec D2.0
  • IEEE 802.1 Interim May 2004
  • Allyn Romanow

2
Outline
  • Disposition of comments for D1.2
  • Changes in D2.0 Re-org of material
  • Cipher Suite changes no null C.S., E bit
  • Keys
  • EPON
  • Parameter enhancements
  • Deployment, Debugging, Other Management
  • SecY Operation, Interface with KaY

3
Re-organization of Material(Intro notes to
current draft)
  • Cl 8 SecY Operation lt-gt cl 10 MACsec protocol
  • State machine cl 15
  • EPON support in cl 8.4
  • Cl 7 -gt cl 11 MACsec in Systems (ES B), cl 16
    Securing Networks (LAN PB)

4
Keys
  • Master Key pre-shared or established by
    authentication, longer lived
  • Secure Association Key (SAK)
  • Key for the SA, short lived
  • Sometimes called transient key
  • Shared, private key
  • Get a new one from Master Key when PN wraps, or
    timer expires
  • Need to store 3 SAKs

5
Interoperability, Migration
  • Previously, Null Cipher Suite
  • Now, through management controls, E bit saying
    whether there is encryption, cl 10.1 SecY
    Overview, E bit is bit 3 in TCI
  • Got rid of Null Cipher Suite and Include Tag-
    reduces unnecessary complexity

6
EPON
  • Single Copy Broadcast SCB

7
Management
  • Controls, monitors, reports
  • Maintains and uses info for
  • The SecY
  • The CA
  • Each SC in the CA
  • Each SA that supports and SC
  • Operational parameters include
  • MAC status (cl 6.4)-- MAC_Enabled,
    MAC_Operational
  • Point to point (cl 6.5) --operPointToPointMAC,
    AdminPointToPoint MAC

8
SecY Management Parameters
  • SecY Parameters
  • List of Cipher Suites
  • C. S. selected
  • Cipher Suite Parameters
  • Confidentiality Provided- E bit
  • C.S. identifier
  • Secure data length- user data length
  • ICV length

9
SecY Management Parameters
  • CA Parameters
  • Transmit SC
  • List of Receiver SCs
  • Transmit SC
  • SCI
  • EncodingSA
  • EncipheringSA

10
SecY Management Parameters
  • Receiver SC
  • SCITransmit or Receive
  • SAs(set of 4)
  • Statistics
  • Transmit SA
  • SCI
  • AN
  • InUse?
  • SAK
  • Next PN

11
SecY Management Parameters
  • Receive SA
  • SCI
  • AN
  • In use?
  • SAK
  • LastValidatedPN?

12
Deployment Debugging
13
MacSEC Operation
14
SecY Overview
15
KaY Direct Use of SecY Uncontrolled
16
KaY Use of SecY Uncontrolled and Controlled
17
SecY Operation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Overview MACsec D2.0" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!