Home > Security IP > Protocol Engines > MACsec Engines > Inside Secure MACsec Toolkit
Security
Inside Secure MACsec Toolkit for Ethernet Security
Inside Secure MACsec Toolkit enables developers to quickly add complete MACsec support in new and existing products such as switches, routers or hosts. it includes a full C source code implementation of the control plane, especially the MACsec Key Agreement (MKA) protocol, as well as the data plane.
Interoperable Security
MACsec is the standard and peer-reviewed Ethernet security solution
Easy Integration
Both 802.1X-2010 and the 802.1AE specifications implemented within own modules with well-defined APIs
Time to Market
Functional and well-tested software implementation to develop and test your solution early
How the Inside Secure MACsec Toolkit works
Inside Secure MACsec Toolkit (previously QuickSec MACsec Toolkit) implements all the functionalities defined in IEEE standards 802.1AE, and 802.1X-2010. In particular, it supports MKA, Network Announcements, EAPOL, PACP logic, virtual ports, extended sequence numbers and AES-GCM-256. In addition, it reuses proven components from the QuickSec® product family such as EAP-TLS, RADIUS client, certificate manager, and cryptographic libraries.
It is delivered in highly portable ANSI C source code, suitable for a wide range of platforms. It provides well-documented APIs to integrate with existing software and hardware components. It is easy to compile on a standard Linux server as a reference implementation for testing. MACsec Toolkit has been interoperability-tested as both a supplicant and an authenticator with existing products.
Inside Secure MACsec Toolkit has been designed to easily integrate with an existing product. In particular both the 802.1X-2010 and the 802.1AE specifications are implemented within their own modules with well-defined APIs.
A typical switch manufacturer may only integrate the 802.1X-2010 port access entity module to its hardware implementation of MACsec data plane (e.g. INSIDE EIP-160).
A typical host such as an IP phone has low data throughput requirements and can then integrate both the 802.1X-2010 port access entity module and the 802.1AE SoftSec module.
The CryptoManager Root of Trust
Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.Inside Secure MACsec Toolkit Information
Complete software implementation
- 802.1X-2010
- 802.1AE with AES-GCM Cipher
- Pre-shared keys or EAP key management
- EAP-TLS (others available upon request)
- APIs interfacing to hardware 802.1AE
Modular implementation
- Policy configuration and management APIs
- RADIUS
- AES-GCM (128 and 256bit)
Standards compliance
- IEEE 802.1AE
- IEEE 802.1X-2010
- IEEE 802.1AEbw (extended sequence numbers)
- IEEE 802.1AEbn GCM-AES-256
- IETF RFC 3748-EAP
- IETF FRC2716-EAP-TLS
- IETF RFC 2865 -RADIUS
- IETF REF 2459-X.509
- IETF REF 3280-CRL PROFILE
- IETF RFC-4346-TLS 1.1
Resources
Videos