40G MACsec Encryption in an FPGA - Ethernet Technology Summit
40G MACsec Encryption in an FPGA - Ethernet Technology Summit
40G MACsec Encryption in an FPGA - Ethernet Technology Summit
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>40G</strong> <strong>MACsec</strong> <strong>Encryption</strong> <strong>in</strong> <strong>an</strong> <strong>FPGA</strong><br />
Dr Tom Ke<strong>an</strong>, M<strong>an</strong>ag<strong>in</strong>g Director,<br />
Algotronix Ltd,<br />
130-10 Calton Road,<br />
Ed<strong>in</strong>burgh EH8 8JQ<br />
United K<strong>in</strong>gdom<br />
Tel: +44 131 556 9242<br />
Email: tom@algotronix.com<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 1
<strong>MACsec</strong> System – IEEE 802.1AE<br />
• Media Access Control Security (<strong>MACsec</strong>) is a<br />
layer 2 security scheme<br />
• Secures a vulnerable ethernet l<strong>in</strong>k<br />
tr<strong>an</strong>sparently to user-level applications<br />
• C<strong>an</strong> use IEEE 801.1X-2010 for authentication<br />
<strong>an</strong>d key exch<strong>an</strong>ge<br />
• Provides confidentiality <strong>an</strong>d message<br />
authentication us<strong>in</strong>g AES-GCM algorithm<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 2
<strong>MACsec</strong> Applications<br />
• <strong>MACsec</strong> c<strong>an</strong> be applied to <strong>an</strong>y <strong>Ethernet</strong><br />
network<br />
• Compatible with encrypted traffic (e.g. IPsec)<br />
• Applications <strong>in</strong>clude EPON routers, enterprise<br />
LANs <strong>an</strong>d cloud-based connectivity<br />
• MAN <strong>an</strong>d defence systems use 256-bit keys<br />
(supported by Algotronix)<br />
• Adds <strong>an</strong> additional layer of security to military<br />
<strong>an</strong>d governmental communications systems<br />
• Secure data l<strong>in</strong>ks to embedded systems<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 3
Algotronix <strong>MACsec</strong> History<br />
• Shipped first AES core <strong>in</strong> 2004<br />
• Shipped AES-GCM for MACSEC at 10G <strong>in</strong> 2008<br />
• Shipped first 1G <strong>MACsec</strong> version <strong>in</strong> 2010<br />
• Shipped <strong>40G</strong> AES-GCM <strong>in</strong> 2010<br />
• Shipped 10G <strong>MACsec</strong> <strong>in</strong> 2011<br />
• Complet<strong>in</strong>g upgrade of <strong>MACsec</strong> to work at <strong>40G</strong><br />
• Pl<strong>an</strong> 100G <strong>MACsec</strong> for late 2012<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 4
<strong>MACsec</strong> Function<br />
Dest<strong>in</strong>ation<br />
Address<br />
Source<br />
Address<br />
Unencrypted<br />
payload<br />
<strong>Encryption</strong><br />
Key<br />
<strong>MACsec</strong> Function<br />
Dest<strong>in</strong>ation<br />
Address<br />
Source<br />
Address<br />
SecTAG<br />
(8 or 16 Bytes)<br />
Encrypted payload<br />
ICV<br />
(16 bytes)<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 5
<strong>MACsec</strong> IP Core Top Level<br />
Secure Ch<strong>an</strong>nel Parameters<br />
Controlled Output to System<br />
Uncontrolled Output to System<br />
Receive Path<br />
Input From MAC<br />
Controlled Input from System<br />
Uncontrolled Input from System<br />
Tr<strong>an</strong>smit Path<br />
Output to MAC<br />
Enable<br />
Clock<br />
Reset<br />
Control <strong>an</strong>d Statistics<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 6
Secure Ch<strong>an</strong>nel Unit<br />
• The Algotronix <strong>MACsec</strong> core <strong>in</strong>cludes on-chip<br />
CAMs for fast storage <strong>an</strong>d look-up of keys<br />
• Keys are 128-bit (st<strong>an</strong>dard) or 256-bit<br />
(optional)<br />
• C<strong>an</strong> support 256 Security Associations<br />
(configurable)<br />
• Key memory is write only from outside the<br />
core, to enh<strong>an</strong>ce security<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 7
AES-GCM<br />
• Critical part of MACSEC for area <strong>an</strong>d<br />
perform<strong>an</strong>ce<br />
• <strong>Encryption</strong> with AES-CTR mode <strong>an</strong>d<br />
authentication with GF-HASH<br />
• Works on 128 bit blocks of data where<br />
ethernet works on bytes<br />
• AES-CTR is iterative, 10 or 14 ‘rounds’ of<br />
process<strong>in</strong>g for each data block.<br />
• Two overhead encryptions per packet, one<br />
overhead GF-HASH operation per packet.<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 8
AES-GCM IP Core<br />
load_key<br />
<strong>in</strong>put_key<br />
load_text<br />
<strong>in</strong>put text<br />
<strong>in</strong>put_text_k<strong>in</strong>d<br />
<strong>in</strong>put_text_width<br />
<strong>in</strong>put_text_f<strong>in</strong>al<br />
Pipel<strong>in</strong>ed<br />
AES<br />
128 bit GF<br />
Multiply<br />
output_text_valid<br />
output text<br />
output_text_k<strong>in</strong>d<br />
output_text_width<br />
output_text_f<strong>in</strong>al<br />
output_tag_valid<br />
load_iv<br />
<strong>in</strong>put_iv_<strong>an</strong>d_tag<br />
GCM Mode Logic<br />
output_tag<br />
authentication success<br />
start<br />
pass_through<br />
do_encrypt<br />
output_pend<strong>in</strong>g<br />
adv<strong>an</strong>ced_output_valid<br />
io_cycle<br />
enable<br />
clock<br />
reset<br />
GCM-Control<br />
clear<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 9
Challenges of AES-GCM at<br />
<strong>40G</strong>bit/sec<br />
• Start with exist<strong>in</strong>g AES-GCM 10Gbit design<br />
• Double clock frequency to 312.5MHz<br />
• Double number of pipel<strong>in</strong>e stages <strong>in</strong> AES-CTR<br />
• Simplify <strong>an</strong>d speed up keyschedule<br />
implementation<br />
• Algebraic m<strong>an</strong>ipulation of GF-multiply (feedback<br />
loop <strong>in</strong> GF-Hash makes pipel<strong>in</strong><strong>in</strong>g difficult)<br />
• New Karatsuba GF multiplier design to improve<br />
speed <strong>an</strong>d area<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 10
<strong>MACsec</strong> Core Area Guidel<strong>in</strong>es<br />
1G 10G <strong>40G</strong><br />
Regs 14602 17371 37486<br />
Slice<br />
LUTs<br />
RAM<br />
18ks<br />
RAM<br />
36ks<br />
17031 32119 42350<br />
4 4 55<br />
5 5 9<br />
Xil<strong>in</strong>x Virtex 5<br />
128 bit keys<br />
All MACSEC features <strong>in</strong>cluded<br />
Tr<strong>an</strong>smit <strong>an</strong>d Receive ch<strong>an</strong>nel <strong>in</strong>cluded<br />
AES Sboxes implemented <strong>in</strong> LUTs for 1G <strong>an</strong>d 10G designs<br />
Clock frequency is 2x higher for <strong>40G</strong> design<br />
Guidel<strong>in</strong>e only – m<strong>an</strong>y implementation options are possible<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 11
Algotronix <strong>MACsec</strong> Cores<br />
• Design scalable from 1G to 10G <strong>an</strong>d <strong>40G</strong><br />
• Configurable number of Secure Ch<strong>an</strong>nels<br />
• Support worst case tim<strong>in</strong>g without overrun<br />
• Portable to all major <strong>FPGA</strong> families<br />
• Tier one customers c<strong>an</strong> access our IP<br />
through Xil<strong>in</strong>x<br />
• VHDL or Verilog source code<br />
• Comprehensive test bench<br />
• Cost effective<br />
S<strong>an</strong> Jose, CA USA<br />
February 2012 12