Download presentation
Presentation is loading. Please wait.
1
IEEE 802.1 Interim May 2004 Allyn Romanow
Overview MACsec D2.0 IEEE Interim May 2004 Allyn Romanow
2
Allyn Romanow, Cisco Systems
Outline Disposition of comments for D1.2 Changes in D2.0 – Re-org of material Cipher Suite changes – no null C.S., E bit Keys EPON Parameter enhancements Deployment, Debugging, Other Management SecY Operation, Interface with KaY 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
3
Re-organization of Material (Intro notes to current draft)
Cl 8 SecY Operation <-> cl 10 MACsec protocol State machine – cl 15 EPON support in cl 8.4 Cl 7 -> cl 11 MACsec in Systems (ES & B), cl 16 Securing Networks (LAN & PB) 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
4
Allyn Romanow, Cisco Systems
Keys Master Key – pre-shared or established by authentication, longer lived Secure Association Key (SAK) Key for the SA, short lived Sometimes called transient key Shared, private key Get a new one from Master Key when PN wraps, or timer expires Need to store 3 SAKs 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
5
Interoperability, Migration
Previously, Null Cipher Suite Now, through management controls, E bit saying whether there is encryption, cl 10.1 SecY Overview, E bit is bit 3 in TCI Got rid of Null Cipher Suite and Include Tag- reduces unnecessary complexity 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
6
Allyn Romanow, Cisco Systems
EPON Single Copy Broadcast SCB 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
7
Allyn Romanow, Cisco Systems
Management Controls, monitors, reports Maintains and uses info for The SecY The CA Each SC in the CA Each SA that supports and SC Operational parameters include MAC status (cl 6.4)-- MAC_Enabled, MAC_Operational Point to point (cl 6.5) --operPointToPointMAC, AdminPointToPoint MAC 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
8
SecY Management Parameters
SecY Parameters List of Cipher Suites C. S. selected Cipher Suite Parameters Confidentiality Provided- E bit C.S. identifier Secure data length- user data length ICV length 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
9
SecY Management Parameters
CA Parameters Transmit SC List of Receiver SCs SCI EncodingSA EncipheringSA 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
10
SecY Management Parameters
Receiver SC SCI Transmit or Receive SAs(set of 4) Statistics Transmit SA SCI AN InUse? SAK Next PN 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
11
SecY Management Parameters
Receive SA SCI AN In use? SAK LastValidatedPN? 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
12
Deployment & Debugging
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
13
Allyn Romanow, Cisco Systems
MacSEC Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
14
Allyn Romanow, Cisco Systems
SecY Overview 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
15
KaY Direct Use of SecY Uncontrolled
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
16
KaY Use of SecY Uncontrolled and Controlled
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
17
Allyn Romanow, Cisco Systems
SecY Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.