Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE Interim May 2004 Allyn Romanow

Similar presentations


Presentation on theme: "IEEE Interim May 2004 Allyn Romanow"— Presentation transcript:

1 IEEE 802.1 Interim May 2004 Allyn Romanow
Overview MACsec D2.0 IEEE Interim May 2004 Allyn Romanow

2 Allyn Romanow, Cisco Systems
Outline Disposition of comments for D1.2 Changes in D2.0 – Re-org of material Cipher Suite changes – no null C.S., E bit Keys EPON Parameter enhancements Deployment, Debugging, Other Management SecY Operation, Interface with KaY 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

3 Re-organization of Material (Intro notes to current draft)
Cl 8 SecY Operation <-> cl 10 MACsec protocol State machine – cl 15 EPON support in cl 8.4 Cl 7 -> cl 11 MACsec in Systems (ES & B), cl 16 Securing Networks (LAN & PB) 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

4 Allyn Romanow, Cisco Systems
Keys Master Key – pre-shared or established by authentication, longer lived Secure Association Key (SAK) Key for the SA, short lived Sometimes called transient key Shared, private key Get a new one from Master Key when PN wraps, or timer expires Need to store 3 SAKs 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

5 Interoperability, Migration
Previously, Null Cipher Suite Now, through management controls, E bit saying whether there is encryption, cl 10.1 SecY Overview, E bit is bit 3 in TCI Got rid of Null Cipher Suite and Include Tag- reduces unnecessary complexity 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

6 Allyn Romanow, Cisco Systems
EPON Single Copy Broadcast SCB 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

7 Allyn Romanow, Cisco Systems
Management Controls, monitors, reports Maintains and uses info for The SecY The CA Each SC in the CA Each SA that supports and SC Operational parameters include MAC status (cl 6.4)-- MAC_Enabled, MAC_Operational Point to point (cl 6.5) --operPointToPointMAC, AdminPointToPoint MAC 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

8 SecY Management Parameters
SecY Parameters List of Cipher Suites C. S. selected Cipher Suite Parameters Confidentiality Provided- E bit C.S. identifier Secure data length- user data length ICV length 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

9 SecY Management Parameters
CA Parameters Transmit SC List of Receiver SCs SCI EncodingSA EncipheringSA 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

10 SecY Management Parameters
Receiver SC SCI Transmit or Receive SAs(set of 4) Statistics Transmit SA SCI AN InUse? SAK Next PN 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

11 SecY Management Parameters
Receive SA SCI AN In use? SAK LastValidatedPN? 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

12 Deployment & Debugging
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

13 Allyn Romanow, Cisco Systems
MacSEC Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

14 Allyn Romanow, Cisco Systems
SecY Overview 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

15 KaY Direct Use of SecY Uncontrolled
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

16 KaY Use of SecY Uncontrolled and Controlled
9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems

17 Allyn Romanow, Cisco Systems
SecY Operation 9/21/2018 IEEE802.1 LinkSec May 2004 Allyn Romanow, Cisco Systems


Download ppt "IEEE Interim May 2004 Allyn Romanow"

Similar presentations


Ads by Google