1、 Reference numberISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)IEEE 2015INTERNATIONAL STANDARD ISO/IEC/IEEE8802-1AEFirst edition2013-12-01AMENDMENT 12015-05-01Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Part 1AE: Media access cont
2、rol (MAC) security AMENDMENT 1: Galois Counter Model Advanced Encryption Standard-256 (GCM-AES-256) Cipher Suite Technologies de linformation Tlcommunications et change dinformation entre systmes Rseaux locaux et mtropolitains Partie 1AE: Scurit du contrle daccs aux supports (MAC) AMENDEMENT 1 ISO/I
3、EC/IEEE 8802-1AE:2013/Amd.1:2015(E) COPYRIGHT PROTECTED DOCUMENT IEEE 2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in wri
4、ting from ISO, IEC or IEEE at the respective address below. ISO copyright office IEC Central Office Institute of Electrical and Electronics Engineers, Inc. Case postale 56 3, rue de Varemb 3 Park Avenue, New York CH-1211 Geneva 20 CH-1211 Geneva 20 NY 10016-5997, USA Tel. + 41 22 749 01 11 Switzerla
5、nd E-mail stds.iprieee.org Fax + 41 22 749 09 47 E-mail inmailiec.ch Web www.ieee.org E-mail copyrightiso.org Web www.iec.ch Web www.iso.org Published in Switzerland ii IEEE 2015 All rights reservedISO/IEC/IEEE 8802-1AE:2013/$PG1:201(E) IEEE 201 All rights reserved iiiForewordISO (the International
6、Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by th
7、e respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of in
8、formation technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards throu
9、gh a consensus development process, approved by the American National Standards Institute, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the Institute and serve without compensation. While the IEE
10、E administers the process and establishes rules to promote fairness in the consensus development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the information contained in its standards. The main task of ISO/IEC JTC 1 is to prepare International Standards.
11、 Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is called to the possibility that implementation of this
12、standard may require the use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. ISO/IEEE is not responsible for identifying essential patents or patent claims for wh
13、ich a license may be required, for conducting inquiries into the legal validity or scope of patents or patent claims or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance or a Patent Statement and Licensing Declaration Form, if any,
14、or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from ISO o
15、r the IEEE Standards Association. Amendment 1 to ISO/IEC/IEEE 8802-11 was prepared by the LAN/MAN Standards Committee of the IEEE Computer Society (as IEEE Std 802.11ae-2012). It was adopted by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and
16、 information exchange between systems, in parallel with its approval by the ISO/IEC national bodies, under the “fast-track procedure” defined in the Partner Standards Development Organization cooperation agreement between ISO and IEEE. IEEE is responsible for the maintenance of this document with pa
17、rticipation and input from ISO/IEC national bodies. ISO/IEC/IEEE 8802-1AE:2013/$PG1:201(E)iv IEEE 201 All rights reserved(blank page) Sponsored by the LAN/MAN Standards Committee IEEE 3 Park Avenue New York, NY 10016-5997 USA 14 October 2011 IEEE Computer Society IEEE Std 802.1AEbn2011 (Amendment to
18、 IEEE Std 802.1AE-2006) IEEE Standard for Local and metropolitan area networks Media Access Control (MAC) Security Amendment 1: Galois Counter Mode Advanced Encryption Standard 256 (GCM-AES-256) Cipher Suite ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)IEEE Std 802
19、.1AEbn-2011(Amendment to IEEE Std 802.1AE-2006)IEEE Standard for Local and metropolitan area networksMedia Access Control (MAC) Security Amendment 1: Galois Counter Mode Advanced Encryption Standard 256 (GCM-AES-256) Cipher SuiteSponsorLAN/MAN Standards Committee of the IEEE Computer SocietyApproved
20、 10 September 2011IEEE-SA Standards BoardISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)Abstract: This amendment specifies the GCM-AES-256 Cipher Suite as an option in addition to the existing mandatory to implement Default Cipher Suite, GCM-AES-128.Keywords: authenticity, authorized port, confidentiality,
21、 data origin integrity, IEEE 802.1AEbn, LANs, local area networks, MAC Bridges, MAC security, MAC Service, MANs, metropolitan area networks, port based network access control, secure association, security, transparent bridging The Institute of Electrical and Electronics Engineers, Inc.3 Park Avenue,
22、 New York, NY 10016-5997, USACopyright 2011 by the Institute of Electrical and Electronics Engineers, Inc.All rights reserved. Published 14 October 2011. Printed in the United States of America.IEEE and 802 are registered trademarks in the U.S. Patent +1 978 750 8400. Permission to photocopy portion
23、s of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center.ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)iv Copyright 2011 IEEE. All rights reserved.IntroductionThe first edition of IEEE Std 802.1AE was published in 2006. This first amendment to
24、that standard adds the option of using the GCM-AES-256 Cipher Suite.Relationship between IEEE Std 802.1AE and other IEEE Std 802 standardsIEEE Std 802.1X-2010 specifies Port-based Network Access Control, and provides a means of authenticating and authorizing devices attached to a LAN, and includes t
25、he MACsec Key Agreement protocol (MKA) necessary to make use of IEEE 802.1AE.This standard is not intended for use with IEEE Std 802.11 Wireless LAN Medium Access Control. An amendment to that standard, IEEE Std 802.11i-2004, also makes use of IEEE Std 802.1X, thus facilitating the use of a common a
26、uthentication and authorization framework for LAN media to which this standard applies and for Wireless LANs.Notice to usersLaws and regulationsUsers of these documents should consult all applicable laws and regulations. Compliance with the provisions of this standard does not imply compliance to an
27、y applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may n
28、ot be construed as doing so. CopyrightsThis document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineeri
29、ng practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document.Updating of IEEE documentsUsers of IEEE standards should be aware that these documents may be superseded at any t
30、ime by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In ord
31、er to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association website at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously
32、.This introduction is not part of IEEE Std 802.1AEbn-2011, IEEE Standard for Local and metropolitan area networksMedia Access Control (MAC) SecurityAmendment 1: Galois Counter ModeAdvanced Encryption Standard256 (GCM-AES-256) Cipher Suite.ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)Copyright 2011 IEEE.
33、All rights reserved. vFor more information about the IEEE Standards Association or the IEEE standards development process,visit the IEEE-SA website at http:/standards.ieee.org.ErrataErrata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/findst
34、ds/errata/index.html. Users are encouraged to check this URL for errataperiodically.InterpretationsCurrent interpretations can be accessed at the following URL: http:/standards.ieee.org/findstds/interps/in-dex.html.PatentsAttention is called to the possibility that implementation of this amendment m
35、ay require use of subjectmatter covered by patent rights. By publication of this amendment, no position is taken with respect to theexistence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifyingEssential Patent Claims for which a license may be requir
36、ed, for conducting inquiries into the legal validityor scope of Patents Claims or determining whether any licensing terms or conditions provided in connectionwith submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this amendment
37、 are expressly advised that determination of the validity of anypatent rights, and the risk of infringement of such rights, is entirely their own responsibility. Furtherinformation may be obtained from the IEEE Standards Association.ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)vi Copyright 2011 IEEE. All
38、 rights reserved.ParticipantsAt the time this standard was submitted to the IEEE-SA for approval, the IEEE P802.1 Working Group hadthe following membership: Tony Jeffree, ChairPaul Congdon, Vice ChairMick Seaman, Editor and Chair, Security Task GroupThe following members of the individual balloting
39、committee voted on this standard. Balloters may havevoted for approval, disapproval, or abstention. Zehavit Alon Yafan An Ting Ao Peter Ashwood-Smith Christian Boiger Paul Bottorff Rudolf Brandner Craig Carlson Rodney Cummings Claudio Desanti Zhemin Ding Donald Eastlake, IIIJanos Farkas Donald Fedyk
40、 Norman Finn Ilango Ganga Geoffrey Garner Anoop Ghanwani Mark Gravel Eric Gray Yingjie Gu Craig Gunther Michael Johas TeenerStephen Haddock Hitoshi Hayakawa Hal Keen Srikanth Keesara Yongbum Kim Philippe Klein Oliver Kleineberg Michael Krause Lin Li Jeff Lynch Ben Mack-Crane David Martin John Messen
41、ger John Morris Eric Multanen David Olsen Donald Pannell Glenn Parsons Mark Pearson Joseph Pelissier Rene Raeber Karen T. Randall Josef Roese Dan Romascanu Jessy Rouyer Ali Sajassi Panagiotis Saltsidis Rakesh Sharma Kevin Stanton Robert Sultan PatriciaThaler Chait Tumuluri Maarten Vissers Thomas Ale
42、xander Butch Anton Nancy Bravin William Byrd Radhakrishna Canchi Keith Chow Charles Cook Claudio DeSanti Wael Diab Patrick Diamond Thomas Dineen Sourav Dutta Donald Fedyk Yukihiro Fujimoto Devon Gayle Gregory Gillooly Evan Gilman Ron Greenthaler Randall Groves C. GuyJohn Hawkins David Hunter Paul Is
43、aacs Atsushi Ito Raj Jain Junghoon Jee Tony JeffreeMichael Johas TeenerShinkyo Kaku Piotr Karocki Stuart J. Kerry Lior Khermosh Yongbum Kim Geoff Ladwig Paul Lambert William Lumpkins Greg Luri Elvis Maculuba Edward McCall Michael McInnis Gary Michel Michael S. Newman Satoshi Obara Glenn Parsons Kare
44、n T. Randall Maximilian Riegel Robert Robinson Benjamin Rolfe Jessy Rouyer Herbert Ruck Randall Safier Joseph Salowey Raymond Savarda Bartien Sayogo Mick Seaman Shusaku Shimada Kapil Sood Thomas Starai Walter Struppler Joseph Tardo Michael Johas Teener Patricia Thaler Mark-Rene Uchida Dmitri Varsano
45、fiev Prabodh Varshney John Vergis Hung-Yu Wei Brian Weis Ludwig Winkel Oren Yuen ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)Copyright 2011 IEEE. All rights reserved. viiWhen the IEEE-SA Standards Board approved this standard on 10 September 2011, it had the following membership:Richard H. Hulett, Chair
46、John Kulick, Vice ChairRobert M. Grow, Past ChairJudith Gorman, Secretary*Member EmeritusAlso included are the following nonvoting IEEE-SA Standards Board liaisons:Satish Aggarwal, NRC RepresentativeRichard DeBlasio, DOE RepresentativeMichael Janezic, NIST RepresentativeCatherine BergerIEEE Project
47、EditorPatricia GerdonIEEE Standards Program Manager, Technical Program DevelopmentMasayuki Ariyoshi William Bartley Ted Burse Clint Chaplin Wael Diab Jean-Philippe Faure Alexander Gelman Paul Houz Jim Hughes Joseph L. Koepfinger* David J. Law Thomas Lee Hung Ling Oleg Logvinov Ted Olsen Gary Robinso
48、n Jon Walter Rosdahl Sam Sciacca Mike Seavey Curtis Siller Phil Winston Howard L. Wolfman Don WrightISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)Copyright 2011 IEEE. All rights reserved. ixContents1. Overview 21.1 Introduction 21.2 Scope 22. Normative references. 3
49、6. Secure provision of the MAC Service . 46.1 MACsec connectivity 47. Principles of secure network operation 58. MAC Security Protocol (MACsec) 69. Encoding of MACsec protocol data units 79.8 Transmit SA status. 710. Principle of MAC Security Entity (SecY) operation . 811. MAC Security in Systems 911.7 MACsec in Provider Bridged Networks 914. Cipher Suites 1014.1 Cipher Suite use . 1014.4 Cipher Suite conformance . 1014.5 Default Cipher Suite (GCM-AES-128) . 1114.6 GCM-AES-256 11Annex B (informa
