1、 IEEE Standard for Local and metropolitan area networks Media Access Control (MAC) Security Amendment 3: Ethernet Data Encryption devices Sponsored by the LAN/MAN Standards Committee IEEE 3 Park Avenue New York, NY 10016-5997 USA IEEE Computer Society IEEE Std 802.1AEcg-2017 (Amendment to IEEE Std 8
2、02.1AE-2006 as amended by IEEE Std 802.1AEbn-2011 and IEEE Std 802.1AEbw-2013) IEEE Std 802.1AEcg-2017(Amendment toIEEE Std 802.1AE-2006as amended byIEEE Std 802.1AEbn-2011and IEEE Std 802.1AEbw-2013)IEEE Standard for Local and metropolitan area networksMedia Access Control (MAC) SecurityAmendment 3
3、:Ethernet Data Encryption devicesSponsorLAN/MAN Standards Committeeof theIEEE Computer SocietyApproved 14 February 2017IEEE-SA Standards BoardThe Institute of Electrical and Electronics Engineers, Inc.3 Park Avenue, New York, NY 10016-5997, USACopyright 2017 by the Institute of Electrical and Electr
4、onics Engineers, Inc.All rights reserved. Published 19 May 2017. Printed in the United States of America.IEEE and 802 are registered trademarks in the U.S. Patent fitnessfor a particular purpose; non-infringement; and quality, accuracy, effectiveness, currency, or completenessof material. In additio
5、n, IEEE disclaims any and all conditions relating to: results; and workmanlike effort.IEEE standards documents are supplied “AS IS” and “WITH ALL FAULTS.”Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that thereare no other ways to produce, test, measur
6、e, purchase, market, or provide other goods and services related tothe scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved andissued is subject to change brought about through developments in the state of the art and commentsreceived from users of the
7、standard. In publishing and making its standards available, IEEE is not suggesting or rendering professional or otherservices for, or on behalf of, any person or entity nor is IEEE undertaking to perform any duty owed by anyother person or entity to another. Any person utilizing any IEEE Standards d
8、ocument, should rely upon hisor her own independent judgment in the exercise of reasonable care in any given circumstances or, asappropriate, seek the advice of a competent professional in determining the appropriateness of a given IEEEstandard.IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRE
9、CT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO:PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGL
10、IGENCE OROTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCEUPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE ANDREGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.4Copyright 2017 IEEE. All rights reserved.Translations The IEEE consensus development process in
11、volves the review of documents in English only. In the eventthat an IEEE standard is translated, only the English version published by IEEE should be considered theapproved IEEE standard.Official statements A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards
12、BoardOperations Manual shall not be considered or inferred to be the official position of IEEE or any of itscommittees and shall not be considered to be, or be relied upon as, a formal position of IEEE. At lectures,symposia, seminars, or educational courses, an individual presenting information on I
13、EEE standards shallmake it clear that his or her views should be considered the personal views of that individual rather than theformal position of IEEE. Comments on standardsComments for revision of IEEE Standards documents are welcome from any interested party, regardless ofmembership affiliation
14、with IEEE. However, IEEE does not provide consulting information or advicepertaining to IEEE Standards documents. Suggestions for changes in documents should be in the form of aproposed change of text, together with appropriate supporting comments. Since IEEE standards represent aconsensus of concer
15、ned interests, it is important that any responses to comments and questions also receivethe concurrence of a balance of interests. For this reason, IEEE and the members of its societies andStandards Coordinating Committees are not able to provide an instant response to comments or questionsexcept in
16、 those cases where the matter has previously been addressed. For the same reason, IEEE does notrespond to interpretation requests. Any person who would like to participate in revisions to an IEEEstandard is welcome to join the relevant IEEE working group.Comments on standards should be submitted to
17、the following address:Secretary, IEEE-SA Standards Board 445 Hoes Lane Piscataway, NJ 08854 USALaws and regulations Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with theprovisions of any IEEE Standards document does not imply compliance to any appl
18、icable regulatoryrequirements. Implementers of the standard are responsible for observing or referring to the applicableregulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is notin compliance with applicable laws, and these documents may not be con
19、strued as doing so.CopyrightsIEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyright laws.They are made available by IEEE and are adopted for a wide variety of both public and private uses. Theseinclude both use, by reference, in laws and regulations, and use
20、 in private self-regulation, standardization,and the promotion of engineering practices and methods. By making these documents available for use andadoption by public authorities and private users, IEEE does not waive any rights in copyright to thedocuments.5Copyright 2017 IEEE. All rights reserved.
21、Photocopies Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license tophotocopy portions of any individual standard for company or organizational internal use or individual, non-commercial use only. To arrange for payment of licensing fees, please contact Co
22、pyright Clearance Center,Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission tophotocopy portions of any individual standard for educational classroom use can also be obtained throughthe Copyright Clearance Center.Updating of IEEE Standards documents Users of IEE
23、E Standards documents should be aware that these documents may be superseded at any timeby the issuance of new editions or may be amended from time to time through the issuance of amendments,corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of thed
24、ocument together with any amendments, corrigenda, or errata then in effect. Every IEEE standard is subjected to review at least every ten years. When a document is more than ten yearsold and has not undergone a revision process, it is reasonable to conclude that its contents, although still ofsome v
25、alue, do not wholly reflect the present state of the art. Users are cautioned to check to determine thatthey have the latest edition of any IEEE standard.In order to determine whether a given document is the current edition and whether it has been amendedthrough the issuance of amendments, corrigend
26、a, or errata, visit the IEEE-SA Website at http:/ieeexplore.ieee.org/browse/standards/collection/ieee or contact IEEE at the address listed previously. Formore information about the IEEE SA or IEEEs standards development process, visit the IEEE-SA Websiteat http:/standards.ieee.org.Errata Errata, if
27、 any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errataperiodically.PatentsAttention is called to the possibility that implementation of this standard may require
28、use of subject mattercovered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to theexistence or validity of any patent rights in connection therewith. If a patent holder or patent applicant hasfiled a statement of assurance via an Accepted Letter of A
29、ssurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicatewhether the Submitter is willing or unwilling to grant licenses under patent rights without compensation orunder reasonable rates, with reasonabl
30、e terms and conditions that are demonstrably free of any unfairdiscrimination to applicants desiring to obtain such licenses.Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is notresponsible for identifying Essential Patent Claims for which a license
31、 may be required, for conductinginquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms orconditions provided in connection with submission of a Letter of Assurance, if any, or in any licensingagreements are reasonable or non-discriminatory. Users of
32、this standard are expressly advised thatdetermination of the validity of any patent rights, and the risk of infringement of such rights, is entirely theirown responsibility. Further information may be obtained from the IEEE Standards Association.6Copyright 2017 IEEE. All rights reserved.Participants
33、At the time this standard was completed, the IEEE 802.1 working group had the following membership:Glenn Parsons, ChairJohn Messenger, Vice ChairMick Seaman, Security Task Group Chair, EditorThe following members of the individual balloting committee voted on this standard. Balloters may havevoted f
34、or approval, disapproval, or abstention. SeoYoung BaekShenghua BaoJens Bierschenk Steinar BjornstadChristian Boiger Paul Bottorff David Chen Feng Chen Weiying Cheng Rodney CummingsJnos FarkasNorman FinnGeoffrey GarnerEric W. GrayCraig GuntherMarina GutierrezStephen Haddock Mark HantelPatrick Heffern
35、anMarc HolnessLu HuangTony JeffreeMichael Johas TeenerHal KeenStephan Kehrer Philippe Klein Jouni Korhonen Yizhou Li Christophe Mangin Tom McBeath James McIntosh Tero MustalaHiroki Nakano Bob Noseworthy Donald R. Pannell Walter PienciakMichael Potts Karen Randall Maximilian Riegel Dan RomascanuJessy
36、 V. Rouyer Eero Ryytty Soheil SamiiBehcet Sarikaya Frank ScheweJohannes Specht Wilfried SteinerPatricia Thaler Paul Unbehagen Hao WangKarl Weber Brian WeisJordon WoodsNader ZeinHelge ZinnerJuan Carlos ZunigaThomas AlexanderRichard AlfvinJohann AmsengaButch AntonNancy BravinWilliam ByrdJuan CarreonKe
37、ith ChowCharles CookRodney CummingsJanos FarkasMatthias FritscheYukihiro FujimotoJoel GoergenRandall GrovesJoseph GwinnStephen HaddockMarco HernandezWerner HoelzlNoriyuki IkeuchOsamu IshidaAtsushi ItoRaj JainSangKwon JeongPiotr KarockiJeritt KentStuart KerryYongbum KimHyeong Ho LeeJames LeppJon Lewi
38、sElvis MaculubaMichael McInnisMichael MontemurroMichael NewmanSatoshi ObaraBansi PatelArumugam PaventhanKaren RandallAlon RegevMaximilian RiegelRobert RobinsonJessy RouyerRichard RoyMick SeamanThomas StaraiWalter StrupplerPatricia ThalerThomas TulliaMark-Rene UchidaPrabodh VarshneyGeorge VlantisKhur
39、ram WaheedHung-Yu Wei Andreas WolfChun Yu Charles WongOren YuenZhen Zhou7Copyright 2017 IEEE. All rights reserved.When the IEEE-SA Standards Board approved this standard on 14 February 2017, it had the followingmembership:Jean-Philippe Faure, ChairVacant Position, Vice-ChairJohn D. Kulick, Past Chai
40、rKonstantinos Karachalios, Secretary*Member EmeritusChuck AdamsMasayuki AriyoshiTed BurseStephen DukesDoug EdwardsJ. Travis GriffithGary HoffmanMichael JanezicThomas KoshyJoseph L. Koepfinger1Kevin LuDaleep MohlaDamir NovoselRonald C. PetersenAnnette D. ReillyRobby RobsonDorothy StanleyAdrian Stephe
41、nsMehmet UlemaPhil WennblomHoward WolfmanYu Yuan8Copyright 2017 IEEE. All rights reserved.IntroductionThe first edition of IEEE Std 802.1AETMwas published in 2006. A first amendment, IEEE Std802.1AEbnTM-2011, added the option of using the GCM-AES-256 Cipher Suite. A second, IEEE Std802.1AEbwTM-2013
42、added the GCM-AES-XPN-128 and GCM-AES-XPN-256 Cipher Suites. Theseextended packet numbering Cipher Suites allow more than 232frames to be protected with a single SecureAssociation Key (SAK) and so ease the timeliness requirements on key agreement protocols for very highspeed (100 Gb/s plus) operatio
43、n. This third amendment, IEEE Std 802.1AEcgTM-2017, specifies EthernetData Encryption devices (EDEs).Relationship between IEEE Std 802.1AE and other IEEE Std 802 standardsIEEE Std 802.1XTM-2010 specifies Port-based Network Access Control, and provides a means ofauthenticating and authorizing devices
44、 attached to a LAN, and includes the MACsec Key Agreementprotocol (MKA) necessary to make use of IEEE 802.1AE.IEEE Std 802.1AE is not intended for use with IEEE Std 802.11TMWireless LAN Medium Access Control.An amendment to that standard, IEEE Std 802.11iTM-2004, also makes use of IEEE Std 802.1XTM,
45、 thusfacilitating the use of a common authentication and authorization framework for LAN media to which thisstandard applies and for Wireless LANs.This introduction is not part of IEEE Std 802.1AEcg-2017, IEEE Standard for Local and metropolitan areanetworksMedia Access Control (M AC) SecurityAmendm
46、ent 3: Ethernet Data Encryption devices.9Copyright 2017 IEEE. All rights reserved.1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465Contents1. Overview151.2 Scope152. Normative references.163. Definitions.184. Abbreviations and a
47、cronyms.205. Conformance215.1 Requirements terminology.215.2 Protocol Implementation Conformance Statement (PICS)225.3 Required capabilitiesMAC Security Entity requirements.225.4 Optional capabilitiesMAC Security Entity options.235.5 EDE conformance245.6 EDE-M conformance.245.7 EDE-CS conformance255
48、.8 EDE-CC conformance.255.9 EDE-SS conformance256. Secure provision of the MAC Service.266.1 MAC Service primitives and parameters.266.2 MAC Service connectivity.266.4 MAC status parameters276.5 MAC point-to-point parameters.276.10 Quality of service maintenance277. Principles of secure network oper
49、ation297.1 Support of the secure MAC Service by an individual LAN297.3 Use of the secure MAC Service.308. MAC Security Protocol (MACsec)328.3 MACsec operation.329. Encoding of MACsec protocol data units349.9 Secure Channel Identifier (SCI)3410. Principles of MAC Security Entity (SecY) operation.3510.1 SecY overview.3510.2 SecY functions.3510.4 SecY architecture.3610.5 Secure frame generation3610.6 Secure frame verification.4010.7 SecY management.4111. MAC Security in Systems5211.1 MAC Service interface stacks5210Copyright 2017 IEEE. All rights reserved.1234567