Understanding MACsec
MACsec Concepts
The MACsec Key Agreement (MKA) protocol is responsible for MACsec session establishment and management as well as key negotiation. The following are concepts related to MKA:
A Secure Connectivity Association (CA) is established and maintained during key negotiation. It is a group of two or more MACsec-capable devices (CA members) using the same key and cipher suite on a LAN. The key used by CA members is called Secure Connectivity Association Key (CAK). MACsec supports only point-to-point connections. That is, a MACsec session is set up between two devices. Therefore, both ends of a MACsec session must use the same CAK.
A Secure Association (SA) ensures secure transmission of data frames between CA members. Each SA has one Secure Association Key (SAK) or a group of SAKs to encrypt frames. The SAK, calculated based on CAK, is used for frame encryption and decryption.
Security Mechanism
- Identity authentication: Huawei switches do not support this function.
- Data encryption: MACsec uses AES-CMAC to encrypt data. The sender encrypts data packets and transmits the encrypted packets on the LAN. The receiver decrypts packets and processes the decrypted packets.
- Integrity check: The receiver checks integrity of the received packets, determining whether the packets have suffered tampering. Before sending a data packet, the sender calculates an Integrity Check Value (ICV) for the packet using the specified algorithm and suffixes the ICV to the packet. The receiver removes the ICV from the packet and calculates a new ICV for the packet using the same algorithm. Then the receiver compares the new ICV with that carried in the received packet. If they are the same, the packet passes the check; otherwise, the packet is dropped.
- Replay protection: Huawei switches do not support this function.
Working Mechanism
The establishment of a point-to-point MACsec session includes three stages: negotiation, secure communication, and session keepalive.
The three stages in session establishment are as follows:
Negotiation
When MACsec is run on the interfaces of both switches, the interface with a higher priority is selected as the key server. The priorities are manually set. A smaller value indicates a higher priority. If the two interfaces have the same priority, the interface with a smaller Secure Channel Identifier (SCI) is selected as the key server. An SCI consists of an interface MAC address and the last two bytes of an interface index.
The key server calculates an SAK based on the static CAK, which is the same on both switches, and issues the SAK to the peer.
Secure communication
The sender uses the SAK to encrypt data packets, and the receiver uses the SAK to decrypt data packets. The bidirectional data packets exchanged between two switches are protected by MACsec.
Session keepalive
The MKA protocol defines an MKA session keepalive timer. When MKA session negotiation is successful, the two switches exchange MKA protocol packets to ensure that the session is alive. When receiving MKA protocol packets from the peer, the local switch starts the timer:- If the local switch receives MKA protocol packets within the timeout interval, the local switch resets the timer.
- If the local switch does not receive MKA protocol packets within the timeout interval, the local switch considers the connection insecure. Then the local switch disassociates from the peer and performs MKA session negotiation again.