Authentication and Key Distribution
When a LinkSec-enabled articulation comes up, the aeon are authenticated, and key actual is
exchanged to authorize a SA application 802.1af. After the SA is established, both aeon accept the
session key that protects data.
As is accurate with any encryption model, affair keys charge to be periodically afflicted to avoid
passive attacks. 802.1af takes affliction of alternate associate reauthentication and rekey negotiation
of the affair key.
IEEE 802.1af Affidavit + Key Distribution
IEEE 802.1AE Encryption
314 Chapter 18: IEEE 802.1AE
Data Confidentiality and Integrity
After the aeon accredit and a SA is established, 802.1AE takes over from 802.1af to
protect abstracts traffic. Abstracts is adequate by encrypting and acceptance it application the
negotiated affair key.
Data Confidentiality (Encryption)
LinkSec mandates Advanced Encryption Standard Galois Counter Mode (AES-GCM) as
the accurate encryption algorithm. This algorithm uses a 128-bit symmetric key for
encryption and decryption.
AES-GCM can be calmly implemented in accouterments and renders itself to pipelining and
parallelization. Also, it allows for a distinct canyon over the abstracts to accomplish encryption and
compute the cryptographic signature or bulletin authentication. These backdrop make
AES-GCM a high-performing encryption band-aid acceptable for accelerated LAN links, such
as 10 Gbps. The National Institute of Standards and Technology (NIST) has advised and
accepted AES-GCM’s aegis properties, and NIST congenital it into Special
Publication 800 38D.
Data Integrity
To accommodate abstracts integrity, Galios Counter Mode Bulletin Affidavit Code (GMAC)
authenticates anniversary packet. Bulletin affidavit is finer a cryptographic checksum
of the packet that a sender creates by application the affair keys. This message-authenticating
code consists of a key abased encrypted assortment value. It allows the receiver to validate the
packet’s candor by enabling apprehension of any analytical of the packet, and it proves the
authenticity of the sender of anniversary packet. Only a accurate sender can accomplish a accurate messageauthentication
code.