IEEE 802.1AEdk-2023

$99.13

IEEE Standard for Local and metropolitan area networks-Media Access Control (MAC) Security Amendment 4: MAC Privacy protection (Published)

Published By	Publication Date	Number of Pages
IEEE	2023	207

Guaranteed Safe Checkout

Category: IEEE

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

Amendment Standard – Active. This amendment specifies a MAC Privacy protection encapsulating protocol and its use in conjunction with the MAC Security protocol (MACsec) to hide the source and destination MAC addresses of user data frames, and to reduce any correlation between observable frame sizes and transmission timing. This helps to protect user and application identities and to hide the purpose and content of communications. Management of MACsec and privacy protection is supported by YANG models and SNMP MIBs. Privacy considerations for bridged networks are reviewed.

PDF Catalog

PDF Pages	PDF Title
1	Front Cover
2	Title page
4	Important Notices and Disclaimers Concerning IEEE Standards Documents
8	Participants
10	Introduction
11	Contents
14	Figures
15	Tables
16	Editing instructions
17	1. Overview 1.1 Introduction
18	1.2 Scope
20	2. Normative references
22	3. Definitions
23	4. Abbreviations and acronyms
24	5. Conformance 5.1 Requirements terminology
25	5.2 Protocol Implementation Conformance Statements (PICS) 5.5 EDE Conformance
26	5.8 EDE-CC conformance 5.10 MAC Privacy protection Entity requirements
27	5.11 MAC Privacy protection Entity options
28	10. Principles of MAC Security Entity (SecY) operation 10.7 SecY management
31	13. MAC Security Entity MIB 13.1 Introduction
32	13.6 MAC Security Entity (SecY) MIB definition,
34	— secyIfTable
35	— secyIfInterfaceIndex — secyIfMaxPeerSCs — secyIfRxMaxKeys — secyIfTxMaxKeys — secyIfProtectFramesEnable — secyIfValidateFrames
36	— secyIfReplayProtectEnable — secyIfReplayProtectWindow — secyIfCurrentCipherSuite — secyIfAdminPt2PtMAC — secyIfOperPt2PtMAC
37	— secyIfIncludeSCIEnable — secyIfUseESEnable — secyIfUseSCBEnable — secyIfSCI — secyIfIncludingSCI — secyIfMaxTSCs
38	— secyTSCTable — secyTSCI — secyTSCState — secyTSCEncodingSA — secyTSCCreatedTime
39	— secyTSCStartedTime — secyTSCStoppedTime — secyTSATable — secyTSA — secyTSAState
40	— secyTSANextXPN — secyTSAConfidentiality — secyTSAKeyIdentifier — secyTSASSCI — secyTSACreatedTime — secyTSAStartedTime — secyTSAStoppedTime
41	— secyRxSCTable — secyRxSCI — secyRxSCState — secyRxSCCreatedTime
42	— secyRxSCStartedTime — secyRxSCStoppedTime — secyRxSATable — secyRxSA — secyRxSAState
43	— secyRxSACreatedTime — secyRxSAStartedTime — secyRxSAStoppedTime — secyRxSANextXPN — secyRxSALowestXPN
44	— secyRxSAKeyIdentifier — secyRxSASSCI — secyCipherSuiteTable — secyCipherSuiteIndex
45	— secyCipherSuiteId — secyCipherSuiteName — secyCipherSuiteCapability
46	— secyCipherSuiteDataLengthChange — secyCipherSuiteICVLength — secyCipherSuiteRowStatus — secyIfCipherTable
47	— secyIfCipherImplemented — secyIfCipherEnableUse — secyIfCipherRqConfidentiality — secyIfTCTable
48	— secyIfTCUserPriority — secyIfTCTrafficClass — secyIfAPTable — secyIfAPUserPCP
49	— secyIfAPAccessPCP
52	— secyStatsMIBObjects — secyTSCStatsTable — secyTSCStatsProtectedPkts
53	— secyTSCStatsEncryptedPkts
54	— secyRxSCStatsTable
55	— secyRxSCStatsUnusedSAPkts — secyRxSCStatsNoUsingSAPkts — secyRxSCStatsLatePkts — secyRxSCStatsNotValidPkts
56	— secyRxSCStatsInvalidPkts — secyRxSCStatsDelayedPkts — secyRxSCStatsUncheckedPkts — secyRxSCStatsOKPkts — secyRxSCStatsOctetsValidated — secyRxSCStatsOctetsDecrypted
57	— secyStatsTable — secyStatsTxUntaggedPkts — secyStatsTxTooLongPkts — secyStatsRxUntaggedPkts
58	— secyStatsRxNoTagPkts — secyStatsRxBadTagPkts — secyStatsRxUnknownSCIPkts — secyStatsRxNoSCIPkts — secyStatsRxOverrunPkts — secyStatsRxNoSAPkts
59	— secyStatsRxNoSAErrorPkts — secyStatsTxOctetsProtected — secyStatsTxOctetsEncrypted — secyStatsRxOctetsValidated — secyStatsRxOctetsDecrypted
62	— secyMIBTcCompliance
64	— secyMIBGroups — secyIfGroup — secyIfTCGroup — secyIfAPGroup
65	— secyTSCGroup — secyTSAGroup
66	— secyRSCGroup — secyRSAGroup — secyCipherInfoGroup
67	— secyIfCipherGroup — secyCipherStatsGroup
68	— secyTSCStatsGroup — secyRSCStatsGroup — secyIfStatsGroup
70	15. Ethernet Data Encryption devices 15.6 Securing PBN connectivity with an EDE-CC
71	16. Using MIB modules to manage EDEs 16.4 EDE-CC and EDE-SS Management
72	17. MAC Privacy protection 17.1 Need for MAC Privacy protection
73	17.2 Protecting user data frames
75	17.3 Quality of Service impact and mitigation
77	17.4 Configuring MAC Privacy protection
82	18. MAC Privacy protection protocol 18.1 Addressing
83	18.2 Data origin authenticity, frame data integrity and confidentiality 18.3 Applicability
84	18.4 Bandwidth utilization, fragmentation, and transit delay
85	18.5 Coexistence and use
86	19. Encoding of MAC Privacy protection Protocol Data Units 19.1 Structure, representation, and encoding 19.2 MPPDU Format
87	19.3 MAC Privacy protection EtherType
88	19.4 Protocol Version strategy 19.5 MPPDU component encoding
91	19.6 MPPDU generation
92	19.7 MPPDU validation
94	20. MAC Privacy protection Entity (PrY) operation 20.1 PrY overview
95	20.2 Model of operation 20.3 PrY architecture
96	20.4 MAC status and point-to-point parameters 20.5 Privacy Selection
97	20.6 Unprotected frame transmission 20.7 Privacy Frame transmission
98	20.8 Privacy Channel transmission 20.9 Privacy Channel MPPDU Generation
100	20.10 Privacy Channel Encapsulation
103	20.11 MPPDU reception and demultiplexing 20.12 MPPDU component validation and extraction 20.13 Protected frame reception and reassembly
106	20.14 PrY management
110	20.15 PrY performance requirements
111	21. MAC Privacy protection in Systems 21.1 MAC Privacy protection interface stacks
113	21.2 Privacy protection for end station interfaces 21.3 MAC Privacy protection for bridge interfaces
114	21.4 Privacy protection for Link Aggregation
115	21.5 EDEs with MAC Privacy protection
116	21.6 Privacy protection with shared media
117	21.7 Privacy protection and multi-access LANs 21.8 Separate privacy protection devices
118	22. MAC Privacy protection Entity (Pry) MIB 22.1 Introduction 22.2 The Internet-Standard Management Framework 22.3 Relationship to other MIBs
120	22.4 Security considerations
121	22.5 Structure of the MIB module
123	22.6 MAC Privacy protection Entity (PrY) MIB definition,
124	— ieee8021PryIfTable — ieee8021PryIfIndex
125	— ieee8021PryIfRxProtection — ieee8021PryIfTxProtection — ieee8021PryIfSecySupport — ieee8021PryIfAddr — ieee8021PryIfMppduDA
126	— ieee8021PryIfDefaultReassembly — ieee8021PryIfMaxPeers — ieee8021PryIfNumPeers — ieee8021PrySelectionTable — ieee8021PrySelectionPriority
127	— ieee8021PrySelectionPrivacyType — ieee8021PryFrameTable — ieee8021PryFrameAccessPriority
128	— ieee8021PryFrameRevealDE — ieee8021PryFramePadding — ieee8021PryChannelTable
129	— ieee8021PryChType — ieee8021PryChEnable — ieee8021PryChFragmentEnable — ieee8021PryChAccessPriority
130	— ieee8021PryChUserDataFrameSize — ieee8021PryChMppduGeneration — ieee8021PryChRequestedKbitRate — ieee8021PryChMppduBitsOnWire — ieee8021PryChMppduInterval
131	— ieee8021PryChUserBurstOctets — ieee8021PryPeerTable — ieee8021PryPeerAddr — ieee8021PryPeerRowStatus
132	— ieee8021PryOutTable — ieee8021PryOutPrivacyFrames — ieee8021PryOutPfUserOctets — ieee8021PryOutPfPadOctets — ieee8021PryOutUnprtFrames
133	— ieee8021PryOutUnprtOctets — ieee8021PryChannelOutTable — ieee8021PryChOutUserFrames — ieee8021PryChOutUserOctets — ieee8021PryChOutPadOctets
134	— ieee8021PryChOutMppdus — ieee8021PryChOutEncapFrames — ieee8021PryChOutExpFragments — ieee8021PryChOutPreFragments — ieee8021PryInTable
135	— ieee8021PryInUserFrames — ieee8021PryInUserOctets — ieee8021PryInPadOctets — ieee8021PryInMppdus — ieee8021PryInEncapFrames
136	— ieee8021PryInExpFragments — ieee8021PryInPreFragments — ieee8021PryInExpDiscards — ieee8021PryInPreDiscards — ieee8021PryInUnknownMppcis — ieee8021PryInErroredMppdus
137	— ieee8021PryInUnprtFrames — ieee8021PryInUnprtOctets — ieee8021PryMIBGroups — ieee8021PryIfGroup
138	— ieee8021PrySelectionGroup — ieee8021PryFrameGroup — ieee8021PryChannelGroup — ieee8021PryPeerGroup — ieee8021PryOutGroup
139	— ieee8021PryChOutGroup — ieee8021PryInGroup
140	23. YANG Data Models
141	23.1 YANG Framework
142	23.2 MAC Security Entity (SecY) model
146	23.3 Security considerations for the SecY model
147	23.4 MAC Privacy protection (PrY) model
149	23.5 Security considerations for the PrY model
150	23.6 Interface stack models
152	23.7 Security considerations for interface stack models 23.8 System models
153	23.9 Security considerations for system models
154	23.10 YANG module schema
158	23.11 YANG modules
187	Annex B (informative) Bibliography
189	Annex D (normative) PICS Proforma for an Ethernet Data Encryption device D.5 EDE type and common requirements
190	D.8 EDE-CC Configuration
191	Annex G (informative) SecY Management and MIB revisions
192	Annex H (normative) PICS proforma for MAC Privacy protection H.1 Introduction H.2 Abbreviations and special symbols
193	H.3 Instructions for completing the PICS proforma
195	H.4 PICS proforma for IEEE Std 802.1AE MAC Privacy protection
196	H.5 Mandatory capabilities
197	H.6 Optional capabilities
198	Annex I (informative) Privacy considerations in bridged networks I.1 Personal devices I.2 Goals of adversaries
199	I.3 Network operation
200	I.4 Network security and privacy I.5 Privacy exposures
202	I.6 Standard specific considerations
207	Back Cover

Additional information

Standard Title	IEEE Standard for Local and metropolitan area networks-Media Access Control (MAC) Security Amendment 4: MAC Privacy protection (Published)
Published Code	IEEE
Publication Date	2023
Pages Count	207

Preview PDF


PDF Format	Searchable	Printable	Preview Now

IEEE 802.1AEdk-2023

PDF Catalog

Related products