Table Of ContentEthernet Security Specification
Announcement
As part of the on-going efforts to provide information assurance for National Security Systems (NSS) and
leveraging the use of existing public standards and protocols, an NSA team has been analyzing Ethernet
security standards and as a result has produced the Ethernet Security Specification (ESS).
This specification describes the use of public standards and protocols for Ethernet Data Encryption (EDE)
to protect NSSs. The ESS is intended to be a source of information for product developers as well as NSS
system architects, integrators and administrators interested in secure Ethernet data transmission.
This version concentrates on present and near-term NSS requirements but it is expected that this will be
a living document where future versions will address new public standards and their impact to EDE.
The ESS can be obtained by accessing the public NCSMO website and navigating to the ‘ESS Team’ folder
and ‘Documentation’ subfolder.
Any voluntary comments should be emailed to: [email protected]. Comments should include the
commentators name, title, phone number, affiliation, and affiliation address.
19 October 2011
Ver. 0.5
Ethernet Security Specification
(ESS)
Version 0.5
02 October, 2011
Prepared By:
National Security Agency
9800 Savage Road
Fort George G. Meade, MD 20755
Ver. 0.5
Change Table
Version Number Description Date
0.1 Original Draft Release for Team Review 2011-06-13
0.2 Updates from Internal Review. 2011-06-30
Remove ‗DRAFT‘ watermark.
Remove classification markings for
declassification.
0.3 Correct typographical error: EAP-IKE to EAP- 2011-07-25
TLS
0.4 Standards/Equity Review Updates: 2011-09-14
Clarify intended audience and objective
of document.
Remove out-of-scope features.
0.5 Scope/Purpose section - rename and rewrite. 2011-10-02
Introduction section – reword.
General - Use ‗Ethernet Data Encryption
(EDE) term and replace ‗ESS device‘ with
‗NSS EDE device‘. Add EDE definition to
Section 6.
Add subsection column to Table 1.
Add to Table 3 description.
General - Use and define ‗Committee on
National Security Systems (CNSS).
Add draft title to bis RFCs
Section 5.2.1, 4th paragraph – replace ‗shall‘
with ‗should‘.
Add references to AES-128 as needed and
differentiation between use of 128 and 256.
2 of 100
Ver. 0.5
Table of Contents
1. Purpose 10
1.1. Introduction 10
1.2. References 12
1.2.1. IEEE, RFC, and ISO/IEC, References 12
1.2.2. Other References 14
1.2.3. Websites 15
2. Definitions 16
3. Description 22
3.1. Use Cases 22
3.1.1. Point-to-Point 22
3.1.2. Shared Media LAN/WAN 22
3.1.3. Carrier Ethernet 23
3.2. The Ethernet Frame 25
3.3. Ethernet Architectures / Services and Virtual LANs 25
3.3.1. Virtual Bridged Local Area Networks 26
3.3.2. Provider Bridges 27
3.3.3. Provider Backbone Bridges (PBB) 28
3.3.4. Carrier Ethernet 30
3.3.5. Data Center Bridging (DCB) 31
3.4. Supported Bandwidths 31
3.5. Requirement Types 31
4. Network Scenarios and Ethernet Security 32
4.1. Single Physical Hop 34
4.1.1. Single Physical Hop between End Stations or VLAN-unaware Bridges 34
3 of 100
Ver. 0.5
4.1.2. Single Physical Hop between Provider Bridges 36
4.1.3. Single Physical Hop between Provider Backbone Bridges 38
4.2. Single Virtual Hop 40
4.2.1. Single Virtual Hop through a Metro Ethernet Network (MEN) 41
4.2.1.1. Port-based Ethernet Service UNI 41
4.2.1.2. VLAN-Based Service and Bundling Service 42
4.2.2. Single Virtual Hop in the Provider Bridged Network 47
4.2.2.1. Encryption in the Provider Bridge 47
4.2.2.2. Encryption on the Customer Side of a Provider Edge Bridge for a Single Virtual Hop
48
4.2.2.2.1. Port-based Interface Encryption on the Customer Side of a Provider Edge Bridge
for a Single Virtual Hop 48
4.2.2.2.2. Service-Multiplexed Interface Encryption on the Customer Side of a Provider
Edge Bridge for a Single Virtual Hop 50
4.2.2.3. Encryption on the network side of a Provider Edge Bridge for a Single Virtual Hop 51
4.2.3. Single Virtual Hop for a PBBN 52
4.2.3.1. Single Virtual Hop Encryption in the Provider Backbone Bridge 52
4.2.3.2. Encryption for a Single Virtual Hop on Customer Side of Provider Backbone
Edge Bridge 53
4.2.3.2.1. Port-based Interface Encryption on the Customer Side of a Provider Backbone
Edge Bridge for a Single Virtual Hop 53
4.2.3.2.2. Service-Multiplexed Interface Encryption on the Customer Side of a Provider
Backbone Edge Bridge for a Single Virtual Hop 55
4.2.3.3. Encryption between I and B components of Provider Backbone Edge Bridge 58
4.2.3.4. Encryption on Provider side of B-component for a Single Virtual Hop in a PBBN 60
4.2.3.4.1. Bypass MAC-in-MAC encapsulation 61
4.2.3.4.2. I-Tag Encryption 61
4.3. End Station to End Station across a Cloud 62
4.4. Summary – Network Scenarios and Ethernet Security 62
4 of 100
Ver. 0.5
5. Security Specification 65
5.1. Ethernet Security 65
5.1.1. Cipher Suites 66
5.1.1.1. MACsec Protocol Cipher Suites 66
5.1.1.2. MACsec Key Agreement (MKA) Cipher Suites 67
5.1.1.3. EAP Method 68
5.1.1.4. IKE Cryptographic Algorithms 68
5.1.2. Supported Logical Secure Association (SA) Topologies 69
5.1.2.1. Single pair-wise SA 70
5.1.2.2. Multiple pair-wise SA 70
5.1.2.3. One to Many SA 71
5.1.3. Supported Encrypted Data Flow Topologies 71
5.1.3.1. Single Point-to-Point 71
5.1.3.2. Multiple Point-to-Point 71
5.1.3.3. Point-to-multipoint Service 72
5.1.3.4. Multi-Access Service 72
5.1.4. Additional Security Services 72
5.1.4.1. Replay Protection 73
5.2. Keying Architecture and Management 74
5.2.1. MACsec Key Agreement Protocol (MKA) 74
5.2.2. Secure Connectivity Association (CA) Creation 76
5.2.2.1. Extensible Authentication Protocol (EAP) 77
5.2.2.2. Pre-Shared Key (PSK) 78
5.2.2.2.1. Internet Key Exchange (IKE) 79
5.2.2.2.2. Pre-Placed Key (PPK) 79
5.2.3. Key Lifespan 80
5 of 100
Ver. 0.5
5.2.4. Certificates 80
5.2.5. Scenarios 81
5.2.5.1. Pairwise CA 81
5.2.5.1.1. PSK-based Pairwise CA 81
5.2.5.1.2. EAP-based Pairwise CA 81
5.2.5.2. Group CA 82
5.2.5.2.1. PSK-based Group CA 82
5.2.5.2.2. Building a Group CA from pairwise CAs 82
5.3. Ethernet Implementations – Miscellaneous Issues 83
5.3.1. Quality of Service 83
5.3.2. VLAN Tags 83
5.3.3. Encryption Bypass of Data 83
5.3.4. Encryption Bypass of Frames 84
5.3.5. Flow Control 84
5.3.6. Equal Cost Multi-Path (ECMP) 85
5.3.7. Bidirectional Forwarding Detection (BFD) 85
5.3.8. Nesting 85
5.3.9. Tunneling Across a Trusted Network 86
5.3.10. Multi-access LANs 86
5.3.11. Link Aggregation (LAG – Link Aggregate Group) 87
5.4. Ethernet Management 88
5.4.1. Initialization 88
5.4.2. Configuration Management 88
5.4.3. Ethernet Operations, Administration and Maintenance 88
5.4.4. Community of Interest (COI) 88
5.4.5. Management Information Base (MIB) 89
6 of 100
Ver. 0.5
5.5. IEEE / ESS Conformance 89
6. Abbreviations and Acronyms 97
7 of 100
Ver. 0.5
Table of Figures
Figure 1- Point-to-Point Use Case. .............................................................................................. 22
Figure 2 – Shared Media LAN / WAN Use Case. .......................................................................... 23
Figure 3 – Carrier Service E-Line / E-LAN / E-Tree Use Case. ................................................... 24
Figure 4 - The Standard Ethernet Frame as Defined by IEEE Std. 802.3-2008. .......................... 25
Figure 5 - The Standard Ethernet Frame C-Tag Transformation as Defined by IEEE Std. 802.1Q-
2005............................................................................................................................................... 27
Figure 6- Standard Ethernet Frame with IEEE Std. 802.1ad-2005 S-Tag Transformation. ......... 28
Figure 7 – Standard Ethernet Frame with IEEE Std. 802.1ah-2008, with IB-BEB One-to-one S-
tagged Interface Transformation. ................................................................................................. 29
Figure 8 – Standard Ethernet Frame with IEEE Std. 802.1ah-2008, with I-BEB One-to-one S-
tagged Interface Transformation. ................................................................................................. 30
Figure 9- MACsec Security Tag - SecTAG, IEEE Std. 802.1AE-2006. ......................................... 33
Figure 10- Standard Ethernet Frame Transformation with MACsec, IEEE Std. 802.1AE-2006.. 35
Figure 11 - NSS EDE Device Peers Following a MAC Bridge (IEEE Std. 802.1D-2004) – Single
Physical Hop. ................................................................................................................................ 35
Figure 12 – NSS EDE Device and MACsec Implementation Peerage Between VLAN-unaware
Bridges, IEEE Std. 802.1D-2004, Single Physical Hop. ............................................................... 36
Figure 13- S-Tagged Ethernet Frame Transformed by MACsec, IEEE Std. 802.1AE-2006. ....... 37
Figure 14 – NSS EDE Device Peers Between Provider Bridges – IEEE Std. 802.1ad-2005, Single
Physical Hop. ................................................................................................................................ 37
Figure 15 – NSS EDE Device with a Provider Bridge Network Port-based Service Interface
MACsec Peer Instantiation, IEEE Std. 802.1ad-2005, Single Physical Hop. .............................. 38
Figure 16- I/B Tagged Ethernet Frame – IEEE Std. 802.1ah-2008, Followed by MACsec
Transformation – IEEE Std. 802.1AE-2006 For a Single Physical Hop Topology. ...................... 39
Figure 17 – NSS EDE Device Peers Between Provider Backbone Edge Bridges – IEEE Std.
802.1ah-2008, Single Physical Hop.............................................................................................. 39
Figure 18 - Metro Ethernet Network – NSS EDE Device Peers for an EPL. ............................... 42
Figure 19 – Standard Ethernet Frame with C-Tag, IEEE Std. 802.1Q-2005; Followed by the ESS
Transformation with C-Tag Encryption Bypass. ........................................................................... 43
Figure 20 – MACsec Capable VLAN Aware MAC Bridge with NSS EDE Device Peer
Communicating over MEN. .......................................................................................................... 44
Figure 21 – Standard Ethernet Frame with (Optional) C-Tag and S-Tag Transformation
Followed by the ESS / MACsec Transformation. .......................................................................... 44
Figure 22 – MACsec Interface Stack with C-Tagging (Optional), MACsec, and S-Tagging. ....... 45
Figure 23 – I/B Tagged Ethernet Frame – IEEE Std. 802.1ah-2008 Followed by the ESS
Transformation For a Single Virtual Hop Topology Traversing MEF VLAN-Based or Bundling
Service UNIs. ................................................................................................................................ 46
Figure 24 – MEN Topology of an EVP-LAN. ................................................................................ 47
Figure 25 - Standard Ethernet Frame with C-Tag (Optional) And S-Tag Transformation
Followed by MACsec Transformation. ......................................................................................... 47
Figure 26 – Standard Ethernet Frame with C-Tag (Optional) and S-Tag (Optional)
Transformation Followed by MACsec Transformation. ............................................................... 49
Figure 27 – NSS EDE Device Peers at the Customer Edge and a Port-based Service Interface to
a Provider Bridge Network – IEEE Std. 802.1ad-2005, Single Virtual Hop. ............................... 49
Figure 28 – NSS EDE Device at the Customer Edge and a Provider Bridge Network Port-based
Service Interface MACsec peer instantiation, IEEE Std. 802.1ad-2005, Single Virtual Hop. ...... 50
Figure 29 - C-tagged Service Interface of a PBN with NSS EDE Device Peers at Customer Side
8 of 100
Ver. 0.5
of Provider Edge Bridge. .............................................................................................................. 51
Figure 30- Single Virtual Hop Topology for NSS EDE Device Peers at Provider Side of Provider
Edge Bridge. ................................................................................................................................. 52
Figure 31 – I/B Tagged Ethernet Frame Transformation with Ethernet Encryption within a PBBN
Bridge. ........................................................................................................................................... 53
Figure 32 – Frame Transformation at Customer Side of PBBN Followed by PBB Encapsulation.
....................................................................................................................................................... 54
Figure 33 – Port-Based Service Interface of a PBBN with NSS EDE Device Peers at Customer
Side in a Single Virtual Hop Scenario. ......................................................................................... 55
Figure 34 – I-Tagged Service Interface Ethernet Frame Security Transformation at the Customer
Side of the Customer BEB. ............................................................................................................ 56
Figure 35 – I-Tagged Service Interface of a PBBN with NSS EDE Device Peers at Customer
Controlled BEB Side Topology. ..................................................................................................... 57
Figure 36 – I-Tagged Service Interface of a PBBN with MACsec and the NSS EDE Device Peers
at Customer Controlled BEB Side. ............................................................................................... 57
Figure 37- Interface Stack with C-Tagging (Optional), MACsec, S-Tagging, and I-Tagging. ..... 58
Figure 38 – EDE Between I and B Components of Provider Edge Bridge. ................................. 59
Figure 39 – NSS EDE Device Peers Between I and B Components of the Provider Backbone
Edge Bridge in a PBBN. ............................................................................................................... 59
Figure 40 – MACsec and NSS EDE Device Peer Interoperability Between I- and B-Components
of the Provider Backbone Edge Bridge in a PBBN. ..................................................................... 60
Figure 41 – NSS EDE Peers at Provider Side of Provider Backbone Edge Bridge. .................... 61
Table of Tables
Table 1 – Summary of Network Scenarios and the ESS Security Goals and Recommendations. . 64
Table 2- Cipher Suites. .................................................................................................................. 66
Table 3 – Re-key Intervals. ............................................................................................................ 75
Table 4 - IEEE vs. ESS Conformance Requirements. ................................................................... 96
9 of 100
Description:Oct 2, 2011 NIST Inter-Agency Report 7316, National Institute of Standards and Technology, Assessment of. Access Control Systems, September 2006.
