ANSI IEEE 802.1AEBW-2013 Local and metropolitan area networks - Media Access Control (MAC) Security - Amendment 2 Extended Packet Numbering (IEEE Computer Society Includes Access t.pdf

1、 Reference numberISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)IEEE 2015INTERNATIONAL STANDARD ISO/IEC/IEEE8802-1AEFirst edition2013-12-01AMENDMENT 22015-05-01Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Part 1AE: Media access cont

2、rol (MAC) security AMENDMENT 2: Extended Packet Numbering Technologies de linformation Tlcommunications et change dinformation entre systmes Rseaux locaux et mtropolitains Partie 1AE: Scurit du contrle daccs aux supports (MAC) AMENDEMENT 2 ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E) COPYRIGHT PROTECTED

3、 DOCUMENT IEEE 2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from ISO, IEC or IEEE at the respective address be

4、low. ISO copyright office IEC Central Office Institute of Electrical and Electronics Engineers, Inc. Case postale 56 3, rue de Varemb 3 Park Avenue, New York CH-1211 Geneva 20 CH-1211 Geneva 20 NY 10016-5997, USA Tel. + 41 22 749 01 11 Switzerland E-mail stds.iprieee.org Fax + 41 22 749 09 47 E-mail

5、 inmailiec.ch Web www.ieee.org E-mail copyrightiso.org Web www.iec.ch Web www.iso.org Published in Switzerland ii IEEE 2015 All rights reservedISO/IEC/IEEE 8802-1AE:2013/$PG:201(E) IEEE 201 All rights reserved iiiForewordISO (the International Organization for Standardization) and IEC (the Internati

6、onal Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields

7、 of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joi

8、nt technical committee, ISO/IEC JTC 1. IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a consensus development process, approved by the Amer

9、ican National Standards Institute, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the Institute and serve without compensation. While the IEEE administers the process and establishes rules to promo

10、te fairness in the consensus development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the information contained in its standards. The main task of ISO/IEC JTC 1 is to prepare International Standards. Draft International Standards adopted by the joint tech

11、nical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is called to the possibility that implementation of this standard may require the use of subject matter covered b

12、y patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. ISO/IEEE is not responsible for identifying essential patents or patent claims for which a license may be required, for conducting inquiries

13、into the legal validity or scope of patents or patent claims or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance or a Patent Statement and Licensing Declaration Form, if any, or in any licensing agreements are reasonable or non-dis

14、criminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from ISO or the IEEE Standards Association. Amendment 1 to ISO/IEC

15、/IEEE 8802-11 was prepared by the LAN/MAN Standards Committee of the IEEE Computer Society (as IEEE Std 802.11ae-2012). It was adopted by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between systems, in parallel with

16、its approval by the ISO/IEC national bodies, under the “fast-track procedure” defined in the Partner Standards Development Organization cooperation agreement between ISO and IEEE. IEEE is responsible for the maintenance of this document with participation and input from ISO/IEC national bodies. ISO/

17、IEC/IEEE 8802-1AE:2013/$PG(E)iv IEEE 201 All rights reserved(blank page) IEEE Standard for Local and metropolitan area networks Media Access Control (MAC) Security Amendment 2: Extended Packet Numbering Sponsored by the LAN/MAN Standards Committee IEEE 3 Park Avenue New York, NY 10016-5997 USA 12 Fe

18、bruary 2013 IEEE Computer Society IEEE Std 802.1AEbw-2013(Amendment toIEEE Std 802.1AE-2006) ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)IEEE Std 802.1AEbw-2013(Amendment toIEEE Std 802.1AETM-2006)IEEE Standard forLocal and metropolitan area networksMedia Access C

19、ontrol (MAC) SecurityAmendment 2:Extended Packet NumberingSponsor LAN/MAN Standards Committee of the IEEE Computer SocietyApproved 7 February 2013IEEE-SA Standards BoardISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)The Institute of Electrical and Electronics Engineers, Inc.3 Park Avenue, New York, NY 1001

20、6-5997, USACopyright 2013 by the Institute of Electrical and Electronics Engineers, Inc.All rights reserved. Published 12 February 2013. Printed in the United States of America.IEEE and 802 are registered trademarks in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individu

21、al standard for educational classroomuse can also be obtained through the Copyright Clearance Center.ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)iv Copyright 2013 IEEE. All rights reserved.Notice to usersLaws and regulationsUsers of IEEE Standards documents should consult all applicable laws and regulat

22、ions. Compliance with theprovisions of any IEEE Standards document does not imply compliance to any applicable regulatoryrequirements. Implementers of the standard are responsible for observing or referring to the applicableregulatory requirements. IEEE does not, by the publication of its standards,

23、 intend to urge action that is notin compliance with applicable laws, and these documents may not be construed as doing so.CopyrightsThis document is copyrighted by the IEEE. It is made available for a wide variety of both public and privateuses. These include both use, by reference, in laws and reg

24、ulations, and use in private self-regulation,standardization, and the promotion of engineering practices and methods. By making this documentavailable for use and adoption by public authorities and private users, the IEEE does not waive any rights incopyright to this document.Updating of IEEE docume

25、ntsUsers of IEEE Standards documents should be aware that these documents may be superseded at any timeby the issuance of new editions or may be amended from time to time through the issuance of amendments,corrigenda, or errata. An official IEEE document at any point in time consists of the current

26、edition of thedocument together with any amendments, corrigenda, or errata then in effect. In order to determine whethera given document is the current edition and whether it has been amended through the issuance ofamendments, corrigenda, or errata, visit the IEEE-SA Website or contact the IEEE at t

27、he address listedpreviously. For more information about the IEEE Standards Association or the IEEE standards developmentprocess, visit the IEEE-SA Website.ErrataErrata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/findstds/errata/index.html.

28、 Users are encouraged to check this URL for errataperiodically.ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)Copyright 2013 IEEE. All rights reserved. vPatentsAttention is called to the possibility that implementation of this standard may require use of subject mattercovered by patent rights. By publicati

29、on of this standard, no position is taken by the IEEE with respect to theexistence or validity of any patent rights in connection therewith. If a patent holder or patent applicant hasfiled a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Websi

30、te at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicatewhether the Submitter is willing or unwilling to grant licenses under patent rights without compensation orunder reasonable rates, with reasonable terms and conditions that are demonstrably free of any un

31、fairdiscrimination to applicants desiring to obtain such licenses.Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is notresponsible for identifying Essential Patent Claims for which a license may be required, for conductinginquiries into the legal va

32、lidity or scope of Patents Claims, or determining whether any licensing terms orconditions provided in connection with submission of a Letter of Assurance, if any, or in any licensingagreements are reasonable or non-discriminatory. Users of this standard are expressly advised thatdetermination of th

33、e validity of any patent rights, and the risk of infringement of such rights, is entirely theirown responsibility. Further information may be obtained from the IEEE Standards Association.ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)vi Copyright 2013 IEEE. All rights reserved.IntroductionThe first edition

34、 of IEEE Std 802.1AETMwas published in 2006. A first amendment, IEEE Std802.1AEbnTM-2011, added the option of using the GCM-AES-256 Cipher Suite. This second amendmentadds optional Cipher Suites, GCM-AES-XPN-128 and GCM-AES-XPN-256, that allow more than 232frames to be protected with a single Secure

35、 Association Key (SAK) and so ease the timeliness requirementson key agreement protocols for very high speed (100 Gb/s plus) operation.Relationship between IEEE Std 802.1AE and other IEEE Std 802 standardsIEEE Std 802.1XTM-2010 specifies Port-based Network Access Control, and provides a means ofauth

36、enticating and authorizing devices attached to a LAN, and includes the MACsec Key Agreementprotocol (MKA) necessary to make use of IEEE 802.1AE.This standard is not intended for use with IEEE Std 802.11TMWireless LAN Medium Access Control. Anamendment to that standard, IEEE Std 802.11iTM-2004, also

37、makes use of IEEE Std 802.1XTM, thusfacilitating the use of a common authentication and authorization framework for LAN media to which thisstandard applies and for Wireless LANs.This introduction is not part of IEEE Std 802.1AEbw-2013, IEEE Standard for Local and metropolitan area net-worksMedia Acc

38、ess Control (MAC) SecurityAmendment 2: Extended Packet Numbering.ISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)Copyright 2013 IEEE. All rights reserved. viiParticipantsAt the time this standard was submitted to the IEEE-SA Standard Board for approval, the IEEE P802.1Working Group had the following members

39、hip:Tony Jeffree, ChairGlenn Parsons, Vice-ChairMick Seaman, Editor and Task Group ChairThe following members of the individual balloting committee voted on this standard. Balloters may havevoted for approval, disapproval, or abstention. Zehavit AlonYafan AnTing AoPeter Ashwood-SmithChristian Boiger

40、Brad BoothPaul BottorffRudolf BrandnerCraig CarlsonXin ChangWeiying ChengPaul CongdonDiego CrupnicoffRodney CummingsClaudio DesantiDonald Eastlake, IIIJanos FarkasDonald FedykNorman FinnAndre FredetteGeoffrey GarnerAnoop GhanwaniFranz GoetzMark GravelEric GrayYingjie GuCraig GuntherStephen HaddockHi

41、toshi HayakawaMarkus JochimMichael Johas TeenerGirault JonesDaya KamathHal KeenSrikanth KeesaraYongbum KimPhilippe KleinOliver KleinebergJeff LynchBen Mack-Crane David MartinJohn Messenger John MorrisEric Multanen David OlsenDonald Pannell Mark Pearson Joseph PelissierRene Raeber Karen T. Randall Jo

42、sef Roese Dan RomascanuJessy Rouyer Ali Sajassi Panagiotis SaltsidisKoichiro SetoRakesh Sharma Takeshi ShimizuKevin Stanton PatriciaThaler Jeremy TouveMaarten VissersYuehua WeiMin XiaoThomas AlexanderArthur AstrinNancy BravinWilliam ByrdRadhakrishna CanchiJuan CarreonKeith ChowCharles CookRodney Cum

43、mingsRay DavisSourav DuttaDonald FedykYukihiro FujimotoDevon GayleEric GrayRandall GrovesMichael GundlachChris GuyRussell HousleyNoriyuki IkeuchiAtsushi ItoTony JeffreeMichael Johas TeenerShinkyo KakuPiotr KarockiStuart KerryYongbum KimBruce KraemerGeoff LadwigShen LohWilliam LumpkinsGreg LuriElvis

44、MaculubaJonathon MclendonMichael S. NewmanCharles NgetheSatoshi ObaraYoshihiro OhbaKaren RandallMaximilian RiegelBenjamin RolfeRandall SafierBartien SayogoMick SeamanGil ShultzDorothy StanleyThomas StaraiWalter StrupplerJoseph TardoWilliam TaylorPatricia ThalerSolomon TraininDmitri VarsanofievPrabod

45、h VarshneyJohn VergisHung-Yu WeiBrian WeisOren YuenDaidi ZhongISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)viii Copyright 2013 IEEE. All rights reserved.When the IEEE-SA Standards Board approved this standard on 7 February 2013, it had the followingmembership:John Kulick, ChairRichard H. Hulett, Past Cha

46、irKonstantinos Karachalios, Secretary*Member EmeritusAlso included are the following nonvoting IEEE-SA Standards Board liaisons:Richard DeBlasio, DOE RepresentativeMichael Janezic, NIST RepresentativeCatherine BergerIEEE Senior Standards Program Manager, Document DevelopmentKathryn BennettIEEE Stand

47、ards Program Manager, Technical Program DevelopmentMasayuki AriyoshiPeter BalmaFarooq BariTed BurseWael William DiabStephen DukesJean-Philippe FaureAlexander GelmanMark HalpinGary HoffmanPaul HouzJim HughesMichael JanezicJoseph L. Koepfinger*David J. LawOleg LogvinovRon PetersonGary RobinsonJon Walt

48、er RosdahlAdrian StephensPeter SutherlandYatin TrivediPhil WinstonYu YuanISO/IEC/IEEE 8802-1AE:2013/Amd.2:2015(E)Copyright 2013 IEEE. All rights reserved. ixContents3. Definitions . 24. Abbreviations and acronyms . 37. Principles of secure network operation 48. MAC Security Protocol (MACsec) 58.3 MA

49、Csec operation . 59. Encoding of MACsec protocol data units 79.8 Packet Number (PN) 79.9 Secure Channel Identifier (SCI) 710. Principles of MAC Security Entity (SecY) operation . 810.5 Secure frame generation 810.6 Secure frame verification. 910.7 SecY management . 1213. Management protocol 1613.7 Use of the MIB with extended packet numbering . 1614. Cipher Suites 1714.1 Cipher Suite use . 1714.2 Cipher Suite capabilities 1814.4 Cipher Suite conformance . 1814.6 GCMAES256. 1814.7 GCMAESXPN-128