ISO/IEC/IEEE 8802-1AE:2020 信息技术系统间的远程通信和信息交换 局域网和城域网的要求 第1AE部分：媒体访问控制（MAC）安全

标准编号：ISO/IEC/IEEE 8802-1AE:2020

中文名称：信息技术系统间的远程通信和信息交换 局域网和城域网的要求 第1AE部分：媒体访问控制（MAC）安全

英文名称：Telecommunications and exchange between information technology systems — Requirements for local and metropolitan area networks — Part 1AE: Media access control (MAC) security

发布日期：2020-08

标准范围

该文档规定了通过对MAC客户端透明操作的媒体访问独立协议和实体提供无连接用户数据机密性、帧数据完整性和数据源真实性。注意-MAC客户端符合IEEE标准802？，IEEE标准802.1 q？和IEEE标准802.1 X.2。为此，它a)规定声称符合本标准的设备应满足的要求。b)在提供MAC服务以及保存服务请求和指示的语义和参数方面指定对MACsec的要求。c)描述对正确提供服务的故意和意外威胁。d)指定防止或限制利用这些威胁的攻击的影响的安全服务。e)检查威胁和MACsec的使用对服务质量(QoS)的潜在影响，指定对MAC安全实体和协议的设计和操作的约束。f)根据MAC子层内的媒体访问控制方法独立MAC安全实体(SecYs)的操作来模拟对安全MAC服务的支持。g)指定用于提供安全服务的MACsec协议数据单元(MPDU)的格式。h)确定每个SecY要执行的功能，并根据提供这些功能的过程和实体提供其内部操作的架构模型。i）指定每个SecY使用相关联并置端口接入实体（PAE，IEEE标准802.1 x）来发现和认证MACsec协议对等体，以及使用PAE的密钥协商实体（KaY）来协商和更新加密密钥。j)规定性能要求并推荐SecY操作参数的默认值和适用范围。k)指定如何在终端站、网桥和双端口以太网数据加密设备(EDEs)的架构中合并SecYs。l)建立MAC安全管理要求，识别被管理对象并定义SecYs的管理操作。m)指定用于管理TCP/IP网络中MAC安全操作的管理信息库(MIB)模块。n)规定了与本标准一起使用的密码套件的要求、标准和选择。

This document specifies provision of connectionless user data confidentiality, frame data integrity, and data origin authenticity by media access independent protocols and entities that operate transparently to MAC Clients.
NOTE - The MAC Clients are as specified in IEEE Std 802？, IEEE Std 802.1Q?, and IEEE Std 802.1X.2.
To this end, it
a) Specifies the requirements to be satisfied by equipment claiming conformance to this standard.
b) Specifies the requirements for MACsec in terms of provision of the MAC Service and the preservation of the semantics and parameters of service requests and indications.
c) Describes the threats, both intentional and accidental, to correct provision of the service.
d) Specifies security services that prevent, or restrict, the effect of attacks that exploit these threats.
e) Examines the potential impact of both the threats and the use of MACsec on the Quality of Service (QoS), specifying constraints on the design and operation of MAC Security entities and protocols.
f) Models support of the secure MAC Service in terms of the operation of media access control method independent MAC Security Entities (SecYs) within the MAC Sublayer.
g) Specifies the format of the MACsec Protocol Data Unit (MPDUs) used to provide secure service.
h) Identifies the functions to be performed by each SecY, and provides an architectural model of its internal operation in terms of Processes and Entities that provide those functions.
i) Specifies each SecY's use of an associated and collocated Port Access Entity (PAE, IEEE Std 802.1X) to discover and authenticate MACsec protocol peers and its use of that PAE's Key Agreement Entity (KaY) to agree and update cryptographic keys.
j) Specifies performance requirements and recommends default values and applicable ranges for the operational parameters of a SecY.
k) Specifies how SecYs are incorporated within the architecture of end stations, bridges, and two-port Ethernet Data Encryption devices (EDEs).
l) Establishes the requirements for management of MAC Security, identifying the managed objects and defining the management operations for SecYs.
m) Specifies the Management Information Base (MIB) module for managing the operation of MAC Security in TCP/IP networks.
n) Specifies requirements, criteria, and choices of Cipher Suites for use with this standard.

标准预览图