The design and implementation of MAC security in EPON

Because Ethernet passive optical network (EPON) is based on shared-medium network and a point-to-multipoint optical tree configuration, frames transmitted to any ONU are actually broadcast simultaneously to all ONUs. In EPON, the security of data transmission is critical in protecting the privacy of users and confidentiality of their communication. The MACsec is a link security method proposed by IEEE 802.1AE WG and under standardization. We implement the MACsec on the basis of Draft suggested by IEEE 802.1AE. Our MAC security (MACsec) provides user data confidentiality, frame data integrity check, and data origin authentication. Also, it provides protection of security threats such as replay attack and DoS attack, etc. These security protections are provided by 128-bit GCM-AES cipher mechanism. We designed the function of MACsec, and implemented it in HDL. Then, we developed two kinds of EPON MAC ASICs using 0.18 mum CMOS process, MACsec is a part of these chips