Network security protocols such as IPsec and MACsec typically provide three security services: authentication, integrity and confidentiality.
Authentication enables a sender node and a receiver node to each verify the identity of the other before a communication session is set up between the sender node and the receiver node. Authentication may be implemented using a specific protocol, for example IKE in IPsec and IEEE 802.1X in MACsec. The sender node and receiver node may for example exchange credentials, certificates or show that they own a pre-shared secret. At this stage, the sender node and the receiver node may also agree on keys for providing integrity and confidentiality during the communication session.
During the communication session, the sender node generates an ICV (Integrity Check Value) for each message to be sent to the receiver node by hashing the contents of the message using the agreed key. The ICV is then added to the message. The agreed key may also be used to encrypt the message. The receiver node can then verify that the sender node did indeed send the message, by using its key to hash the contents of the message and checking that the generated ICV matches the ICV in the message.
This method prevents a MITM (Man In The Middle) Attacker replacing the sender after authentication, for example by spoofing the sender node's MAC address, and tampering with the messages sent by the sender node or, potentially more seriously, injecting unexpected traffic volumes and launching a Denial of Service attack (DoS).
However, the applicant has appreciated that implementing integrity in this way requires substantial processing power at the sender node and the receiver node. Furthermore, if the sender node is designed to transmit messages at high speed, hardware accelerators are often required, in order to generate the ICVs for the messages. These hardware accelerators are costly, and furthermore having to design and implement these accelerators increases the development effort required to provide security.