IEEE 802.1AE is the IEEE MAC Security standard, also known as MACsec, and defines connectionless data confidentiality and integrity for media access independent protocols. This standard specifies how encryption is used to secure the links between network devices. MACsec operates by performing link layer encryption for each hop through a network.
This standard integrates security protection into wired Ethernet to secure LANs from attacks such as passive wiretapping, masquerading, man-in-the-middle and denial-of-service attacks. MACsec helps assure ongoing network operations by identifying unauthorized stations on a LAN and preventing communication from them. It protects control protocols that manage bridged network and other data through cryptography techniques that authenticate data origin, protect message integrity, and provide replay protection and confidentiality. By assuring that a frame comes from the station that claimed to send it, MACsec can mitigate attacks on communication protocols.
One of the challenges that this protocol introduces flows from the nature of the encryption protocol that is employed. Specifically, during the transmission process employed by MACsec, packets are enlarged by adding additional bytes to the packets and encrypting the packets. The additional size of the packets requires an increased transmission time to transmit the packet over the wire. Because the speed of the wire is fixed by the standard, there is typically no way to recover this deficit or to provide out of band signals to indicate that transmission rates should be reduced or paused.