KR100723832B1 - MAC security entity for link security and sending and receiving method therefor - Google Patents

Abstract

The present invention relates to an apparatus and method for providing a security function of frames transmitted between an OLT and an ONU in an EPON network providing a MAC service. A frame classifier for determining whether the security link is to be secured based on a value of; A bypass unit for delaying a non-security function-applied frame such that a processing time for converting a security function-applied frame classified by a frame classifier into an encryption frame and a processing time of a security function-free frame are the same; A parameter generator for transmitting a parameter set value including a security function application setting signal, a frame decryption signal, an encryption mode selection signal, and an authentication strength adjustment signal for each logical identification comparator (LLID) to encrypt, decrypt, and authenticate the frame. It includes;

Link Encryption, MAC Security, GCM-AES. MACsecY

Description

MAC security entity for link security and sending and receiving method therefor}

1 illustrates a layer structure of an EPON network supporting a security service.

2 is a detailed block diagram of a media access control security device according to the present invention.

3 is a process of processing by the frame classifier 211 of the medium access control security device transmitter 210.

4 is a detailed block diagram of a media access control security device receiver according to the present invention.

5 is an internal structure diagram of an encryption unit.

6 illustrates a process of encrypting and decrypting a frame in a media access control security device.

FIG. 7 is an encrypted frame structure diagram input to the media access control security device receiver shown in FIG. 4.

FIG. 8 is a structural diagram of an unencrypted plain text frame type inputted and outputted to a media access control security device receiver shown in FIG. 4.

9 is a flowchart showing the overall operation procedure of the medium access control security device receiving unit.

FIG. 10 shows a table in which processing of an input frame is set according to a user-set denial of service attack parameter value per frame.

FIG. 11 shows a detailed operation procedure of selecting KEY and IV in the flowchart shown in FIG.

The present invention relates to an apparatus and method for providing a security function of frames transmitted between an optical network termination (OLT) and an optical network unit (ONU) in an Ethernet passive optical network (EPON) network providing a MAC service.

In more detail, MACsecY (MAC Security Entity, Medium Access Control Security Device) of the present invention operates a security policy for each frame in the EPON network, responds to the confidentiality, authentication and integrity check and encryption attack of the frame, and media access control security device An apparatus and method for ranging a frame passing through the same are provided.

At the network layer, IPSec (application security) or application level password (Password) functions are used to provide security and authentication of transmitted frames.

However, as the scalability, broadband, and L2 switching technology of the LAN have been recently increased, security and authentication of frames are required in a communication service using only the data link layer.

In response to these demands, IEEE802 has established an IEEE 802.1AE working group, standardizing the MAC Security provisioning technology and the MAC Security Entity structure required by the data link layer. It has been announced.

The IEEE 802.3ah Ethernet in the First Mile (EMF) uses a scheme and structure that is being standardized by the IEEE P802.1AE Working Group to provide security and authentication capabilities in the EPON network.

The EPON network has a weak point in security because it is a media-sharing point-to-multipoint structure. In the topology of the EPON network, there is a risk of eavesdropping by other ONUs in downlink traffic, and there is a risk of unauthorized resource access or disguise by other ONUs in upstream traffic.

Therefore, since it is necessary to provide subscribers with confidentiality of information and to provide service providers with protection of contents and charging according to subscriber access, the security problem in subscriber network EPON is to provide subscriber traffic integrity, unauthorized devices and The purpose is to block access of subscribers.

Therefore, in order to provide frame security and frame authentication in EPON ONU, a media access control security device structure using the Galois / Counter Mode-Advanced Encryption Standard (GCM-AES) algorithm is required. Should be implemented. And protection against various cryptographic attacks should be provided.

SUMMARY OF THE INVENTION The present invention provides an apparatus and method for providing a security function of frames in a media access control security transmission and reception apparatus that can provide MAC security technology standardized in an IEEE 802.1AE working group in an EPON link. will be.

In order to achieve the above object, the media access control security device according to an embodiment of the present invention classifies frames based on logical identification comparator (LLID) values and frame types, and a security function for each frame type based on the LLID. Creates a first parameter set that sets or cancels the application to determine whether the security function is applied to the frame, and applies the security function so that the processing time of the security function applying frame is converted to the encrypted frame and the processing time of the non-security function frame is the same. A media access control security transmitter device for delaying a frame; And determining whether to set an encryption mode of the frame based on the LLID value, and distinguishing whether the frame is an encrypted frame or an unencrypted plain text frame based on the frame type value, and processing a denial of service attack frame for each frame based on the frame type value. And a media access control security receiver for generating a second parameter set value used for authentication and decryption of a frame, and delaying the plain text frame so that the processing time for decrypting the encrypted frame is the same as the processing time for the plain text frame.

Another embodiment of the present invention for achieving the above technical problem comprises the steps of classifying a frame based on a logical identification comparator (LLID) value and the frame type and determining whether to apply a security function; Transmitting a parameter set value including a security function application setting signal, a frame decryption signal, an encryption mode selection signal and an authentication strength adjustment signal for each logical identification comparator (LLID); Delaying the non-security function applying frame so that the processing time for converting the security function applying frame into the encryption frame and the processing time of the security function non-applying frame are the same; Authentication decryption or authentication of the frame; Determining whether to set an encryption mode of a frame based on the LLID value; Distinguishing whether the frame is an encrypted frame or an unencrypted plain text frame based on the type value of the frame, and processing a denial of service attack frame for each frame based on the frame type value; Delaying the plain text frame such that a processing time at which an encrypted frame is decrypted is equal to a processing time of the plain text frame; and transmitting a second parameter set value used for authentication and decryption of the frame.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the same elements among the drawings are denoted by the same reference numerals and symbols as much as possible even though they are shown in different drawings.

In the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

1 illustrates a layer structure of an EPON network supporting a security service.

The hacker can modulate the received frame by modifying the LLID. Therefore, all frames transmitted in the EPON network must be encrypted. In that case, even if a hacker receives a frame of a specific ONU, the hacker cannot decrypt the frame.

In order to encrypt all frames in the EPON network, the media access control security device 100 must be located between the MAC layer 110 and the MPCP 120 layer.

At this time, the media access control security device may selectively encrypt the data frame among the PON Bridge 130, MPCP frame 140, OAM frame 150 according to the user implementation.

KaY (160, a security function application policy set by an operator) input from the client 170 provides encryption key management and state management of the media access control security device.

2 is a detailed block diagram of a media access control security device according to the present invention.

The media access control security device 200 according to an embodiment of the present invention is characterized in that the authentication encryption / decryption and the frame authentication function for the frame input at 1Gbps or 2Gbps speed, the media access control security device transmitter 210 and the media access control security device receiving unit 220.

The medium access control security device transmitter 210 includes a frame classifier 211, a bypass unit 212, a transmission FCS removal unit 213, a transmission frame encoder 214, an encryption unit 215, and a transmission frame assembly unit 216. ), A transmission frame multiplexer 217, and a parameter generator 218.

The media access control security device receiver 220 includes a frame classifier 221, a bypass unit 222, a reception FCS removal unit 223, a reception frame decoder 224, an encryption unit 225, and a reception frame assembly unit ( 226, a reception FCS generator 227, a reception frame multiplexer 228, and a parameter verification unit 229.

The operation of the medium access control security transmitter 210 is as follows.

The frame classifier 211 checks the type of the input frame according to the security function application policy set by the operator, determines whether to apply the security function to the frame, and sends the frame to which the security function is applied to the transmitting FCS remover 213. The non-security function application frame is sent to the bypass unit 212.

The frame classifier 211 transmits a logical identification comparator value (LLID) of the frame to the parameter generator 218 when a frame is input.

The parameter generator 218 transmits a security function application signal of the corresponding LLID to the transmission frame classifier, and the frame classifier 211 determines whether to apply the security function to the input frame based on this signal. The signal may be set in the parameter generator 218 through the CPU.

In addition, the frame classifier 211 classifies the frame type into three and determines whether to apply a security function to each frame by classifying a frame from a MAC client, an MPCP frame, and a frame from another client. In order to distinguish the frame types, the transmission frame classifier receives a signal indicating the frame type when the frame is input.

Through this operation, the frame classifier 211 may select whether to apply the security function to the input frame for each LLID and frame type. This is illustrated in FIG. 3, and a description thereof will be described later.

The bypass unit 212 delays the non-security function frame so that the processing time for converting the security function application frame classified by the frame classifier 211 into an encryption frame and the processing time of the frame to which the security function is not applied are the same. Perform the function.

Security-enforced frames and non-security-enforced frames have the same delay time, allowing EPON to correctly allocate Ranging and Uplink Transmission Time. The delay time processed by the bypass unit 212 is as follows.

Frame Bypass Delay Time = Transmit FCS Eliminator Processing Time + Transmit Frame Decoder Processing Time + Encryption Authentication Encryption Processing Time + Transmit Frame Assembly Processing Time

However, the delay time is a preferred embodiment of the present invention, and is not limited to the above, and it should be noted that modifications, modulations, and modifications can be made without departing from the technical spirit of the present invention.

The transmitting FCS remover 213 removes the 4-byte FCS attached to the end of the frame input from the frame classifier 211.

The transmission frame encoder 214 adds a SECTag (Security Tag) and a PN to the MACsec frame structure by using the frame input from the transmission FCS remover 213 using information on the corresponding frame received from the parameter generator 218. , IV value and encryption key, separated into AAD and MSDU and transmitted to the encryption unit 215.

The encryption unit 215 authenticates or authenticates the input frame.

The transmission frame assembler 216 adds the LLID and header of the frame to the transmission multiplexer 217 by adding the LLID and the header of the frame to the authenticated or authenticated encrypted frame via the encryption unit 215.

The transmission multiplexer 217 multiplexes and transmits frames from the transmission frame assembler 216 and the bypass unit 212.

The parameter generator 218 stores parameter values for an encryption key, an IV, a PN, a security policy, and an option for each LLID (Logical Link ID), and converts the stored parameters for the corresponding LLID into a different block every frame. To pass.

Each component of the media access control security receiver 220 in FIG. 2 will be described in more detail with reference to FIG. 4.

3 is a process of processing by the frame classifier 211 of the medium access control security transmitter 210.

When the frame is input (300), the LLID value of the frame is viewed to determine whether the frame is a link to which a security function is applied (310). If it is not the link to apply the security function is transmitted to the bypass unit (330), otherwise it is determined whether to apply the security function for each frame (320).

The security function application frame determines whether to use a session key or a master key for each LLID of the frame. Referring to FIG. 1, in the EPON network, ONU and OLT are set to use a session key when a frame comes from the PON bridge 130 and to use a master key or a session key when a frame comes from Kay 160. (340).

The choice of encryption key to use is determined by KaY, which allows KaY to choose one of the two encryption keys. The encryption transmitter and receiver can operate two encryption keys at the same time. Thereafter, the frame is transmitted to the encoder (350).

4 is a detailed block diagram of a media access control security receiver according to the present invention.

The frame classifier 410 transmits an input frame to an encryption block or a receiving frame bypass block according to whether MACsecY encryption operation of a verification parameter block set by an operator is performed through Key Agreement Entity for MAC Security (KAY), or Discard the frame according to the operating mode.

In other words, whether the security function is applied or not is determined based on the LLID value of the frame, and whether the frame is an encrypted frame or an unencrypted frame using the Ethernet type field of the received frame.

The frame classifier 410 also deletes frames such as denial of service attack frames when an unencrypted plain text frame is entered in the secure function mode and when an encrypted frame is entered in the non-secure function mode.

That is, the frame classifier 410 may set a DOS attack frame for each input frame type (s491).

Based on the 16-bit Ethernet type value in the security tag field of the frame, determine whether the frame is an encrypted frame or a plain text frame and determine whether the frame is a broadcast security channel or a unicast security channel. A denial of service attack is performed on the frame based on a user setting parameter defining whether to apply it and a DoS attack frame applying mode parameter defined for each user setting parameter.

The FCS remover module 420 removes a 4-byte FCS value from the encrypted frame input from the frame classifier 410. Since the encryption unit 450 decrypts the encrypted frame into a plain text frame, it is necessary to calculate a new FCS value for the plain text MAC frame after the decryption is finished. Therefore, the FCS value is removed before the encrypted frame is input to the encryption unit 450.

The reception bypass unit 430 performs a function of delaying the plaintext MAC frame such that an encrypted frame is decrypted and a time for which an unencrypted plaintext MAC frame is performed is the same.

Encrypted or unencrypted frames have the same delay time, allowing EPON's Multi Point MAC Control module to make accurate Ranging or ONU transmission time assignments exactly the same for all frames. The delay time processed by the reception bypass unit 430 is as follows.

Receive Frame Bypass Delay Time = Receive FCS Eliminator Processing Time + Receive Frame Decoder Processing Time + Encrypt Decryption Processing Time + Receive Frame Assembly Processing Time + FCS Generator Processing Time

However, the delay time is a preferred embodiment according to an embodiment of the present invention, it should be noted that the technical spirit of the invention can be changed if the configuration of the invention is changed, changed, modified within the same range.

The frame decoder 440 performs a function of extracting information necessary for frame decryption using a 4-bit data counter on the encrypted frame input from the FCS remover module 420.

Frames encrypted by the frame decoder 440 are MAC header, security tag (SECTAG), packet number (PN) s305, additional authentication data (AAD), and secure MAC service data unit (MSDU) according to a 4-bit data counter value. As separate frames are transmitted.

The MAC header includes 8 bytes of preamble, 6 bytes of destination address, and 6 bytes of source address. SecTAG consists of a MACsecY Ethertype field and a Tag Control Information (TCI) value s304. The PN value is a sequence number indicating the packet order to be transmitted.

In addition, the frame decoder module 440 includes a retransmission attack processor that performs a replay check by comparing an AN (Association Number) value in the TCI field s304 with an AN value previously input to a frame.

The retransmission attack processor receives an encrypted MAC frame that does not correspond to a denial of service attack (DoS) frame from the frame classifier 410 and determines whether the broadcast security channel or the unicast security channel is based on the Ethernet type value of the frame. .

After that, the packet number value is compared by the Security Association (SA) in the corresponding channel, and if the packet number value of the frame currently input in the same security association state is less than or equal to the packet number value input in the previous frame, the packet number value is compared again. It is regarded as a transmission attack frame and deleted. Otherwise, the frame is transmitted to the decoder 440.

 However, if the AN Flag value input in the previous frame and the AN Flag value input in the current frame are different, the period of the key is changed so that the retransmission attack is not checked. The frame decoder 440 transmits the AAD value and the Secure MSDU to the encryption unit 450 when the input frame is not a retransmission frame.

The encryption unit 450 performs an authentication decryption and authentication check function using the AAD and MSDU input from the frame decoder 440 and the KEY s495 and IV (s496) input from the parameter verification unit 490.

The encryption unit 450 used in the media access control security receiver 400 operates in the authentication decryption mode and the authentication check mode according to the KaY setting, and operates in the 1Gbps or 2Gbps mode.

The authentication decryption modes 451 and 452 decode the Secure MSDU input from the frame decoder 440 into a plain text frame using the KEY s495 and the IV s496.

In addition, the AAD value input from the frame decoder 440 and the Integrity Check Value (ICV) value for the Secure MSDU are calculated and compared with the ICV value included in the Secure MSDU to check whether an encrypted frame is modulated during transmission. do.

If the calculated ICV value and the input ICV value are different, the decoded frame is transmitted together with the authentication failure signal. The ICV value included in the encrypted frame becomes the ICV value calculated when the frame is encrypted by the transmitter.

The authentication check mode 452 does not perform a decryption function on the MSDU, but merely calculates an ICV value for the input frame and checks whether the input MAC frame is modulated during transmission by comparing the ICV value included in the MSDU.

Also, for authentication check strength, the ICV length is set to 4, 8, 12, or 16 bytes according to the user's definition.

Authentication strength depends on the ICV length. The longer the ICV, the higher the authentication strength, and the shorter the ICV, the lower the authentication strength. If the ICV length is increased to increase the authentication strength, the transmission throughput is reduced. If the ICV length is shortened to increase the transmission throughput, the authentication strength is lowered.

The ICV value is a hash value, which makes a long frame a short message using an encryption key. The shorter the ICV value, the higher the probability of calculating the same ICV for different frames, and the longer the ICV value, the lower the probability of calculating the same ICV for different frames.

Therefore, when the modulation of the frame occurs, if the ICV value is short in length, there is a high probability that the modulation cannot be checked.

A detailed description of the encryption unit 450 will be described later with reference to FIG. 5.

The frame assembly unit 460 assembles the plain text MSDU input from the encryption unit 450 and the MAC header s441 input from the frame decoder 440 to generate one MAC frame.

Before the plain text MSDU is input from the encryption unit 450, the MAC header s441 is input from the frame decoder 440 and stored in an internal register. When the plain text MSDU is input, the plain text MSDU shifts 5 clocks, and the frame assembly unit 460 sequentially transmits the preamble among the values stored in the internal register.

This operation is performed in accordance with a 3-bit data counter. The 3-bit data counter is counted from 0 to 5 in synchronization with the enable signal of the input plaintext MSDU. That is, if the counter is 0, the first preamble is transmitted. If the counter is 1, the preamble including the LLID is transmitted. If 2, Destination Address [47:16] is 3, Destination Address [15: 0] is 3, Source Address [47:32] is 4, and Source Address [31: 0] is transmitted. Thereafter, a 5 clock shifted plaintext MSDU is transmitted.

The FCS generator 470 calculates a 4-byte FCS for the plain text MAC frame input from the frame assembly unit 460 and attaches the FCS to the end of the MAC frame.

The FCS calculation uses the CRC-32 (B) cyclic polynomial "G (x) = X32 + X26 + X23 + X22 + X16 + X12 + X11 + X10 + X8 + X7 + X5 + X4 + X2 + X + 1". Since the length of the MAC frame input from the frame assembly unit 460 is variable, the FCS is calculated in units of bytes.

32-bit data input from the frame assembly unit 460 every clock uses a 125 MHz clock frequency four times faster than the 31.25 MHz frequency used by the frame assembly unit 460. The 32-bit input is divided into 8 bits and the FCS is divided into bytes. Calculate

The four single-byte FCS values calculated above are used to collect and output 8-bit data into 32 bits using the 31.25 MHz frequency of the frame multiplexing module 312.

The frame multiplexer 480 multiplexes the MAC frame s431 inputted from the bypass unit 430 and the MAC frame s312 inputted from the FCS generator 470 and transmits the multiplied MAC frame s312 to the upper level (s313). .

Since the processing time passing through the frame bypass module 303 and the processing time through decoding are the same, only one frame is input at any time. The frame multiplexing module 312 also informs a higher level whether an input MAC frame is a decoded frame or an undecoded MAC frame.

5 is an internal structure diagram of an encryption unit.

The encryption unit includes a CTR-AES module 510, a Galois Message Authentication Code (GMAC) 520 module, and two converters 530 and 540.

The encryption unit 450 performs frame decryption using the CTR-AES algorithm, and performs authentication check using GMAC using the 4-Digit Serial GF 2128. The AES algorithm includes a Key Expander module and meets the Federal Information Processing Standard (FIPS) 197 of the National Institute of Standards and Technology (NIST).

The Key Expander module receives an unexpanded 128-bit key and generates an 1408-bit expansion key by the KEY Expanding algorithm described in FIPS197, and supplies 11 round keys of 128 bits for each round of the AES.

The encryption unit 450 operates at a 62.5 MHz clock to implement the 1 Gbps MACsecY function 300, and the encryption unit 450 operates at a 125 MHz clock to implement the 2 Gbps MACsecY function.

Therefore, the encryption unit includes an input / output interface for synchronization between these clocks to interface with the frame decoder and frame assembly operating at 31.25 MHz (1 Gbps) or 62.5 MHz (2 Gbps). The encryption unit performs frame authentication decryption and authentication check every 8 cycles when the frame decoder operates at a 31.25 MHz clock.

The CTR-AES block provides data confidentiality and data integrity by using encryption and decryption functions. The GMAC module provides data authentication.

Two converter blocks 530 and 540 provide the ability to convert 32-bit data to 128 data bits or 128-bit data to 32 bits. The size of data and keys in the CTR-AES and GMAC modules is 128 bits.

The encryption unit operates in an authentication encryption mode or an authentication mode according to the mode value determined by KaY. It is possible to set whether to operate the corresponding channel in the authentication encryption mode or the authentication mode for each LLID in KaY. If the LLID of the input frame is transmitted to the parameter generator from the frame classifier, the parameter generator informs the mode set in KaY.

6 illustrates a process of encrypting and decrypting a frame in a media access control security device.

FIG. 7 is an encrypted frame structure diagram input to the media access control security receiver shown in FIG. 4.

The encrypted MAC frame input from the MAC module is encapsulated by adding an 8-byte SecTAG and an 16-byte ICV field 706. The 8-byte SecTAG is an Ethertype (ET) field 701 of a 2-byte media access control security device, a TCI field 702 of 1 byte, a Short Length (703) field of Byte 1, and a PN field of 4 bytes. 704.

That is, at least 24 bytes are added to the existing MAC frame to provide MAC security service in the EPON network. Encryption of the general MAC frame is encrypted from the MAC Ethertype excluding the MAC header to the data 705 of the FCS front end.

The 1-byte TCI field 702 includes a 1-bit version field 711, a 1-bit ES field 712, a 1-bit SC field 713, a 1-bit SCB field 714, and a 1-bit SH field ( 715), and consists of a 2-bit AN field 716.

The SCB field 714 indicates whether or not it is a single copy broadcast frame, and the AN field 716 is used to distinguish four SAs. The SH field 715 is displayed when the size of the frame is less than 64 bytes, and the length thereof is indicated by the SL field 703 of 1 byte.

FIG. 8 is a structural diagram of unencrypted plaintext frame types inputted and outputted to the MACsecY receiver shown in FIG. 4. The MACsecY receiving unit receives an encrypted frame 700 shown in FIG. 7 from the MAC module or various types of unencrypted frames 800, 810, 820, and 830 shown in FIG. 8.

The unencrypted frame input from the MAC module includes a MAC data frame 800, an MPCP frame 810, an OAM frame 820, and a KEY frame 830. These frames are identified by the MAC Ethertype (802, 811, 821, 831) field of 2 bytes.

The Ether type value 811 of the MPCP frame 810 is 0x8808, and the Ether type value 821 of the OAM frame 820 is 0x8809. The Ether type value 831 of the current KEY frame 830 uses 0x8808, but has not been determined yet, and thus the value is set according to the definition of the user. The Ether type of the other frames is considered to be a data frame 800.

When the encryption frame 700 illustrated in FIG. 7 is decrypted by the media access control security device, the encrypted frame 700 is transmitted to the Multi Point MAC Control module in the form of one of the frames 800, 810, 820, and 830 illustrated in FIG. 8.

9 is a flowchart showing the overall operation procedure of the medium access control security device receiving unit.

The flowchart of FIG. 9 relates to an operation of transmitting an encrypted frame 700 or an unencrypted frame 800, 810, 820, 830 to a plain text MAC frame through bypass or authentication decryption processing. Each time, the bypass or authentication decryption process is repeatedly repeated.

An encrypted frame 700 or an unencrypted frame 800, 810, 820, 830 is input from the MAC module. The media access control security receiver first stores the parameter set received from the parameter verification unit and the operation mode of the encryption unit. Otherwise, the media access control security device operates in a default mode that does not support security services (910).

When the media access control security receiver is set to non-encryption, it is determined whether the input frame is an encrypted frame 700 or an unencrypted frame 800, 810, 820, or 830 (920).

When the encryption frame 700 is input, the media access control security receiver module deletes the input frame because it is in the non-encryption mode (921).

When the unencrypted frames 800, 810, 820, and 830 are input, the input frames are delayed by the processing time used in the decryption process and then bypassed (922). The bypassed frame is transmitted to the frame multiplexer to multiplex the decoded frame (980).

When the medium access control security receiver is set to the encryption mode, it is determined whether the frame is a denial of service attack frame based on a user setting parameter value for each frame.

An embodiment of deleting a frame when a service denial attack frame corresponds to a user set denial of service attack parameter value shown in FIG. 10 as a preferred embodiment of the present invention is shown. It should be noted that this does not limit the technical spirit of the present invention as it corresponds to an embodiment of the present invention.

If it does not correspond to the denial of service attack frame, it is determined whether the frame is an encrypted frame or a plain text frame based on the Ethernet type value of the frame (940).

If the plain text frame is not encrypted, the frame is delayed by a processing time required for the decryption process and then bypassed (922).

In the case of the encrypted frame, the 4-byte FCS value inserted at the end of the encrypted frame is deleted to perform the authentication decryption process (942). The encrypted frame with 4 bytes of FCS removed determines the current security association based on the AN FLAG value, and if the security association of the current security association and the previously entered frame is the same, compares the packet number value of the frame and retransmits it. The attack is checked (950).

That is, if the packet number (PN) of the frame input to the current frame is less than or equal to the packet number (PN ') of the previous frame, it is determined that it corresponds to a retransmission attack frame, and the frame is deleted and an interrupt signal is transmitted to KaY ( 951).

If it is not a retransmission attack frame, it determines that the frame is normal and transmits the frame. The packet number (PN) input to the current frame is stored in PN ', and the encoded frame from which the 4-byte FCS is removed is decoded into a MAC address, SecTAG, PN, AAD, and Secure MSDU (960). A KEY and an IV to be used for authentication decryption are selected using the TCI value and the PN of the decoded SecTAG (961).

The encryption unit authenticates the encrypted data through the KEY and IV, AAD, Secure MSDU, and decrypts it to plain text MSDU (962). If the authentication fails, the Fail signal is activated at the next clock of the decrypted plain text DATA and an interrupt is transmitted to the CPU (963).

Interrupt generation period is controlled by KaY. The decrypted plain text MSDU is assembled with the decoded MAC address s610 to create a decrypted plain text MAC frame (964).

The decoded plaintext MAC frame generates and adds a 4-byte FCS value to check for errors during transmission (970).

The media access control security receiver multiplexes the frame to transmit the bypassed frame and the decrypted plaintext frame to the MAC Control sublayer, and the multiplexed frame is transmitted to the Multi Point MAC Control module (980).

FIG. 10 shows a table in which processing of an input frame is set according to a user-set denial of service attack parameter value per frame.

FIG. 11 shows a detailed operation procedure of selecting KEY and IV in the flowchart shown in FIG. The process shown in FIG. 11 relates to an operation for selecting a KEY and an IV used for authentication decryption of a frame, and is performed every time an encrypted frame is input.

KaY stores the Current KEY and Random IV values for each security association in the MACsecY receiver (1100). If there is no KEY and Random IV value s1101 inputted from KaY, KEY and IV are not selected (1101).

When the Current Master, Current Session, Current Common KEY and Random IV values are input from KaY, they are stored in the internal register of the media access control security receiver (1102).

KaY may store the current key and the random IV value in the MACsecY receiver (701) and then store the next key and the random IV value (1110). When Next Master, Next Session, Next Common KEY and Random IV values are input from KaY, they are stored in the internal register of the MACsecY receiver (1112).

If the Next Master, Next Session, Next Common KEY and Random IV values are not input from KaY, KEY and Random IV do not exist in the MACsecY receiver internal register (1111).

The encrypted frame is decoded and SCB information, AN flag information, and PN value are input (1120). The SCB Flag value in SecTAG is used to check whether the frame is a broadcast secure channel or a unicast secure channel.

If the SCB Flag value is 1, if the frame corresponds to a broadcast security channel, the common key and the IV are selected (1130). If the input AN value is equal to the Current Common AN value set from KaY, select the value of the Current Common KEY and IV register (1141); otherwise, if the input AN value is equal to the Next Common AN value set from KaY (1142) Next Common Select the value of the KEY and IV registers (1143).

If the SCB information is 0, that is, if the input frame is a frame corresponding to the unicast secure channel, the session key and the IV are selected. If the input AN value is equal to the Current Session AN value set from KaY (1150), the value of the Current Session KEY and IV register is selected (1151). Otherwise, if the input AN value is equal to the Next Session AN value set from KaY (1152), the value of the Next Session KEY and IV register is selected (1153).

Regardless of the SCB information, if the input AN value is equal to the Current Master AN value set from KaY (1144, 1154), the values of the current master key and the IV register are selected. Otherwise, if the AN value entered is equal to the Next Master AN value set from KaY, select the value of Next Master KEY and IV register.

If the input frame is a frame that requires Master Key and IV (1144, 1145, 1154, and 1155) and the PN value is Almost PN Expire state (1160), the internal register contains the Next Master KEY and Random IV to use for the next key period. After checking (1170), if there is no Next Master KEY and Random IV, a key request interrupt signal is transmitted to KaY (1171).

If the Next Master KEY and the Random IV are present, no key request interrupts will occur. If the input frame is a frame requesting Session KEY and IV (1150, 1152) and the PN value is Almost PN Expire state (1156), check if there is a Next Session KEY and Random IV to use for the next key cycle in the internal register (1157). If there is no Next Session KEY and Random IV, it sends a key request interrupt signal to KaY (1158).

If a Next Session KEY and a Random IV are present, no key request interrupts will occur. If the input frame is a frame requesting common key and IV (1140, 1142) and the PN value is Almost PN Expire state (1146), check if there is Next Common KEY and Random IV to use for the next key cycle in internal register (1147). If there is no Next Common KEY and Random IV, a key request interrupt signal is transmitted to KaY (1148).

If there is Next Common KEY and Random IV, key request interrupt is not generated. Almost PN Expire range is set by KaY.

If the input PN value is Key Exchange state (1180), an interrupt is transmitted to KaY indicating that the current key use cycle is completed and the next key is used (1181). Using Next KEY and Random IV indicates that there is no Next KEY and Random IV value to use for the next cycle (1182).

When the Next KEY and the Random IV value to be used for the next period are input from KaY (1110), it indicates that there is a Next KEY and the Random IV value to be used for the next period (1112).

The invention can also be embodied as computer readable code on a computer readable recording medium. Computer-readable recording media include all kinds of recording devices that store data that can be read by a computer system.

Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like, which are also implemented in the form of carrier waves (for example, transmission over the Internet). It also includes. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

The best embodiments have been disclosed in the drawings and specification above. Although specific terms have been used herein, they are used only for the purpose of describing the present invention and are not used to limit the scope of the present invention as defined in the meaning or claims.

Therefore, those skilled in the art will understand that various modifications and equivalent other embodiments are possible from this. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

The present invention provides subscribers with confidentiality of information, provides service providers with content protection and billing according to subscriber access, and security issues in subscriber network EPON provide subscriber traffic integrity, unauthorized devices and subscriber access blocking. It provides a media access control security device that enables the transmission and the transmission, reception method for link security there.

In addition, the EPON ONU provides frame security and frame authentication, and features to be easily compatible with existing EPON architectures and protection against various encryption attacks.

In other words, the media access control security device according to the present invention provides the confidentiality, authentication and integrity check of the frame in the EPON network, provides encryption attack prevention function, and facilitates ranging and uplink allocation in the EPON. It also provides the effect of different security policies for each LLID and frame.

Claims (16)

A frame classifier for discriminating a type of a frame and determining whether it is a secure link to which a security function is to be applied based on a logical identification comparator (LLID) value of the distinguished frame; A bypass unit for delaying a non-security function-applied frame such that a processing time for converting a security function-applied frame classified by the frame classifier into an encryption frame and a processing time of a security function-free frame are the same; And Parameter generation for transmitting a parameter set value including a security function application setting signal, a frame decryption signal, an encryption mode selection signal, and an authentication strength adjustment signal used for encrypting, decrypting, and authenticating the frame for each logical identification comparator (LLID) And a media access control security transmitter unit. The method of claim 1, wherein the frame classifier A medium for receiving a mode parameter value for selecting an encryption algorithm from the parameter generator and selecting whether to apply an authentication decryption algorithm (GCM-AES) or an authentication algorithm (G-MAC) to a frame; Access control security transmitter device. The method of claim 1, And an encryption unit configured to change an authentication strength by receiving an ICV_Size parameter value for confirming whether a frame is authenticated from the parameter generator and changing the ICV_Size parameter value in the authentication decryption algorithm or the authentication algorithm. A medium access control security transmitter device. Whether the security function is applied based on the logical identification comparator (LLID) value of the frame is determined and whether the frame is an encrypted frame or an unencrypted plain text frame based on the frame type value and based on a user-set parameter value for each frame. A frame classifier for processing denial of service attack frames; A parameter verification unit for transmitting a parameter set value used for decoding and authenticating the frame; A retransmission attack processor to remove the frame when the frame corresponds to a retransmission attack frame based on an AN flag value of the frame; And a bypass unit for delaying the plain text frame so that the processing time at which the encrypted frame is decrypted and the plain text frame processing time are the same. The method of claim 4, wherein Decrypting the encrypted frame into a plain text frame using the parameter value input from the parameter verification unit and performs an authentication decryption function to determine whether the encrypted frame is modulated, or an authentication check function to determine only whether the encrypted frame has been modified. And an encryption unit for applying to the frame. The apparatus of claim 4, wherein the frame classifier Receiving a parameter mode value for selecting an algorithm from the parameter verification unit to select whether to apply the authentication decryption encryption algorithm (GCM-AES) or the authentication check algorithm (G-MAC) to the frame in the encryption unit Media access control security receiver device, characterized in that. The method of claim 5, In determining whether the frame has been tampered with, medium access control by varying the authentication strength by changing the ICV_Size parameter value in the authentication encryption algorithm or the authentication algorithm based on the ICV_Size parameter value received from the parameter verification unit. Security receiver device. The method of claim 4, wherein the parameter verification unit And checking the state of the encryption key used to decrypt the frame based on the packet number value of the frame, and transmitting an encryption key expiration signal, an encryption key conversion signal, and an encryption key update signal. Classify frames based on logical identification comparator (LLID) values and frame types, and generate a first parameter set for setting or canceling security functions for each frame type based on the LLID to apply security functions to the frames. A media access security transmitter configured to determine a delay and delay the non-security function frame so that the processing time for converting the security function-applied frame into an encrypted frame is the same as the processing time of the non-security function frame; And It is checked whether the encryption mode is set based on the LLID value, and whether the frame is an encrypted frame or an unencrypted plain text frame based on the type value of the frame and a denial of service attack frame for each frame based on the frame type value. And a media access security receiving unit for generating a second parameter set value used for authentication and decryption of the frame and delaying the plain text frame so that the processing time for decrypting the encrypted frame and the processing time for the plain text frame are the same. And a media access control security device. The method of claim 9, Select whether to apply the authentication decoding algorithm (GCM-AES) or the authentication algorithm (G-MAC) to the frame by receiving a Mode parameter value that selects an algorithm from the first parameter set or the second parameter set, And the authentication decryption algorithm or the authentication algorithm selectively uses an ICV_Size parameter value for confirming whether a frame is authenticated to change the authentication strength in the algorithm. The method of claim 9, Decrypting an encrypted frame into a plain text frame using the second parameter set value and performing an authentication decryption function to determine whether the encrypted frame has been tampered with or applying an authentication check function to determine whether the encrypted frame has been tampered with. Media access control security device further comprises a; encryption unit. Determining whether to apply a security function based on a logical identification comparator (LLID) value of the frame; Delaying the non-security function applying frame so that the processing time for converting the security function applying frame into the encryption frame and the processing time of the security function non-applying frame are the same; Transmitting a parameter set value including a security function application setting signal, a frame decryption signal, an encryption mode selection signal and an authentication strength adjustment signal for each logical identification comparator (LLID); Frame transmission method in a medium access control secure transmission device comprising a. The method of claim 12, Encoding the frame; Applying an authentication decryption algorithm (GCM-AES) or an authentication algorithm (G-MAC) to a frame based on a Mode parameter value that selects an encryption algorithm among the parameter set values; And multiplexing the encrypted frame and the security function non-applied frame. The method of claim 13, further comprising: changing an authentication strength in the authentication decryption algorithm or the authentication algorithm according to an ICV_Size parameter value for checking whether a frame is authenticated among the parameter set values. Frame transmission method in a secure transmission device. Determining whether to apply a security function based on a logical identification comparer (LLID) value of the frame; Discriminating whether a frame is an encrypted frame or an unencrypted plain text frame based on the frame type value and processing a denial of service attack frame based on a user setting parameter value for each frame; Transmitting a parameter set value used for decrypting and authenticating the frame; Removing the frame if the frame corresponds to a retransmission attack frame based on an AN flag value of the frame; And And delaying the plain text frame so that the processing time at which the encrypted frame is decrypted and the plain text frame processing time are the same. The method of claim 15, Decoding the frame; Applying an authentication decryption algorithm (GCM-AES) or an authentication algorithm (G-MAC) to a frame based on a Mode parameter value that selects an encryption algorithm among the parameter set values; Changing an authentication strength in the authentication decryption algorithm or the authentication algorithm according to an ICV_Size parameter value for checking whether a frame is authenticated among the parameter set values; And And multiplexing the encrypted frame and the security function non-applied frame.

Images