Cloud native EDA tools & pre-optimized hardware platforms
There is an ever-increasing demand for bandwidth, driven by an exponential growth in the number of devices connected to the cloud and a broadening variety of sensors, applications, and services, resulting in an explosion of data traffic. This in turn, drives the proliferation of high bandwidth interfaces such as Ethernet, PCIe/CXL, and DDR to sustain faster data movement and increased processing and storage capacities. End-to-end data security in the connected ecosystem is more critical than ever, including when data is at rest and when it is in motion, both as it is communicated between devices and the cloud and while it is processed or stored to a device.
Ethernet-connected devices, like computers, servers, hubs, routers, and more, are expanding in every direction, including high performance computing, 5G, mobile and automotive markets, all requiring security. Security on the internet or any other ethernet network depends on encryption. The more encryption is used, the harder it is for attackers to steal data, eavesdrop on communications, and/or compromise systems.
There are many reasons to encrypt Ethernet traffic. Compliance is one of the most common and may involve one or more standards for the treatment of sensitive or personally identifiable data. Examples of such standards are defined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the US or the analogous European General Data Protection Regulation (GDPR). For institutions that obtain and use data on children, rules defined in the Family Education Rights and Privacy Act (FERPA) may also apply. Failure to comply with applicable standards can result in significant penalties even if a data breach does not occur.
Data theft is not only the domain of regulated content – any research, intellectual property, proprietary data or code is potentially a target for theft or malicious alteration. Intrusion detection and prevention starts with ensuring privacy for exchanging account credentials and sensitive or valuable data. Source validation and authentication services are a critical element of this infrastructure, not all breaches occur from outside of an organization, and rights-based data management depends critically on safe (private and reliable) identity validation.
The primary security standard to secure Ethernet traffic is the Media Access Control Security (MACsec). MACsec provides data security in motion between Ethernet-connected devices and protects network communication against DoS attacks, eavesdropping, and man-in-the-middle attacks.
MACsec is an established protocol based on AES-GCM cryptography that secures the data link layer (where communication begins) by providing confidentiality, data integrity, data origin authenticity, and replay protection.
Security on the internet or any other Ethernet network depends on encryption, for the privacy of communication and integrity and authentication using shared authenticated keys. There are several different ways to encrypt ethernet traffic, and they occur at different layers in the OSI stack on which it is based:
Setting up a MACsec encrypted connection involves five steps:
MACsec hardware encryption also provides the lowest latency security as compared to options implemented at higher layers of the OSI stack.
With the Synopsys MACsec Security Modules, designers can take advantage of: