StealthMACsec

IEEE 802.1AE MACsec Engine With Advanced Side-Channel Countermeasures

Secure Ethernet networks with industry leading MACsec implementation featuring advanced side-channel countermeasures, automatic SA lifecycle management, and scalable multi peer architecture.

Up to 10 Gbps
Throughput
1B+
Trace SCA Resistance
1-512
Scalable SAs
📄 Open StealthMACsec Product Brief PDF

StealthMACsec Architecture

StealthMACsec Architecture Diagram

Four AXI4 Stream interfaces with configurable width (32/64/128-bit) for seamless integration

Key Features

IEEE 802.1AE-2018 Compliant

Full MACsec implementation with GCM-AES-256 cipher suite, ensuring complete standards compliance for secure Ethernet communications.

Advanced SCA Countermeasures

Industry leading side-channel resistance inherited from our proven StealthAES engine, protecting against sophisticated attack vectors.

Scalable SA Architecture

Single TX SA with 1-N RX SAs (up to 512) supporting complex multi-peer network topologies with automatic SA management.

Hardware Replay Protection

Per SA packet number validation with hardware-based tracking for robust protection against replay attacks.

AXI4 Stream Interfaces

Four standardized data path interfaces with configurable width (32/64/128-bit) for seamless FPGA and ASIC integration.

Automatic SA Management

Seamless TX SA rollover and lifecycle management with configurable SA database supporting 8-512 security associations.

Performance and Resource Utilization

FPGA Platform Max Frequency Throughput Resources
Xilinx UltraScale+ 200 MHz 1-10 Gbps 16K-44K LUTs
Microchip PolarFire 100 MHz 0.8-5 Gbps 23K-68K LUTs
Intel Agilex 5 180 MHz 1-9 Gbps 17K-52K LUTs

Architecture Overview

Transmit Path

  • Frame classification and protection
  • SecTAG insertion with SCI
  • GCM-AES-256 encryption
  • ICV generation and appending
  • Automatic PN management

Receive Path

  • MACsec frame parsing
  • Multi SA lookup (SCI+AN)
  • Hardware replay protection
  • GCM-AES-256 decryption
  • Frame validation and output

SA Management

  • Configurable SA database (8-512)
  • TX SA lifecycle with rollover
  • Multi peer RX SA support
  • Hardware PN tracking

Interface Specifications

  • Four AXI4 Stream interfaces
  • Configurable 32/64/128-bit width
  • TLAST frame delimiters
  • AXI4 Lite control interface
  • Statistics and error monitoring

Applications

Embedded Systems

  • Inter-module communications
  • Ethernet-connected sensor arrays
  • Distributed system protection
  • Industrial automation

Defense and Aerospace

  • Secure backplane links
  • Secure sensor fusion
  • Cross-domain data protection
  • Tactical data link gateways

Critical Infrastructure

  • Control system protection
  • Multi-peer secure networks
  • Real-time data security
  • Point to point connections

Why Choose StealthCores?

Industry Leading Security

Advanced SCA countermeasures inherited from our proven StealthAES engine protect against sophisticated attacks with 1 billion+ trace resistance.

Seamless Integration

Standardized AXI interfaces and comprehensive SA management enable rapid deployment in existing FPGA and ASIC designs.

Expert Support

Decades of cryptographic implementation experience with dedicated integration support and comprehensive documentation.

Proven Performance

Line rate processing up to 10 Gbps on FPGAs with scalable multi peer architecture for demanding applications.

Ready to Secure Your Systems?

Contact StealthCores today to learn how StealthMACsec can enhance your Ethernet security with advanced side-channel countermeasures and seamless integration.

Email Our Team Call (352) 297-2244