ISO/IEC/IEEE 8802-1AE:2013/Amd 1:2015

INTERNATIONAL ISO/IEC/
STANDARD IEEE
8802-1AE
First edition
2013-12-01
AMENDMENT 1
2015-05-01
Information technology —
Telecommunications and information
exchange between systems — Local and
metropolitan area networks —
Part 1AE:
Media access control (MAC) security
AMENDMENT 1: Galois Counter Model —
Advanced Encryption Standard-256 (GCM-
AES-256) Cipher Suite
Technologies de l'information — Télécommunications et échange
d'information entre systèmes — Réseaux locaux et métropolitains —
Partie 1AE: Sécurité du contrôle d'accès aux supports (MAC)
AMENDEMENT 1
Reference number
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)

©
IEEE 2015
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)

©  IEEE 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from ISO, IEC or IEEE at the respective
address below.
ISO copyright office IEC Central Office Institute of Electrical and Electronics Engineers, Inc.
Case postale 56 3, rue de Varembé 3 Park Avenue, New York
CH-1211 Geneva 20 CH-1211 Geneva 20 NY 10016-5997, USA
Tel. + 41 22 749 01 11 Switzerland E-mail stds.ipr@ieee.org
Fax + 41 22 749 09 47 E-mail inmail@iec.ch Web www.ieee.org
E-mail copyright@iso.org Web www.iec.ch
Web www.iso.org
Published in Switzerland
ii © IEEE 2015 – All rights reserved

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees established
by the respective organization to deal with particular fields of technical activity. ISO and IEC technical
committees collaborate in fields of mutual interest. Other international organizations, governmental and non-
governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO
and IEC have established a joint technical committee, ISO/IEC JTC 1.
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards
through a consensus development process, approved by the American National Standards Institute, which
brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers
are not necessarily members of the Institute and serve without compensation. While the IEEE administers the
process and establishes rules to promote fairness in the consensus development process, the IEEE does not
independently evaluate, test, or verify the accuracy of any of the information contained in its standards.
The main task of ISO/IEC JTC 1 is to prepare International Standards. Draft International Standards adopted
by the joint technical committee are circulated to national bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is called to the possibility that implementation of this standard may require the use of subject matter
covered by patent rights. By publication of this standard, no position is taken with respect to the existence or
validity of any patent rights in connection therewith. ISO/IEEE is not responsible for identifying essential
patents or patent claims for which a license may be required, for conducting inquiries into the legal validity or
scope of patents or patent claims or determining whether any licensing terms or conditions provided in
connection with submission of a Letter of Assurance or a Patent Statement and Licensing Declaration Form, if
any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly
advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is
entirely their own responsibility. Further information may be obtained from ISO or the IEEE Standards
Association.
Amendment 1 to ISO/IEC/IEEE 8802-11 was prepared by the LAN/MAN Standards Committee of the IEEE
Computer Society (as IEEE Std 802.11ae-2012). It was adopted by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange
between systems, in parallel with its approval by the ISO/IEC national bodies, under the “fast-track procedure”
defined in the Partner Standards Development Organization cooperation agreement between ISO and IEEE.
IEEE is responsible for the maintenance of this document with participation and input from ISO/IEC national
bodies.
© IEEE 2015 – All rights reserved iii

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
(blank page)
iv © IEEE 2015 – All rights reserved

IEEE Standard for
Local and metropolitan area networks—
Media Access Control (MAC) Security
Amendment 1: Galois Counter Mode—

Advanced Encryption Standard—
256 (GCM-AES-256) Cipher Suite
IEEE Computer Society
Sponsored by the
LAN/MAN Standards Committee
IEEE
IEEE Std 802.1AEbn™‐2011
3 Park Avenue
(Amendment to
New York, NY 10016-5997
IEEE Std 802.1AE™-2006)
USA
14 October 2011
™
IEEE Std 802.1AEbn -2011
(Amendment to
IEEE Std 802.1AE™-2006)
IEEE Standard for
Local and metropolitan area networks—
Media Access Control (MAC) Security

Amendment 1: Galois Counter Mode—
Advanced Encryption Standard—
256 (GCM-AES-256) Cipher Suite
Sponsor
LAN/MAN Standards Committee
of the
IEEE Computer Society
Approved 10 September 2011
IEEE-SA Standards Board
Abstract: This amendment specifies the GCM-AES-256 Cipher Suite as an option in addition to the
existing mandatory to implement Default Cipher Suite, GCM-AES-128.
Keywords: authenticity, authorized port, confidentiality, data origin integrity, IEEE 802.1AEbn,
LANs, local area networks, MAC Bridges, MAC security, MAC Service, MANs, metropolitan area
networks, port based network access control, secure association, security, transparent bridging
The Institute of Electrical and Electronics Engineers, Inc.
3 Park Avenue, New York, NY 10016-5997, USA
All rights reserved. Published 14 October 2011. Printed in the United States of America.
IEEE and 802 are registered trademarks in the U.S. Patent & Trademark Office, owned by The Institute of Electrical and
Electronics Engineers, Incorporated.
PDF: ISBN 978-0-7381-6735-0 STD97152
Print: ISBN 978-0-7381-6736-7 STDPD97152
IEEE prohibits discrimination, harassment and bullying. For more information, visit http://www.ieee.org/web/aboutus/whatis/policies/p9-
26.html.
No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission
of the publisher.
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees of the
IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a consensus
development process, approved by the American National Standards Institute, which brings together volunteers
representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the
Institute and serve without compensation. While the IEEE administers the process and establishes rules to promote fairness
in the consensus development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the
information or the soundness of any judgments contained in its standards.
Use of an IEEE Standard is wholly voluntary. The IEEE disclaims liability for any personal injury, property or other
damage, of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting
from the publication, use of, or reliance upon this, or any other IEEE Standard document.
The IEEE does not warrant or represent the accuracy or content of the material contained herein, and expressly disclaims
any express or implied warranty, including any implied warranty of merchantability or fitness for a specific purpose, or that
the use of the material contained herein is free from patent infringement. IEEE Standards documents are supplied “AS IS.”
The existence of an IEEE Standard does not imply that there are no other ways to produce, test, measure, purchase, market,
or provide other goods and services related to the scope of the IEEE Standard. Furthermore, the viewpoint expressed at the
time a standard is approved and issued is subject to change brought about through developments in the state of the art and
comments received from users of the standard. Every IEEE Standard is subjected to review at least every five years for
revision or reaffirmation, or every ten years for stabilization. When a document is more than five years old and has not been
reaffirmed, or more than ten years old and has not been stabilized, it is reasonable to conclude that its contents, although still
of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the
latest edition of any IEEE Standard.
In publishing and making this document available, the IEEE is not suggesting or rendering professional or other services
for, or on behalf of, any person or entity. Nor is the IEEE undertaking to perform any duty owed by any other person or
entity to another. Any person utilizing this, and any other IEEE Standards document, should rely upon the advice of a
competent professional in determining the exercise of reasonable care in any given circumstances.
Interpretations: Occasionally questions may arise regarding the meaning of portions of standards as they relate to specific
applications. When the need for interpretations is brought to the attention of IEEE, the Institute will initiate action to prepare
appropriate responses. Since IEEE Standards represent a consensus of concerned interests, it is important to ensure that any
interpretation has also received the concurrence of a balance of interests.For this reason, IEEE and the members of its
societies and Standards Coordinating Committees are not able to provide an instant response to interpretation requests
except in those cases where the matter has previously received formal consideration. A statement, written or oral, that is not
processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered the official position
of IEEE or any of its committees and shall not be considered to be, nor be relied upon as, a formal interpretation of the
IEEE.At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall
make it clear that his or her views should be considered the personal views of that individual rather than the formal position,
explanation, or interpretation of the IEEE. Comments for revision of IEEE Standards are welcome from any interested
party, regardless of membership affiliation with IEEE. Suggestions for changes in documents should be in the form of a
proposed change of text, together with appropriate supporting comments. Recommendations to change the status of a
stabilized standard should include a rationale as to why a revision or withdrawal is required.
Comments and recommendations on standards, and requests for interpretations should be addressed to:
Secretary, IEEE-SA Standards Board
445 Hoes Lane
Piscataway, NJ 08854
USA
Authorization to photocopy portions of any individual standard for internal or personal use is granted by the Institute of
Electrical and Electronics Engineers, Inc., provided that the appropriate fee is paid to Copyright Clearance Center. To
arrange for payment of licensing fee, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive,
Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational
classroom use can also be obtained through the Copyright Clearance Center.

Introduction
This introduction is not part of IEEE Std 802.1AEbn-2011, IEEE Standard for Local and metropolitan area networks—
Media Access Control (MAC) Security—Amendment 1: Galois Counter Mode—Advanced Encryption Standard—
256 (GCM-AES-256) Cipher Suite.
The first edition of IEEE Std 802.1AE was published in 2006. This first amendment to that standard adds the
option of using the GCM-AES-256 Cipher Suite.
Relationship between IEEE Std 802.1AE and other IEEE Std 802 standards
IEEE Std 802.1X-2010 specifies Port-based Network Access Control, and provides a means of
authenticating and authorizing devices attached to a LAN, and includes the MACsec Key Agreement
protocol (MKA) necessary to make use of IEEE 802.1AE.
This standard is not intended for use with IEEE Std 802.11 Wireless LAN Medium Access Control. An
amendment to that standard, IEEE Std 802.11i-2004, also makes use of IEEE Std 802.1X, thus facilitating
the use of a common authentication and authorization framework for LAN media to which this standard
applies and for Wireless LANs.
Notice to users
Laws and regulations
Users of these documents should consult all applicable laws and regulations. Compliance with the
provisions of this standard does not imply compliance to any applicable regulatory requirements.
Implementers of the standard are responsible for observing or referring to the applicable regulatory
requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in
compliance with applicable laws, and these documents may not be construed as doing so.
Copyrights
This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private
uses. These include both use, by reference, in laws and regulations, and use in private self-regulation,
standardization, and the promotion of engineering practices and methods. By making this document
available for use and adoption by public authorities and private users, the IEEE does not waive any rights in
copyright to this document.
Updating of IEEE documents
Users of IEEE standards should be aware that these documents may be superseded at any time by the
issuance of new editions or may be amended from time to time through the issuance of amendments,
corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the
document together with any amendments, corrigenda, or errata then in effect. In order to determine whether
a given document is the current edition and whether it has been amended through the issuance of
amendments, corrigenda, or errata, visit the IEEE Standards Association website at http://
ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously.
iv Copyright © 2011 IEEE. All rights reserved.

For more information about the IEEE Standards Association or the IEEE standards development process,
visit the IEEE-SA website at http://standards.ieee.org.
Errata
Errata, if any, for this and all other standards can be accessed at the following URL: http://
standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errata
periodically.
Interpretations
Current interpretations can be accessed at the following URL: http://standards.ieee.org/findstds/interps/in-
dex.html.
Patents
Attention is called to the possibility that implementation of this amendment may require use of subject
matter covered by patent rights. By publication of this amendment, no position is taken with respect to the
existence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifying
Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity
or scope of Patents Claims or determining whether any licensing terms or conditions provided in connection
with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-
discriminatory. Users of this amendment are expressly advised that determination of the validity of any
patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further
information may be obtained from the IEEE Standards Association.
Participants
At the time this standard was submitted to the IEEE-SA for approval, the IEEE P802.1 Working Group had
the following membership:
Tony Jeffree, Chair
Paul Congdon, Vice Chair
Mick Seaman, Editor and Chair, Security Task Group
Eric Gray
Zehavit Alon Eric Multanen
Yafan An Yingjie Gu David Olsen
Ting Ao Craig Gunther Donald Pannell
Peter Ashwood-Smith Michael Johas Teener Glenn Parsons
Christian Boiger Stephen Haddock Mark Pearson
Paul Bottorff Hitoshi Hayakawa Joseph Pelissier
Rudolf Brandner Hal Keen Rene Raeber
Srikanth Keesara
Craig Carlson Karen T. Randall
Rodney Cummings Yongbum Kim Josef Roese
Claudio Desanti Philippe Klein Dan Romascanu
Zhemin Ding Oliver Kleineberg Jessy Rouyer
Donald Eastlake, III Michael Krause Ali Sajassi
Janos Farkas Lin Li Panagiotis Saltsidis
Donald Fedyk Jeff Lynch Rakesh Sharma
Norman Finn Ben Mack-Crane Kevin Stanton
David Martin Robert Sultan
Ilango Ganga
Geoffrey Garner John Messenger PatriciaThaler
Anoop Ghanwani John Morris Chait Tumuluri
Mark Gravel Maarten Vissers
The following members of the individual balloting committee voted on this standard. Balloters may have
voted for approval, disapproval, or abstention.
Thomas Alexander Atsushi Ito Robert Robinson
Butch Anton Raj Jain Benjamin Rolfe
Junghoon Jee Jessy Rouyer
Nancy Bravin
Herbert Ruck
William Byrd Tony Jeffree
Randall Safier
Radhakrishna Canchi Michael Johas Teener
Joseph Salowey
Keith Chow Shinkyo Kaku
Raymond Savarda
Charles Cook Piotr Karocki
Bartien Sayogo
Claudio DeSanti Stuart J. Kerry
Mick Seaman
Wael Diab Lior Khermosh
Shusaku Shimada
Patrick Diamond Yongbum Kim
Kapil Sood
Thomas Dineen Geoff Ladwig
Thomas Starai
Sourav Dutta Paul Lambert
Walter Struppler
Donald Fedyk William Lumpkins
Joseph Tardo
Yukihiro Fujimoto Greg Luri
Michael Johas Teener
Devon Gayle Elvis Maculuba
Patricia Thaler
Gregory Gillooly Edward McCall
Mark-Rene Uchida
Evan Gilman Michael McInnis
Dmitri Varsanofiev
Ron Greenthaler Gary Michel
Prabodh Varshney
Randall Groves Michael S. Newman
John Vergis
C. Guy Satoshi Obara
Hung-Yu Wei
John Hawkins Glenn Parsons
Brian Weis
David Hunter Karen T. Randall
Ludwig Winkel
Paul Isaacs Maximilian Riegel
Oren Yuen
vi Copyright © 2011 IEEE. All rights reserved.

When the IEEE-SA Standards Board approved this standard on 10 September 2011, it had the following
membership:
Richard H. Hulett, Chair
John Kulick, Vice Chair
Robert M. Grow, Past Chair
Judith Gorman, Secretary
Masayuki Ariyoshi
Gary Robinson
Jim Hughes
William Bartley
Joseph L. Koepfinger* Jon Walter Rosdahl
Ted Burse
Sam Sciacca
David J. Law
Clint Chaplin
Thomas Lee Mike Seavey
Wael Diab
Hung Ling Curtis Siller
Jean-Philippe Faure
Oleg Logvinov Phil Winston
Alexander Gelman
Ted Olsen Howard L. Wolfman
Paul Houzé
Don Wright
*Member Emeritus
Also included are the following nonvoting IEEE-SA Standards Board liaisons:
Satish Aggarwal, NRC Representative
Richard DeBlasio, DOE Representative
Michael Janezic, NIST Representative
Catherine Berger
IEEE Project Editor
Patricia Gerdon
IEEE Standards Program Manager, Technical Program Development
Contents
1. Overview. 2
1.1 Introduction. 2
1.2 Scope. 2
2. Normative references. 3
6. Secure provision of the MAC Service . 4
6.1 MACsec connectivity . 4
7. Principles of secure network operation. 5
8. MAC Security Protocol (MACsec). 6
9. Encoding of MACsec protocol data units. 7
9.8 Transmit SA status. 7
10. Principle of MAC Security Entity (SecY) operation . 8
11. MAC Security in Systems. 9
11.7 MACsec in Provider Bridged Networks. 9
14. Cipher Suites. 10
14.1 Cipher Suite use . 10
14.4 Cipher Suite conformance . 10
14.5 Default Cipher Suite (GCM-AES-128) . 11
14.6 GCM-AES-256 . 11
Annex B (informative) Bibliography. 13
Annex C (informative) MACsec Test Vectors. 14
C.1 Integrity protection (54-octet frame) . 15
C.2 Integrity protection (60-octet frame) . 18
C.3 Integrity protection (65-octet frame) . 21
C.4 Integrity protection (79-octet frame) . 24
C.5 Confidentiality protection (54-octet frame). 27
C.6 Confidentiality protection (60-octet frame). 30
C.7 Confidentiality protection (61-octet frame). 33
C.8 Confidentiality protection (75-octet frame). 36
Figures
Figure 11-14 Provider network with priority selection and aggregation. 9
Figure 14-1 Cipher Suite Protect and Validate operations . 10
x Copyright © 2011 IEEE. All rights reserved.

Tables
Table 14-1 MACsec Cipher Suites. 10
Table C-1 Unprotected frame (example) . 15
Table C-2 Integrity protected frame (example) . 15
Table C-3 GCM-AES-128 Key and calculated ICV (example) . 16
Table C-4 GCM-AES-256 Key and calculated ICV (example) . 17
Table C-5 Unprotected frame (example) . 18
Table C-6 Integrity protected frame (example) . 18
Table C-7 GCM-AES-128 Key and calculated ICV (example) . 19
Table C-8 GCM-AES-256 Key and calculated ICV (example) . 20
Table C-9 Unprotected frame (example) . 21
Table C-10 Integrity protected frame (example) . 21
Table C-11 GCM-AES-128 Key and calculated ICV (example) . 22
Table C-12 GCM-AES-256 Key and calculated ICV (example) . 23
Table C-13 Unprotected frame (example) . 24
Table C-14 Integrity protected frame (example) . 24
Table C-15 GCM-AES-128 Key and calculated ICV (example) . 25
Table C-16 GCM-AES-256 Key and calculated ICV (example) . 26
Table C-17 Unprotected frame (example) . 27
Table C-18 Confidentiality protected frame (example). 27
Table C-19 GCM-AES-128 Key, Secure Data, and ICV (example) . 28
Table C-20 GCM-AES-256 Key, Secure Data, and ICV (example) . 29
Table C-21 Unprotected frame (example) . 30
Table C-22 Confidentiality protected frame (example). 30
Table C-23 GCM-AES-128 Key, Secure Data, and ICV (example) . 31
Table C-24 GCM-AES-256 Key, Secure Data, and ICV (example) . 32
Table C-25 Unprotected frame (example) . 33
Table C-26 Confidentiality protected frame (example). 33
Table C-27 GCM-AES-128 Key, Secure Data, and ICV (example) . 34
Table C-28 GCM-AES-256 Key, Secure Data, and ICV (example) . 35
Table C-29 Unprotected frame (example) . 36
Table C-30 Confidentiality protected frame (example). 36
Table C-31 GCM-AES-128 Key, Secure Data, and ICV (example) . 37
Table C-32 GCM-AES-256 Key, Secure Data, and ICV (example) . 38
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Standard for
Local and metropolitan area networks—
Media Access Control (MAC) Security
Amendment 1: Galois Counter Mode—
Advanced Encryption Standard—
256 (GCM-AES-256) Cipher Suite
IMPORTANT NOTICE: This standard is not intended to ensure safety, security, health, or environmental
protection. Implementers of the standard are responsible for determining appropriate safety, security,
environmental, and health practices or regulatory requirements.
This IEEE document is made available for use subject to important notices and legal disclaimers. These
notices and disclaimers appear in all publications containing this document and may be found under the
heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.”They
can also be obtained on request from IEEE or viewed at http://standards.ieee.org/IPR/disclaimers.html.
NOTE—The editing instructions contained in this amendment define how to merge the material contained therein into
the existing base standard and its amendments to form the comprehensive standard.
The editing instructions are shown in bold italic. Four editing instructions are used: change, delete, insert,
and replace. Change is used to make corrections in existing text or tables. The editing instruction specifies
the location of the change and describes what is being changed by using strikethrough (to remove old
material) and underscore (to add new material). Delete removes existing material. Insert adds new material
without disturbing the existing material. Deletions and insertions may require renumbering. If so,
renumbering instructions are given in the editing instruction. Replace is used to make changes in figures or
equations by removing the existing figure or equation and replacing it with a new one. Editing instructions,
change markings, and this NOTE will not be carried over into future editions because the changes will be
incorporated into the base standard.
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Std 802.1AEbn-2011 AMENDMENT 1: GALOIS COUNTER MODE—ADVANCED
1. Overview
1.1 Introduction
Change the fourth paragraph as follows:
To deliver these benefits, MACsec has to be used in conjunction with appropriate policies for higher-level
protocol operation in networked systems, an authentication and authorization framework, and network
management. IEEE Std 802.1X P802.1af™ [B2] provides authentication and cryptographic key
distribution.
1.2 Scope
Change bullet i) as follows:
i) Specifies the interface/exchanges between a SecY and its associated and collocated MAC Security
Key Agreement Entity (KaY, IEEE Std 802.1X P802.1af [B2]) that provides and updates
cryptographic keys.
Change bullet o) as follows:
o) Specify how the relationships between MACsec protocol peers are discovered and authenticated, as
supported by key management or key distribution protocols, but makes use of IEEE Std 802.1X
P802.1af Key Agreement for MAC security to achieve these functions.
2 Copyright © 2011 IEEE. All rights reserved.

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
ENCRYPTION STANDARD—256 (GCM-AES-256) CIPHER SUITE IEEE Std 802.1AEbn-2011
2. Normative references
Insert the following references at the appropriate point:
TM
IEEE Std 802.1X -2010, IEEE Standard for Local and Metropolitan Area Networks: Port-based Network
Access Control.
TM
IEEE Std 802.1Q , IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area
Networks.
NIST SP 800-38D, Nov 2007, Recommendation for Block Cipher Modes of Operation: Galois/Counter
Mode (GCM) and GMAC.
Delete the following reference and the accompanying footnote:
Galois Counter Mode of Operation (GCM), David A. McGrew, John Viega.
Delete the following references:
IEEE Std 802.1Q-2005, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local
Area Networks.
IEEE Std 802.1X-2004, IEEE Standard for Local and Metropolitan Area Networks: Port Based Network
Access Control.
TM
IEEE Std 802.1ad -2005, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged
Local Area Networks—Amendment 4: Provider Bridges.
This document is available at http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Std 802.1AEbn-2011 AMENDMENT 1: GALOIS COUNTER MODE—ADVANCED
6. Secure provision of the MAC Service
6.1 MACsec connectivity
Change the first paragraph as follows:
The connectivity provided (6.2) between the MAC Internal Sublayer Service (ISS) access points of stations
connected to a single LAN composes an insecure association between communicating stations. Key
agreement protocols as defined in IEEE P802.1af IEEE Std 802.1X establish and maintain a secure
Connectivity Association (CA), which is a fully (i.e., symmetric and transitive) connected subset of the ISS
service access points. Each instance of MACsec operates within a single CA.
4 Copyright © 2011 IEEE. All rights reserved.

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
ENCRYPTION STANDARD—256 (GCM-AES-256) CIPHER SUITE IEEE Std 802.1AEbn-2011
7. Principles of secure network operation
Change bullet d) as follows:
d) MACsec Key Agreement Entities (IEEE P802.1afIEEE Std 802.1X)
7.1.2 Use of the secure MAC Service by bridges
Change NOTE 1 as follows:
NOTE 1—Using an SC identifier that includes a port number component would appear to be unnecessary in the case of
a simple system that comprises a single LAN station, with a uniquely allocated 48-bit MAC address, and a single SecY.
However, some systems require support for more SecYs than they have uniquely allocated addresses, either because they
make use of technologies that support virtual MACs, or because their interface stacks include the possibility of including
multiple SecYs at different sublayers. Provider bridges (IEEE Std 802.1ad-2005IEEE Std 802.1Q) provide examples of
the latter.
7.3.1 Client policies
Change NOTE 1 as follows:
NOTE 1—To facilitate policy selection by clients of the secure MAC Service, IEEE P802.1af IEEE Std 802.1X specifies
authorized permissions, including those required by MAC Bridges (IEEE Std 802.1D) and VLAN-aware Bridges (IEEE
Std 802.1Q) to support the secure MAC Service in Bridged and Virtually Bridged Local Area Networks.
7.3.2 Use of the secure MAC Service by bridges
Change NOTE 1 as follows:
NOTE 1—The apparent exception to this configuration restriction, which does not permit the creation of security
associations to create “secure tunnels” through selected bridges in a Bridged Local Area Network, is the use of a
Provider Bridged Network as specified in IEEE Std 802.1ad-2005IEEE Std 802.1Q. However, a Provider Bridged
Network appears to Customer Bridges as a single LAN providing full connectivity independent of the operation of
Customer Bridge protocols.
Change NOTE 2 as follows:
NOTE 2—Use of this address ensures that the physical topology as perceived by spanning tree protocols aligns with that
provided by MAC Security. In Provider Bridged Networks, the Provider Bridge Group Address is used. An exception to
the alignment rule occurs with certain types of interface that are supported by Provider Bridge Networks, where a
provider operated C-VLAN (see IEEE Std 802.1ad-2005IEEE Std 802.1Q) aware component provides the customer
interface.
Change bullet d) as follows:
d) Configuration of the VLAN Translation Table (IEEE Std 802.1ad-2005 only)
Change NOTE 3 as follows:
NOTE 3—A Bridge Port is one of the bridge’s points of attachment to an instance of the MAC Internal Sublayer Service
(ISS), and is used by the MAC Relay Entity and associated Higher-Layer Entities as specified in IEEE Std 802.1D, and
IEEE Std 802.1Q, and IEEE Std 802.1ad.
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Std 802.1AEbn-2011 AMENDMENT 1: GALOIS COUNTER MODE—ADVANCED
8. MAC Security Protocol (MACsec)
8.1.3 Interoperability requirements
Change the third paragraph as follows:
Where the underlying MAC Service used by MACsec is supported by a Provider Bridged Network
(IEEE Std 802.1adIEEE Std 802.1Q), communicating SecYs can be attached to different media operating
(locally) at different transmission rates. Interoperability between, for example, 10 Gb/s and 1 Gb/s, and
between 1 Gb/s and 100 Mb/s requires interoperability across the speed range. The design of MACsec
facilitates interoperability from 1 Mb/s to 100 Gb/s without modification or negotiation of protocol formats
and parameters. Operation at higher transmission rates depends on the capabilities of the Cipher Suite. The
mandatory default Cipher Suite has been selected (Clause 14) in part because of its ability to perform across
this range.
6 Copyright © 2011 IEEE. All rights reserved.

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
ENCRYPTION STANDARD—256 (GCM-AES-256) CIPHER SUITE IEEE Std 802.1AEbn-2011
9. Encoding of MACsec protocol data units
9.8 Transmit SA status
Change the NOTE, as follows:
NOTE—As specified in this clause, the The IV used by the dDefault Cipher Suite (GCM-AES-128) (14.5) and the
GCM-AES-256 Cipher Suite (14.6) comprises the SCI (even if the SCI is not transmitted in the SecTAG) and the PN.
Subject to proper unique MAC Address allocation procedures, the SCI is a globally unique identifier for a SecY. To
satisfy the IV uniqueness requirements of CTR mode of operation, a fresh key is used before PN values are reused.
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Std 802.1AEbn-2011 AMENDMENT 1: GALOIS COUNTER MODE—ADVANCED
10. Principle of MAC Security Entity (SecY) operation
10.7.22 Transmit SA status
Insert a further bullet e) directly after the existing bullet d), as follows:
e) nextPN (10.6, 10.6.5)
8 Copyright © 2011 IEEE. All rights reserved.

ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
ENCRYPTION STANDARD—256 (GCM-AES-256) CIPHER SUITE IEEE Std 802.1AEbn-2011
11. MAC Security in Systems
11.7 MACsec in Provider Bridged Networks
Change the first paragraph as follows:
Provider Bridges are specified in the IEEE Std 802.1ad amendment to IEEE Std 802.1Q. Provider Bridges
(IEEE Std 802.1Q) enable service providers to use VLANs to offer the equivalent of separate LANs to
different users. Data for each of the virtual LANs is segregated within the provider’s network by using a
Service VLAN TAG (S-TAG) that is distinguished, by EtherType, from the Customer VLAN-TAGs (C-
TAGs) used within each customer’s network. See Figure 11-12.
Change the NOTE as follows:
NOTE—Figure 11-12 is based on Figure 15-1 of IEEE Std 802.1ad-2005IEEE Std 802.1Q.
Change the paragraph describing Figure 11-14 as follows:
Figure 11-14 shows the addition of the service access priority selection function described in 6.9 of IEEE
Std 802.1adIEEE Std 802.1Q to the interface stack of Figure 11-13, together with the use of Link
Aggregation to support attachment to the provider’s network with two LANs.
Replace Figure 11-14 with the following figure, which changes the prior reference to IEEE
Std 802.1ad Clause 6.9 to a reference to IEEE Std 802.1Q Clause 6.9:
Higher Layer
Entities
LLC
MAC Relay
Entity
(EISS)
802.1Q Clause 6.7
(VLAN tagging)
(ISS) (ISS)
802.1Q Clause 8.5.1
(Bridge Port connectivity)
(Secure ISS) (ISS)
MAC Security across provider’s network
MACsec (SecY & KaY)
(Secure ISS)
802.1Q Clause 6.9
(Priority S-tagging)
(Secure ISS)
Link Aggregation
(Insecure ISS) (Secure ISS) (Insecure ISS)
(Secure ISS)
MAC Security to provider’s network
MACsec (SecY & KaY) MACsec (SecY & KaY)
LAN MAC LAN MAC
Figure 11-14—Provider network with priority selection and aggregation
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
IEEE Std 802.1AEbn-2011 AMENDMENT 1: GALOIS COUNTER MODE—ADVANCED
14. Cipher Suites
14.1 Cipher Suite use
Change footnote 2 in Figure 14-1 as follows:
SAK SAK
SCI SCI
3 4
PN PN PN
Destination Address Destination Address Destination Address
Source Address PROTECT Source Address VALIDATE Source Address
5 6
SecTAG SecTAG SecTAG
7 8 7
User Data Secure Data User Data
ICV VALID
The SAK to be used on receipt of the frame is identified by the SCI and the AN.
The SCI is extracted from the SCI field of the SecTAG if present. A value conveyed by key agreement (point-to-point only) is used otherwise.
In the GCM-AES-128 and GCM-AES-256 Cipher Suites (14.5, 14.6), the SCI is always included in the IV parameter whether included in the SecTAG or
not (and thus always contributes to the ICV). However the Cipher Suite parameter A includes the SCI if and only if the SCI is included in the SecTAG .
The PN is conveyed in the SecTAG
The validated PN can be used for replay protection.
All the transmitted octets of the SecTAG are protected, including the optional SCI field if present
The validated received SecTAG contains bits of the TCI, and optionally the SCI, these can be used for service multiplexing (11.7).
The length, in octets, of the User Data is conveyed by the User Data parameter, and is protected by Cipher Suite operation.
The length, in octets, of the Secure Data is conveyed by the MACsec frame, unless it is short, when it is conveyed by the SL parameter in the SecTAG TCI
Figure 14-1—Cipher Suite Protect and Validate operations
14.4 Cipher Suite conformance
Change Table 14-1 as follows:
Table 14-1—MACsec Cipher Suites
Services
provided
Cipher Suite #
Cipher Suite Name Mandatory/Optional
Identifier
00-80-02-00-01-00-00-01
GCM-AES-128 Yes Yes Mandatory 14.5
00-80-C2-00-01-00-00-01
00-80-C2-00-01-00-00-02 GCM-AES-256 Yes Yes Optional 14.6
Delete the NOTE after the table as follows:
NOTE—Currently, Table 14-1 does not include any optional Cipher Suites.
10 Copyright © 2011 IEEE. All rights reserved.
Integrity without
confidentiality
Integrity and
confidentiality
Defining Clause
ISO/IEC/IEEE 8802-1AE:2013/Amd.1:2015(E)
ENCRYPTION STANDARD—256 (GCM-AES-256) CIPHER SUITE IEEE Std 802.1AEbn-2011
Insert the following NOTE after the paragraph beginning “Table 14-1 assigns a Cipher Suite
reference number for use in protocol identification within a MACsec context”:
NOTE—In IEEE Std 802.1AE-2006 (the first edition of this standard) the Cipher Suite Identifier for GCM-AES-128
was incorrectly shown as 00-80-02-00-01-00-00-01 in Table 14-1. Prior to the inclusion of GCM-AES-256, GCM-AES-
128 was the only conformant Cipher Suite. IEEE Std 802.1X uses a reserved encoding for the Default Cipher Suite
rather than the Cipher Suite Identifier to identify GCM-AES-128.
Change 14.5 as follows:
14.5 Default Cipher Suite (GCM-AES-128)
The Default Cipher Suite uses the Galois/Counter Mode of Ooperation with the AES-128 symmetric block
cipher, as specified in this clause by reference to the terms K, IV, A, P, C, T used in section 2.1 of the GCM
specification (GCM) as submitted to NIST NIST SP 800-38D.
K is the 128 bit SAK. The 64 most significan
...