MACsec and AES-GCM Hardware Architecture with Frame Preemption Support for Transport Security in Time Sensitive Networking

Time Aware Shaping (TAS) and Frame Preemption are part of the Time Sensitive Networking (TSN) extensions to the existing Ethernet standard. To address the very tight timing requirements of time-critical applications, the combination of both extensions can provide the lowest possible latency to Ethernet frames transporting time-critical data. TAS grants the ability to transmit traffic in a time-driven manner, and Frame Preemption permits the interruption or preemption of lower priority frames (preemptable traffic) transmission so that higher priority frames (express traffic) can be dispatched. Security in TSN is crucial and a considerable number of threats exist that put the operation of time-sensitive systems under high risk. MACsec is a security protocol whose security features make it a suitable solution to protect the TSN transport network. However, there are implementation considerations that MACsec needs to address for its integration with TAS and Frame Preemption. This paper presents the MACsec integration requirements for TSN and proposes a TSN-compliant MACsec hardware architecture. The architecture includes a TDM-based AES-GCM component with Frame Preemption support to simultaneously protect express and preemptable traffic in TSN networks. This paper evaluates the proposed architecture for its implementation on FPGA devices and for its impact on the network performance. As a result, the architecture provides a reduction of 35.8% in resource utilization with a minimal cost of a 4.44% increase in latency.