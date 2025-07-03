StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security.

Building on the proven security foundation of StealthAES, StealthMACsec delivers line-rate processing up to 10 Gbps on FPGA and even faster on ASIC while maintaining the highest levels of protection against sophisticated attacks.

As Ethernet networks become increasingly critical to defense, industrial, and embedded systems, the need for link-layer security has never been greater. StealthMACsec addresses this challenge by providing complete IEEE 802.1AE-2018 compliance with scalable SA architecture supporting 1 to 512 security associations, automatic SA lifecycle management, and hardware-based replay protection.

“StealthMACsec represents a natural evolution of our security IP portfolio, extending our proven side-channel countermeasures to Ethernet networks. With the increasing sophistication of network-based attacks, organizations need MACsec solutions that protect not just against traditional threats, but also against physical and side-channel vulnerabilities,” said Stuart Audley, President of StealthCores.

Key features and capabilities

StealthMACsec leverages the same advanced countermeasures that have made StealthAES resistant to over 1 billion side-channel attack traces. The IP features four AXI4 Stream interfaces with configurable width (32/64/128-bit) for seamless integration into existing FPGA and ASIC designs, while supporting multi-peer network topologies through its scalable SA database.

The engine implements complete transmit and receive path processing, including frame classification, SecTAG insertion, GCM-AES-256 encryption/decryption, ICV generation and validation, and automatic packet number management. Hardware-based replay protection provides defense against replay attacks, while the scalable architecture enables deployment in everything from point-to-point links to large multi-peer networks.

Performance and Integration

StealthMACsec delivers impressive performance across multiple FPGA platforms, achieving up to 10 Gbps throughput on Xilinx UltraScale+ devices, 5 Gbps on Microchip PolarFire, and 9 Gbps on Intel Agilex 5 FPGAs. The standardized AXI4 Stream interfaces enable rapid integration, while comprehensive documentation and expert support ensure successful deployment.

“The combination of standards compliance, advanced security features, and high performance makes StealthMACsec ideal for mission-critical applications where both throughput and security are non-negotiable,” added Audley. “From defense systems requiring secure backplane communications to industrial networks protecting critical infrastructure, StealthMACsec provides the security foundation these applications demand.”

Target applications

StealthMACsec targets a wide range of applications requiring secure Ethernet communications, including:

Embedded systems with inter-module communications

Defense and aerospace systems with secure backplane links and sensor fusion requirements

Critical infrastructure protection for control systems and real-time data security

StealthMACsec is available now for FPGA and ASIC implementations.