|
| Proposition | MACsec | OPC-UA (OPC - gateway) |
| Confidentiality | Chacha20/AES-GCM | AES-GCM | Basic, AES |
| Integrity | Poly1305/GCM | GCM + ICV | SHA256 RSA Sign |
| Keys | Certificates MSK SK + N | PSK (CAK, CKN) KEK + ICV SAK | Certificates + Master Key |
| Authentication | Radius EAP-TLS Certificates | Radius EAP-AKA | TLS Anonym/User/ Certificate |
| Key Derivation | scrypt (robust but slow) | AES-ECB => (KEK, ICV) AES-CMAC KDF AES Key Wrap | PSK/xxDH(E) |
| Performance | Software I0 not measured | Software/Hardware I0 = 30 ms | Software I0 = 100 - 300 ms |
| Cost (with HW upgrade) | ++ | ++(+++) | ++(++) |
| Security | Light/Strong | Strong | Light (Basic)/ Strong (AES) |
| Certified | No | Yes | Yes |