SCION — Scalability, Control, and Isolation on Next-Generation Networks — is a secure and reliable inter-domain routing protocol. It empowers Internet Service Providers (ISPs) and other service providers to establish new products and services. SCION can even enable completely new business models. It combines performance and reliability with strong security properties, such as the guarantee that packets will travel only along previously authorized paths, eradicating the traffic-attraction attacks of today’s Internet and enabling sophisticated traffic control such as geofencing.
Designed by researchers at ETH Zürich, Carnegie Mellon University, and other partner institutions, SCION is now deployed for critical infrastructure communication by industry and government. SCION is natively secure and multipath:
- Multipath and traffic engineering: SCION provides strong control over traffic paths, and explicit trust information for end-to-end communication. SCION hosts can use multiple paths, leveraging all network links for optimal performance. This opens new traffic engineering scenarios.
- Reliability: Multipath routing enables the simultaneous use of multiple network paths, enabling rapid failover to redundant paths within milliseconds. Thanks to a sovereign Internet infrastructure, network operation is possible even in the presence of adversaries.
- Security and control: Routing information is always authenticated. Thanks to formal verification, SCION provides strong assurance for its security properties. Routing attacks are impossible by design, and communication is guaranteed despite DDoS attacks. Path control enables routing traffic around untrusted infrastructure or jurisdictions.
How does it work?
SCION is a clean-slate architecture, overcoming limitations of today’s IP and BGP-based Internet. It builds upon three concepts:
- Explicit and transparent trust (see Figure 1). SCION Autonomous Systems (ASes) are grouped into isolation domains (ISDs), establishing a uniform trust environment. ISDs provide transparency and control over the roots of trust that need to be relied upon. A compromised or faulty ISD does not affect others, allowing sovereign network operation.
- Secure multipath routing. A distributed control plane constructs and disseminates path segments. Routing information is propagated through beaconing, and it is protected cryptographically. SCION is used for inter-domain routing only, allowing ISPs to reuse existing intra-domain network infrastructure.
- Authenticated packet forwarding (see Figure 2). SCION hosts combine path segments into end-to-end paths. Packets carry the authenticated forwarding state, so routers are simple and efficient thanks to the absence of inter-domain forwarding tables. As packets contain the full end-to-end path, geofencing is possible.
Regular IP hosts can benefit from SCION thanks to a SCION IP Gateway (SIG) that encapsulates IP into SCION packets.
Multipath opens new business models for ISPs
Time will tell which additional business models are invented and which will ultimately be successful in the Internet of the 21st century. However, SCION ISPs can provide premium paths (with a lower latency) to customers and new LEO satellite networks paths can be integrated in SCION. Dynamic path selection enables path optimization according to a set of policies such as latency, bandwidth, trust, and so on.
In addition, ISPs are empowered to build sovereign networks, with strict geofencing rules that enforce residency even for data in transit. Our recent research is also looking into how a CO2 footprint can be considered when it comes to path selection, so with incentivizing low carbon footprint routing, traffic could flow towards the ISPs who produce less CO2 per packet.
An architecture used for critical infrastructure
Today’s private connectivity solutions such as leased lines, MPLS, or SD-WAN, offer connectivity with stronger guarantees than the public Internet but are mostly limited to a single ISP or vendor deployment.
SCION is federated like the Internet, and therefore it is well suited for scenarios where heterogeneous organizations and ISPs interconnect. As an example, the Secure Swiss Finance Network (SSFN) leverages SCION to provide a reliable and secure communication fabric for Swiss finance. The network spans across multiple ISPs and financial institutions.
Why SCION? Isn’t RPKI good enough?
“Securing origin-AS doesn’t stop bad things from happening”George Michaelson, APNIC Blog.
The issue is that RPKI protects route origins, but not the path. This leaves RPKI-enabled networks exposed to traffic redirects and snooping. In addition, RPKI does not address other fundamental issues behind BGP, such as convergence time, or the fact that everyone needs to agree on a few trust roots.
Great, how do I connect?
As an ISP, you can join SCION by deploying one or more SCION routers at the edge of your network. SCION routers run as software on commodity server hardware, minimizing adoption costs.
Within your network, SCION reuses existing intra-domain connectivity, so there are no changes required. You can connect to the global production network by peering with another SCION ISP. In Switzerland, Swiss-IX offers a dedicated SCION peering mesh where peering with all the major Swiss SCION ISPs and Anapaya is possible. Further peering opportunities with Anapaya are available at Equinix Frankfurt, Equinix Singapore, and Hong Kong Mega-I. In South Korea, LGU+ is available for peering in various sites.
We also run SCIONLab, a global overlay research and development network. You can join, run your own SCION ASes, and experiment with the unique properties of the SCION architecture.
Nicola Rustignoli is a research assistant in Network Security at ETH Zürich, where he is responsible for deploying and promoting SCION.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.