SCION (Internet architecture)

SCION (Scalability, Control, and Isolation On Next-Generation Networks) is a Future Internet architecture that aims to offer high availability and efficient point-to-point packet delivery with network path selection, even in the presence of actively malicious network operators and devices. It has been developed by researchers at ETH Zurich since 2009, is deployed in production networks, and is currently being explored by the IETF Path Aware Networking Research Group.

Goals

Availability in the presence of distributed adversaries: As long as an attacker-free path between endpoints exists, it should be discovered and utilized with guaranteed bandwidth.
Transparency and Control: Separation of control and data planes by encoding paths as packet-carried forwarding state (PCFS) in the packet header, as well as enabling of multipath communication for enhanced availability ^[1] and defense against network attacks.
Efficiency, Scalability, and Extensibility: Packet forwarding is at least as efficient in latency and throughput as current IP in common cases and more scalable with respect to BGP and the size of routing tables. Achieved by storing state in packet headers and protecting them cryptographically, using modern block ciphers such as AES that can be computed very efficiently (within 10ns on a modern CPU ^[2]).
Support for Global but Heterogeneous Trust: Scale the authentication of entities to a global environment ^[3] and utilizing trust agility ^[4] so each end host or user can know the complete set of trust roots for the validation of a certificate.
Deployability: Deployment should only require installation or upgrade of a few border routers, thus requiring minimal added complexity to the existing infrastructure. In addition, it should not disrupt current Internet topology and business models/relationships (e.g., should still support peering).

Isolation domains and autonomous systems

SCION introduces the concept of an isolation domain (ISD) which is a logical grouping of autonomous systems (ASes), administered by a smaller subset of the ASes that constitute the ISD core.^[5] The ISD is governed by a policy, called the trust root configuration (TRC), which is negotiated by the ISD core and defines the roots of trust that are used to validate bindings between names and public keys or addresses. ASes within an ISD can be connected by core links, customer-provider links, or peering links, representative of the relationship between the ASes.

Within an AS there are several services such as:

Beacon Servers - responsible for beaconing which is a process to generate, receive, and propagate messages called path-segment construction beacons (PCBs) to construct path segments and explore routing paths.
Path Servers - storage for mappings of AS to path that were discovered during beaconing.
Name Servers - perform name translation similar to DNS by using RAINS^[5] to retrieve (ISD, AS) tuple that can be used to find and construct end-to-end paths.
Certificate Servers - cache for copies of TRCs retrieved from the ISD core, AS certificates, and key management for securing inter-AS communication.
Border Routers - used for SCION packet forwarding to the next SCION border router or to the destination host within the destination AS.

Control plane

The control plane is responsible for discovering networking paths and making those paths available to end hosts. Inter-domain beaconing connects ISDs by enabling core ASes to learn paths to other core ASes while intra-domain beaconing allows non-core ASes to learn path segments to core ASes. The SCION control plane operates at the AS level, while communication within an AS is governed by existing intra-domain communication technologies and protocols (e.g. OSPF, SDN, MPLS).

To reach a remote destination, a host performs a path lookup at its local path server to obtain up-segments (from source AS to the core), down segments (from core AS to destination AS), and core segments (between core ASes) in the case these up and down segments end at different core ASes. Paths can be combined as desired, possibly using peering links where available.

Data plane

A SCION packet minimally contains a path and the data plane ensures packet forwarding using the provided paths. Forwarding utilizes a split of locator (AS-level path) and identifier (the destination address), like in the Locator/Identifier Separation Protocol (LISP).^[6] As a result, SCION border routers forward packets based on the AS-level path in the packet header without inspecting the destination address and also without consulting an inter-domain routing table. The destination address can have any format that the destination AS can interpret because only the border router at the destination AS needs to inspect the destination address to forward it to the appropriate local host. The destination can respond to the source by inverting the end-to-end path from the packet header, or it can perform its own path lookup and path-segment construction.

Security

Similar to BGPsec, each AS signs the PCBs it forwards. This signature enables PCB validation by all entities. To ensure path correctness, the forwarding information within each packet is also cryptographically protected. Each AS uses a secret symmetric key that is shared among beacon servers and border routers and is used to efficiently compute a message authentication code (MAC) over the forwarding information. The per-AS information includes the ingress and egress interfaces, an expiration time, and the MAC computed over these fields, which is (by default) all encoded within an 8-byte field referred to as a hop field (HF).

Standardization

Internet Drafts submitted to the Internet Engineering Task Force standards process:

SCION Control Plane PKI
SCION Control Plane
SCION Data Plane

Deployment and commercial operations

SCION is running on a number of nodes around the world. It has been utilized for the Secure Swiss Finance Network (SSFN), the SCION Education, Research and Academic Network, the SwissIX, and is being deployed on the Swiss Health Info Net (HIN).

In 2017, Adrian Perrig together with fellow professors David Basin and Peter Müller at the Department of Computer Science at ETH Zurich, founded the spin-off Anapaya Systems to develop a commercial implementation of SCION.^[7]

In 2022, the SCION Association was founded by the Swiss National Bank, SIX, ETH Zurich and Uli Sigg to promote SCION and develop SCION Proto, the open source implementation of SCION. The SCION Association is a non-profit organization whose members include Anapaya Systems, Swisscom, SWITCH, Cyberlink, Sunrise, AXPO, DIDAS, Eraneos, libC Technologies, OVGU Magdeburg, and the Swiss Finance + Technology Association.

References

^ David G. Andersen, Hari Balakrishnan, M. Frans Kaashoek, and Robert Morris. Resilient overlay networks. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP), October 2001. Pages 9, 24, and 192.
^ Kahraman Akdemir, Martin Dixon, Wajdi Feghali, Patrick Fay, Vinodh Gopal, Jim Guilford, Erdinc Ozturk, Gil Wolrich, and Ronen Zohar. Breakthrough AES performance with Intel AES New Instructions. White paper, June, 2010. Page 11.
^ Martin Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, and Yinglian Xie. Global authentication in an untrustworthy world. In Proceedings of Workshop on Hot Topics in Operating Systems (HotOS), May 2013. Page 10.
^ Moxie Marlinspike. SSL and the future of authenticity. https://moxie.org/blog/ssl-and-the-future-of-authenticity/, Apr 2011. Page 10.
^ a b Perrig, Adrian; Szalachowski, Pawel; Reischuk, Raphael M.; Chuat, Laurent (2017). SCION: A Secure Internet Architecture (PDF). Springer International Publishing AG. doi:10.1007/978-3-319-67080-5. ISBN 978-3-319-67080-5. S2CID 26748541.
^ Dino Farinacci, Vince Fuller, David Meyer, and Darrel Lewis. The locator/ID separation protocol (LISP). RFC 6830, January 2013. Page 25.
^ "A secure internet isn't science fiction". inf.ethz.ch. Retrieved 2021-02-18.

External links

SCION Official Website
SCION Project Website
IETF Path-Aware Networking Research Group