Who has not suffered insecurities, breach of service and breach of networks in recent years? The SCION project is the solution.
The Next Generation Internet needs to offer a high degree of security to enable trustworthy communication despite omnipresent adversaries. Since vulnerabilities are extremely difficult to detect during reviews and testing, the NGI must be based on solid foundations: security properties must be certified through formal proofs.
Our interview about SCION
A bit of context… How is SCION different?
SCION (Scalability, Control, and Isolation On Next-Generation Networks) is a proposed Future Internet architecture that aims to be efficient even in the presence of actively malicious network operators; and is already in active use by financial institutions, ETH domain institutions, and the Swiss government.
The SCION architecture is path aware. It uncovers several possible paths between hosts and enables them to select the communication path among the ones offered. The paths are cryptographically protected to avoid the malicious creation of so-called “Frankenpaths” that were not offered. SCION can provide dozens of path choices, while in today’s Internet Multipath TCP needs to rely on different network interfaces, so for instance a user with a mobile phone has Cellular plus Wifi, providing 2 paths at best.
What need does it solve?
Vulnerabilities in widely-used protocols such as BGPSEC, SSL, and 5G authentication illustrate that established engineering approaches – largely based on reviews and testing – are insufficient to ensure security. Moreover, even if a protocol is secure, its implementation might introduce (intended or unintended) vulnerabilities such as backdoors.
<< Vulnerabilities in widely-used protocols such as BGPSEC, SSL, and 5G authentication illustrate insufficient efforts to ensure the security of advanced protocols for distributed systems. >>
It is, therefore, imperative that the security and availability of the NGI is ensured by formal proofs for the design and implementation.
How does it pay with current networks?
How does SCION interface with the networking infrastructure? SCION essentially can make use of network infrastructure in the same way today’s Internet uses layer-2 connectivity. In other words, surprisingly few changes are needed to deploy SCION at an ISP or end domain.
So where is the SCION revolution going to start from?
It seems SCION adoption is taking off in the banking system, followed by government, research organizations, and ISPs. One company reportedly wants to start selling a product for public infrastructure; and another one wants to sell routers with SCION connectivity. Anapaya Systems (Peter and Adrian are co-founders, among others) is commercializing SCION as well.
<< Benefits include lower latencies (20 to 40%!) and improved bandwidth through the simultaneous use of several connections, enabling high-performance file transfer and high availability connectivity. >>
<< Quick recovery from inter-domain failures and geo-fencing are other use-cases customers are interested in. >>
How many people work on SCION?
Open process in standardization: around 60 researchers around the world are actively working on SCION today (March, 2021).
How about VerifiedSCION funded by NGI Pointer?
The keyword is verification.The project will verify that the SCION protocol is secure, for instance, that packets can travel only along authorized paths and that attacks can be detected. However, the project won’t stop there: It will also demonstrate that it is feasible to prove that SCION’s open-source version implements the protocol correctly and is free from backdoors and other vulnerabilities.
How it is unique?
<< This verification needs to happen “statically”: the check is done once and for all, for all possible executions. This is a much stronger guarantee than tests at run-time. >>
VerifiedSCION concentrates on preventing vulnerabilities in the SCION protocol and implementation itself, but trusts the compiler, libraries, OS, and hardware. Thereby, it reduces the attack surface substantially.
<< Crucially, we will demonstrate that the code-level verification can be performed by industrial developers rather than formal-methods experts, which is essential for widespread adoption >>
This is one of the Next Generation Internet architecture podcast series about groundbreaking projects that makes the internet more friendly, efficient and green.