SCION (Internet architecture)
SCION (Scalability, Control, and Isolation On Next-Generation Networks) is a proposed Future Internet architecture that aims to offer high availability and efficient point-to-point packet delivery, even in the presence of actively malicious network operators and devices. As of 2018 it is an ongoing research project lead by researchers at ETH Zurich and, among other Future Internet proposals, is being explored in the Internet Engineering Task Force research group for path-aware networking.
- Availability in the presence of distributed adversaries: As long as an attacker-free path between endpoints exists, it should be discovered and utilized with guaranteed bandwidth.
- Transparency and Control: Separation of control and data planes by encoding paths as packet-carried forwarding state (PCFS) in the packet header, as well as enabling of multipath communication for enhanced availability  and defense against network attacks.
- Efficiency, Scalability, and Extensibility: Packet forwarding is at least efficient in latency and throughput as current IP in common cases and more scalable with respect to BGP and the size of routing tables. Achieved by storing state in packet headers and protecting them cryptographically, using modern block ciphers such as AES that can be computed very efficiently (within 10ns on a modern CPU ).
- Support for Global but Heterogeneous Trust: Scale the authentication of entities to a global environment  and utilizing trust agility  so each end host or user can know the complete set of trust roots for the validation of a certificate.
- Deployability: Deployment should only require installation or upgrade of a few border routers, thus requiring minimal added complexity to the existing infrastructure. In addition, it should not disrupt current Internet topology and business models/relationships (e.g., should still support peering).
Isolation domains and autonomous systems
SCION introduces the concept of an isolation domain (ISD) which is a logical grouping of autonomous systems (ASes), administered by a smaller subset of the ASes that constitute the ISD core. The ISD is governed by a policy, called the trust root configuration (TRC), which is negotiated by the ISD core and defines the roots of trust that are used to validate bindings between names and public keys or addresses. ASes within an ISD can be connected by core links, customer-provider links, or peering links, representative of the relationship between the ASes.
Within an AS there are several services such as:
- Beacon Servers - responsible for beaconing which is a process to generate, receive, and propagate messages called path-segment construction beacons (PCBs) to construct path segments and explore routing paths.
- Path Servers - storage for mappings of AS to path that were discovered during beaconing.
- Name Servers - perform name translation similar to DNS by using RAINS to retrieve (ISD, AS) tuple that can be used to find and construct end-to-end paths.
- Certificate Servers - cache for copies of TRCs retrieved from the ISD core, AS certificates, and key management for securing inter-AS communication.
- Border Routers - used for SCION packet forwarding to the next SCION border router or to the destination host within the destination AS.
The control plane is responsible for discovering networking paths and making those paths available to end hosts. Inter-domain beaconing connects ISDs by enabling core ASes to learn paths to other core ASes while intra-domain beaconing allows non-core ASes to learn path segments to core ASes. The SCION control plane operates at the AS level, while communication within an AS is governed by existing intra-domain communication technologies and protocols (e.g. OSPF, SDN, MPLS).
To reach a remote destination, a host performs a path lookup at its local path server to obtain up-segments (from source AS to the core), down segments (from core AS to destination AS), and core segments (between core ASes) in the case these up and down segments end at different core ASes. Paths can be combined as desired, possibly using peering links where available.
A SCION packet minimally contains a path and the data plane ensures packet forwarding using the provided paths. Forwarding utilizes a split of locator (AS-level path) and identifier (the destination address), like in the Locator/Identifier Separation Protocol (LISP). As a result, SCION border routers forward packets based on the AS-level path in the packet header without inspecting the destination address and also without consulting an inter-domain routing table. The destination address can have any format that the destination AS can interpret because only the border router at the destination AS needs to inspect the destination address to forward it to the appropriate local host. The destination can respond to the source by inverting the end-to-end path from the packet header, or it can perform its own path lookup and path-segment construction.
Similar to BGPsec, each AS signs the PCBs it forwards. This signature enables PCB validation by all entities. To ensure path correctness, the forwarding information within each packet is also cryptographically protected. Each AS uses a secret symmetric key that is shared among beacon servers and border routers and is used to efficiently compute a message authentication code (MAC) over the forwarding information. The per-AS information includes the ingress and egress interfaces, an expiration time, and the MAC computed over these fields, which is (by default) all encoded within an 8-byte field referred to as a hop field (HF).
Deployment and commercial operations
SCION is running on a number of nodes around the world. "In 2017, several internet service providers and financial institutions in Switzerland wanted to use SCION for their commercial operations. And so Adrian Perrig founded the spin-off Anapaya Systems together with David Basin and Peter Müller, fellow professors at the Department of Computer Science at ETH Zurich."
The first ISPs to use SCION are Swisscom and SWITCH. Several corporations have obtained SCION network connections through these ISPs to the corporate SCION network. Among the first customer deployments are SNB, ZKB and SIX from the Swiss financial sector.
- David G. Andersen, Hari Balakrishnan, M. Frans Kaashoek, and Robert Morris. Resilient overlay networks. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP), October 2001. Pages 9, 24, and 192.
- Kahraman Akdemir, Martin Dixon, Wajdi Feghali, Patrick Fay, Vinodh Gopal, Jim Guilford, Erdinc Ozturk, Gil Wolrich, and Ronen Zohar. Breakthrough AES performance with Intel AES New Instructions. White paper, June, 2010. Page 11.
- Martin Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, and Yinglian Xie. Global authentication in an untrustworthy world. In Proceedings of Workshop on Hot Topics in Operating Systems (HotOS), May 2013. Page 10.
- Moxie Marlinspike. SSL and the future of authenticity. https://moxie.org/blog/ssl-and-the-future-of-authenticity/, Apr 2011. Page 10.
- Perrig, Adrian; Szalachowski, Pawel; Reischuk, Raphael M.; Chuat, Laurent (2017). SCION: A Secure Internet Architecture (PDF). Springer International Publishing AG. ISBN 978-3-319-67080-5.
- Dino Farinacci, Vince Fuller, David Meyer, and Darrel Lewis. The locator/ID separation protocol (LISP). RFC 6830, January 2013. Page 25.
- "A secure internet isn't science fiction". inf.ethz.ch. Retrieved 2021-02-18.
- Perrig, A.; Szalachowski, P.; Reischuk, R. M.; Chuat, L. (2017). SCION: A Secure Internet Architecture. Springer International Publishing AG. ISBN 978-3-319-67080-5.