SCION: a future Internet architecture that you can use today

.displayinlineblock.width50.trans80[![SCION](../img/title.png)]
## a future Internet architecture that you can use today

Kamila Součková  
CERN openlab summer students visit at ETH, 2019/07/11

---

# Who is that weirdo?

.center.effinghuge.light[**↓**]

Master student here at ETH, doing my thesis with SCION

---

# SCION

future Internet architecture

→ changing the Internet is really hard, so… Why?

???

Cloudflare, Google, Amazon, Reddit...

---

.pushuplots.center[
BGP route leak from two weeks ago  
only one of many examples

another one: about 2 months ago a lot of European traffic went through China
]

---

# What is wrong with the Internet?

originally a research network: the web invented at CERN

* access was not widespread
 * everyone trusted everyone else
 * if it broke for a day, nobody cared

Today:

* everyone has access and everyone has data on it
 * huge number of entities, they don’t trust each other
 * if it breaks for a few hours, everybody cares

---

# What is wrong with the Internet?

In the future:

* automation ⇒ internet will really become critical infrastructure
  * drones, self-driving cars, remotely operated robots...
* more and more data online ⇒ trust will be even more of an issue
* geofencing (requiring data to stay within the jurisdiction of a country)
* attacks will get harder to stop

---

# How does the Internet work today?

.floatright.width30[![router](../img/router.jpeg)]

* you write destination IP address on packet and send it off
  * no control over **how** it gets there
* **BGP** (border gateway protocol) used to tell the *routers* how to reach the destination
  * tables with prefix → next hop
  * BGP announces: "this prefix goes to me"  
    *… and everybody believes it*

---

# The YouTube/Pakistan incident

* an ISP in Pakistan wanted to block YouTube **inside Pakistan**
  * BGP announcement: "YouTube is here"
* configuration error caused the announcement to go to the rest of the world  
  _… and everybody believed it!_

.center.red[**YouTube is _not_ in Pakistan**]

.center[but today's Internet trusts everyone with everything]
.center.light[and workarounds (RPKI, BGPsec) are insufficient]

---

**SCION** is designed for  
**.hl[route control]**,  
**.hl[failure isolation]**, and  
**.hl[explicit trust information]**  
for end-to-end communication

---

# SCION

_.hl[Scalability]_

_.hl[Control]_

_.hl[Isolation]_

_.hl[on Next-generation Networks]_

---

# SCION

_.hl[Scalability]_  
 * packet-carried forwarding state
 * hierarchical design

_.hl[Control]_  
 * end-host selects path
 * ISPs decide available paths

_.hl[Isolation]_  
 * Isolation Domains (failures stay within one)
 * built-in DoS protection

.hl[_on Next-generation Networks]_  
 * new control plane & data plane (replaces IP + BGP)  
    * endhost-controlled multipath for free :-)  
 * provable security: protocol & code

---

# Isolation Domains (ISDs)

.floatright.width65[![ISDs](../img/isds.png)]

* e.g. ISD ≈ country
* PKI per ISD
* routing within ISD independent

* managed by **core ASes**: PKI, inter-ISD control plane
* non-core ASes: only intra-ISD (simple)

---

.floatright.width50[![PCBs](../img/pcbs.png)]

# Path discovery

* core ASes create *path construction beacons* (PCBs) & flood
* hierarchical:
 * inter-ISD:  
   among core ASes
 * intra-ISD:  
   only downstream
* AS receiving beacon adds itself & forwards it
  * ⇒ PCB contains known good path to core
  * adds its signature ⇒ PCBs can be verified

---

# Path discovery

* AS chooses how to extend / what to forward ⇒ enables routing policies
* available *path segments* registered to *path servers*
* end hosts request from path servers
* segments combined into end-to-end paths:

.center[
.displayinlineblock.width30[![segments example 1](../img/segments1.png)]
.displayinlineblock.width30[![segments example 2](../img/segments2.png)]
.displayinlineblock.width30[![segments example 2](../img/segments3.png)]
]

---

# Path discovery

every PCB contains *hop fields* for path construction:

* ingress, egress interface
* timestamp + expiration time
* chained cryptographic MACs with AS-specific keys ⇒ paths cannot be "invented"

---

# Packet forwarding

.floatright.width60[![forwarding path packet](../img/path.png)]

* path in packet header,  
  no routing tables
* every border router processes only its own *hop field*
* checks to ensure path authenticity

---

.floatright.width35[![game changers](../img/gamechangers2.png)]

# Secure by design

1. provable security:  
   protocol + code
1. heterogeneous trust model:  
   ISDs
1. path-aware networking:  
   client chooses path
1. new routing + forwarding architecture:  
   beaconing; packet-carried forwarding state
1. built-in DDoS defence mechanisms:  
   hidden paths; source authentication; bandwidth reservation

---

# Incremental deployment

* SCION-IP gateway (SIG) enables legacy hosts to transparently use SCION
* SCION over IP enables "mixed" networks

.centerblock.width95[![SIG deployment](../img/sig.png)]

---

# Deployment status

Research (SCIONLab):
 * ISPs: Swisscom, SWITCH, KDDI, GEANT, DFN
 * Korea: KISTI (KREONET), KU, KAIST, ETRI
 * Deployed 50 ASes worldwide
 * Global interest, e.g., ESA

Commercial (Anapaya):
 * ISPs: Deutsche Telekom, Swisscom, SWITCH, Init7
 * Bank deployment: 4 major Swiss banks, some in production use
 * Swiss government has SCION in production use

---

# SCIONLab: Global research network

---

# SCION commercial development

* Anapaya Systems founded in 2017 as ETH Zurich spinoff
* current customers: banks, Swiss government, ISPs
* tight collaboration with ETH

https://www.anapaya.net
]

---

# My Master thesis

.floatright.width60[![netfpga](../img/netfpga.png)]

current SCION router runs as an application on servers — can process a few Gbps

⇒ I am building a SCION router in hardware  
* using an **FPGA**: huge chip with lots of configurable "cells"
* currently 40Gbps, planning to do 1Tbps

???

* "in hardware" => you may be imagining that I'm making a chip at home, but I'm not quite that hard core  
you can configure each cell to do what you want, e.g. "you be an AND gate", "you be memory", "you be a wire", ...

1Tbps is approx 1.5 billion packets per second for small packets

---

# Online resources

* https://www.scion-architecture.net  
  book, papers, videos, tutorials
* https://www.scionlab.org  
  * SCIONLab testbed infrastructure
* https://github.com/scionproto/scion  
  source code

.floatright.width30.pushup[![QR code for this URL](../qr/cern2019.svg)]

* [https://kamila.is/talking/scion/cern2019](https://kamila.is/talking/scion/cern2019/)   →  
  this presentation

---

# Conclusion: SCION is a disruptive technology that we can use today

* many network attacks impossible by design
  * communication guarantees in spite of DDoS attacks
  * route hijacks by outside actors impossible
* new security properties: geofencing, path verification, source authentication
* improved efficiency
  * multipath ⇒ increased bandwidth
  * fast failover
  * potentially cheaper & more energy-efficient HW
* international research: CH, DE, NL, US, KR, SG…

---

# Say hi!

Email: **scion@kamila.is**  
Twitter: **@anotherkamila**  
Matrix: **@kamila:unchat.cat**