SCION: a future Internet architecture that you can use today

.displayinlineblock.width50.trans80[![SCION](../img/title.png)]
## a future Internet architecture that you can use today

<p>Giacomo Giuliari, Mateusz Kowalski,<br />
Juan A. Garcia Pardo, Kamila Součková</p>

VIScon, 12 Oct 2019

---

# SCION

future Internet architecture

→ changing the Internet is really hard, so… Why?

???

Cloudflare, Google, Amazon, Reddit...

---

.pushuplots.center[
BGP route leak from the summer  
only one of many examples

another one: in June a lot of European traffic went through China
]

---

# What is wrong with the Internet?

originally a research network

* access was not widespread, everyone trusted everyone
* if it broke for a day, nobody cared
* end hosts were slow and stupid

Today:

* many entities, they don’t trust each other
* if it breaks for a few hours, everybody cares
* end hosts are fast and smart, performance matters

???

* everyone has access and everyone has data on it

---

# What is wrong with the Internet?

In the future:

* automation ⇒ internet will really become critical infrastructure
  * drones, self-driving cars, remote robots...
* more and more data online ⇒ trust will be even more of an issue
  * geofencing (requiring data to stay within the country)
  * attacks will get harder to stop
* more data transfers and faster hosts => network will be the bottleneck

---

.floatright.width35[![router](../img/router.jpeg)]

# How does the Internet work today?

you write destination IP address on packet and send it off

.floatleft.width30[![old PC](../img/old_pc.jpg)]

* no control over **how** it gets there
* no possibility of using multiple paths

???

there was bgp stuff here, and the pakistan thing, but maybe I won't even mention it?

---

**SCION** is designed for  
**.hl[route control]**,  
**.hl[failure isolation]**, and  
**.hl[explicit trust information]**  
for end-to-end communication

.floatleft.width60[![end host knows the map](../img/host_knows_map.jpg)]

---

# Isolation Domains (ISDs)

.floatright.width60[![ISDs](../img/isds.png)]

* e.g. ISD ≈ country
* trust is per ISD
  * routing, certificates, DNS, etc.
* routing within ISD independent
  * malicious actors outside of your ISD cannot do anything

---

.floatright.width50[![PCBs](../img/pcbs.png)]

# Path discovery

* core ASes create *path construction beacons* (PCBs) & flood
* hierarchical:
 * inter-ISD:  
   among core ASes
 * intra-ISD:  
   only downstream
* AS receiving beacon adds itself & forwards it
  * ⇒ PCB contains known good path to core
  * adds its signature ⇒ PCBs can be verified

---

# Path discovery

* AS chooses how to extend / what to forward ⇒ enables routing policies
* available *path segments* registered to *path servers*
* end hosts request from path servers
* segments combined into end-to-end paths:

---

# Path awareness

* you choose the path, write it on the packet
* routers just follow the instructions ⇒ more efficient
  * efficient cryptographic checks to ensure that you are allowed to use this path
* multipath Just Works™

.center[
.displayinlineblock.width25[![segments example 2](../img/segments2.png)]
.displayinlineblock.width25[![segments example 2](../img/segments3.png)]
.displayinlineblock.width25[![segments example 1](../img/segments1.png)]
]

???
allowed to use this path: for DDoS defence and policy compliance and traffic engineering

.center[
.displayinlineblock.width30[![segments example 1](../img/segments1.png)]
.displayinlineblock.width30[![segments example 2](../img/segments2.png)]
.displayinlineblock.width30[![segments example 2](../img/segments3.png)]
]

---

# Path discovery

every PCB contains *hop fields* for path construction:

* ingress, egress interface
* timestamp + expiration time
* chained cryptographic MACs with AS-specific keys ⇒ paths cannot be "invented"

---

# Packet forwarding

.floatright.width60[![forwarding path packet](../img/path.png)]

* path in packet header,  
  no routing tables
* every border router processes only its own *hop field*
* checks to ensure path authenticity

---

.floatright.width35[![game changers](../img/gamechangers2.png)]

# Secure by design

1. provable security:  
   protocol + code
1. heterogeneous trust model:  
   ISDs
1. path-aware networking:  
   client chooses path
1. new routing + forwarding architecture:  
   beaconing; packet-carried forwarding state
1. built-in DDoS defence mechanisms:  
   hidden paths; source authentication; bandwidth reservation

---

* SCION-IP gateway (SIG) enables legacy hosts to transparently use SCION
* SCION over IP enables "mixed" networks

.centerblock.width95[![SIG deployment](../img/sig.png)]

---

* incremental deployment possible
  * backward compatibility with IP
  * possibility to reuse infrastructure
* research (SCIONLab):
  * ISPs: Swisscom, SWITCH, KDDI, GEANT, DFN
  * Deployed 50 ASes worldwide
  * Global interest, e.g., ESA
* commercial (Anapaya):
  * ISPs: Deutsche Telekom, Swisscom, SWITCH, Init7
  * Bank deployment: 4 major Swiss banks, some in production use
  * Swiss government has SCION in production use

---

# SCIONLab research network

.center[50 points of presence + more than a hundred user ASes]
.center[world-wide collaboration: universities, ISPs, others]

---

# SCION commercial development

* Anapaya Systems founded in 2017 as ETH Zurich spinoff
* current customers: multiple banks, ISPs, and more
* tight collaboration with ETH

https://www.anapaya.net
]

---

# Say hi!

.floatright.width20.pushup[![QR code for this presentation's URL](https://chart.apis.google.com/chart?cht=qr&chs=500x500&choe=UTF-8&chld=H&chl=https://kamila.is//talking/scion/viscon19/)]

* https://netsec.ethz.ch  
Network Security Group at ETH
* https://www.scion-architecture.net  
book, papers, videos, tutorials
* https://www.scionlab.org  
* SCIONLab
* https://github.com/scionproto/scion  
source code

---

# SCION: future Internet that you can use today

.centerblock.pure-table.small[
|                                  | IP+BGP        | SCION         |
| -------------------------------- |:-------------:|:-------------:|
| path control + geofencing        | throw and pray | you select path             |
| trust model                      | all or nothing | explicit trust |
| scalability of network           | routing tables full | ✓             |
| availability / failover behaviour | slow convergence | no convergence             |
| path selection + multipath       | ✗             | ✓             |
| used by applications        | ✓             | ✗             |
]

---

# SCION: future Internet that you can use today

.centerblock.pure-table.small[
|                                  | IP+BGP        | SCION         |
| -------------------------------- |:-------------:|:-------------:|
| path control + geofencing        | throw and pray | you select path             |
| trust model                      | all or nothing | explicit trust |
| scalability of network           | routing tables full | ✓             |
| availability / failover behaviour | slow convergence | no convergence             |
| .hl[path selection + multipath]  | ✗             | ✓         |
| .hl[used by applications]       | ✓             | ✗             |
]

.center.hl.large[**Now it's your turn!**]