Cipher Book Review, Issue E144

SCION: A Secure Internet Architecture
by Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat

Springer Verlag 2017.
ISBN 978-3-319-670079-9 , 432 pages

Reviewed by  Sven Dietrich   6/4/18 

Some of us have witnessed the early days of the Internet, seen it grow from a military to an academic network, and then become an omnipresent network, something we find it difficult to live without. Recent attacks on this infrastructure have shown us how much indeed we have become dependent on this very Internet, an unbounded system that permeates our everyday lives via mobile, IoT, business, and home computing and networking. The Mirai botnet DDoS attacks, descendants of the early DDoS attacks from almost twenty years ago, remind us that the Internet has grown organically over the years. And perhaps it is time to rethink what the Internet is.

This is where Adrian Perrig and his team come in. There has been a fine selection of efforts for creating a next-generation Internet architecture, e.g. in the FIA and GENI research programs. Here we have Adrian Perrig's project, the SCION architecture, with his proposal at the next generation of the Internet. It was originally named SCI-FI, but was renamed SCION for a better naming approach: Scalability, Control, and Isolation for Next-Generation Networks. Much of it is based on the seminal paper of the same name at the 2011 IEEE Security and Privacy conference.

This book summarizes many years, almost a decade, of research and development on SCION. The reader is brought up to speed with the current state of the Internet, the threat landscape vs. the underlying networking and routing protocols that were designed when the threat landscape was much different. The book is divided into five parts spanning a total of seventeen chapters.

After a foreword by Virgil Gligor, part one of the book presents an overview of the Internet today, the need for a next step, and the related, competing, and even compatible efforts out there. The second chapter describes the SCION architecture at a higher level, mentioning the data and control planes concepts, security aspects for the Internet, incentives for stakeholders to "fix" the Internet, deployment, and possible extensions for the architecture.

Most importantly, chapter three covers the key concept of SCION: the isolation domain, the "I" in SCION. It covers the motivation for the isolation domains (ISDs), the ISD core, coordination among ISDs, name resolution, governance models, and last but not least, the nesting of ISDs.

Part two of the book goes into much detail, delving deeply into the intricacies of SCION, such as the authentication infrastructure, ISD coordination, data and control plane specifics such as the SCION version of TCP/IP, yes, you guessed it: TCP/SCION. Also covered are name resolution and deployment of SCION, e.g. how to deploy or even just try it out.

Part three talks about possible extensions of SCION, and part four does the necessary due diligence and provides an analysis and evaluation covering the security analysis of SCION, looking at the threat model, packet and route manipulation, and overall resilience given by the absence of a "kill switch" for the network.

Part five finally goes into the specification of the SCION components, such as the various packet formats, configuration files, and the necessary cryptographic algorithms.

Overall, this is a great book for understanding where we are in today's Internet, and what we need to consider for moving forward.

I hope you will enjoy reading this book as much as I did. Adrian Perrig is a seasoned researcher and expert in his field, and shares his knowledge with the reader in an accessible, easily-readable manner. I had the pleasure of working with Adrian at Carnegie Mellon University's CyLab many years ago.


Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org