The Complete Guide to SCION: From Design Principles to Formal Verification
by Laurent Chuat, David Basin, Samuel Hitz, Adrian Perrig, Markus Legner, David Hausheer, Peter Müller
Springer Verlag 2022.
ISBN 978-3-031-05287-3, ISBN 978-3-031-05288-0 (eBook).
XXI, 656 pages
Reviewed by Sven Dietrich Sep 25, 2022
Thinking back to the early days of the Internet when I connected with a 300 bps modem, I see that the Internet has progressively grown in coverage and in impact over the many decades since. Recently, we have seen people take detours via low-earth-orbit satellites to get their messages across or access vital resources, despite any adverse conditions. We still use the Internet Protocol (IP), in the UDP, TCP, and ICMP instantiations for achieving the various connectivity goals. It has been noted in one of my earlier reviews that we should rethink what the Internet is. Here we revisit the topic of inter-domain routing in the context of a new(er) book on the SCION architecture, this time with a slightly different set of authors.
Adrian Perrig from the SCION team gives us an updated view of this next-generation Internet architecture in the new book "The Complete Guide to SCION: From Design Principles to Formal Verification." This book shows the coming of age of the SCION architecture, from an academic research environment, such as SCIONLAB, to a robust deployable and deployed network setup. It is more than a slightly revised version of the earlier book, it is more of a complete rewrite. The book is well illustrated in color, and has a good set of references which are found in the bibliography at the end of the book.
This new book summarizes - yet again - many years, over a decade, of research and development on SCION and brings the reader up to speed with the ever-changing threat landscape. The book is divided into seven parts spanning a total of twenty-five chapters, plus addenda.
After two forewords, one by Joël Mesot and one by Fritz Steinmann, an introduction brings the reader sufficiently up to speed with the nomenclature and basic concepts to delve into the well-structured parts of the book that are to follow.
The first part is on the core parts of SCION, covering core concepts such as the control and data planes, authentication, and key concepts of basic networking. And whenever I hear 'control plane', I keep associating that with the 2600 Hz tone of the Captain Crunch whistle from the early hacking days for seizing phone network control. This still matters in a network such as the current Internet, where control plane attacks can disrupt basic connectivity and more.
The second part steps back and provides an analysis of these core components in two chapters, focusing on functional properties and scalability on one hand, and on the other hand he security analysis that goes deep into the components and their role in providing security guarantees in the network.
The third part shows how the security guarantees are achieved, mentioning extensions to the control and data planes, monitoring and filtering, and availability guarantees.
The fourth part is all about SCION in the real world, ranging from the SCION research testbed to actual deployments in various locales. This shows how this architecture has evolved from the original testbed into a deployed setup. It also covers what role cryptography plays in SCION, as well as the energy-conscious aspect of using SCION for "green networking."
The fifth part discusses extensions to SCION, including the trust model and naming services that got overhauled to a fresh start. Technically speaking, SCION is a fresh start due to its clean-slate design, with the aim to depart from the shortcomings of the original Internet design.
The sixth part steps back and takes a closer look at the formal aspects: why should you believe that any of this is good? The formal verification at the protocol, code, and design levels give the reader higher confidence that this SCION concept was well thought out, at least based on what we can conceptualize up to now. The part wraps up with ongoing work, and open challenges in the area.
The seventh part wraps up the book with connections of other next-generation Internet architecture work.
Just as the previous SCION book, this work is great for understanding where we are in today's Internet, and what we need to consider for moving forward. The book also has a supplement website where the reader can get more background materials, such as research papers.
I hope you will enjoy reading this book as much as I did. Adrian Perrig is a seasoned researcher and expert in his field. Moreover, Adrian and his team have shown that they can transition this technology into the real world. I had the pleasure of working with Adrian at Carnegie Mellon University's CyLab many years ago.