Launch of the SCION pilot server
13 Nov 2017 01:00h
Event report
As a practical contribution to a more secure Internet, Prof. Adrian Perrig, Computer Science Department, ETH Zurich, presented his team’s work on the ‘Scalability, Control and Isolation on Next-Generation Networks’ (SCION) architecture. He elaborated on his comments on the previous panel, in which he disagreed with other speakers that humans were the weakest link in cybersecurity and emphasised the relevance of sovereignty matters in light of the ability of a few select (state and business) actors to implement kill switches against entire nations. Perrig illustrated his point with the case of the cyberattack Estonia suffered in 2007. In a more recent example, three weeks ago a Google employee in Japan made a mistake. As a result, ‘half of the country was down for 40 minutes’. If even an honest mishap like that can cause a complex Internet structure such as the Japanese to lose half of its digital capabilities, ‘then we have a problem’.
SCION, Perrig maintained, comes to solve this issue. It was built ‘to ensure the creation of areas of sovereignty where external entities cannot access and thereby disrupt connections’. Its basic approach is to use isolation domains, with routing across a number of autonomous systems. Before SCION was launched, the Border Gate Patrol (BGP) protocol was the only one to operate accordingly. Nonetheless, BGP was subjected to attacks such as prefix hijacking, to which SCION is much more resistant. This happens because SCION’s multi-path routing allows users to not only have a greater selection of paths, but also to control them. Moreover, multi-path routing enables users to prevent the transfer of any data packets from networks that are unauthorised by them. So, even when hackers may have all the necessary information on a particular network to launch an attack, they will be unable to do it, unless their network is authorised.
Showcasing the SCION team’s accomplishments, Perrig mentioned ETH’s partnership with SWITCH, the Swiss national research and educational network. Such endeavor allowed other Swiss universities to enjoy the benefits of the architecture. All that is needed is a special router, which can be installed in 5 minutes. SCION’s dedicated visualisation system can be accessed from a machine as straightforward as a Raspberry Pi. Currently, SCION is present in over 40 campuses around the world. In addition, SCIONLab has already shipped another 50 routers to other universities, in Switzerland and abroad. Another landmark is that one Swiss bank has already changed one of its branches’ network to SCION. These developments evince that, not unlike the replacement of regular phones with smartphones, users have begun to perceive the benefits of SCION in comparison with other network architectures.
To conclude, Perrig challenged the reasoning that humans are the weakest link in cybersecurity. To him, only people can make certain decisions regarding technology with political implications. Nonetheless, the issue lies on the fact that ‘if you make it easier, it will be less effective’. Therefore, it is upon experts to adopt solutions that are both secure and user-friendly.
The ensuing Q&A covered topics such as: whether wide-scale adoption of SCION will demand scalar change in Internet architecture (no, the SCION router is all that is needed, Perrig responded); how does Scion differ from a firewall (it is an ‘implicit firewall’); the energetic efficiency of SCION (it spends 5% less than regular networks, despite being more secure); what incentives users of regular networks have to change to SCION (more secure and path-aware network architecture). Lastly, summarising the benefits of the architecture, Perrig compared cyberattacks to weapons such as missiles, positing that their effects on SCION would be as harmful as ‘a squirt gun’.