Community Research and Development Information Service - CORDIS


SCION Report Summary

Project ID: 617605
Funded under: FP7-IDEAS-ERC
Country: Switzerland

Mid-Term Report Summary - SCION (Scalability, Control, Isolation on Next-generation Networks)

SCION (Scalability, Control, and Isolation On Next-generation networks), is an inter-domain network architecture to address the security, calability, and availability issues that plague the current Internet.

The core insights in SCION are the following. Patching today's Internet has proven to be an undesirable long-term solution. A clean-slate redesign of inter-domain routing provides many benefits and is surprisingly simple to deploy by using legacy protocols for intra-domain communication. Isolation provides transparency: SCION's Isolation Domains (ISDs) offer control-plane isolation and scoped trust for entity authentication. Instead of restricting communication, ISDs provide transparency for path selection, packet forwarding, and entity authentication. End-to-end focus: network-layer functions are performed by end hosts through path selection; providing scalability, security, and availability benefits. Packet-carried forwarding state (PCFS) removes the need for inter-domain routing table lookups, provides path control to senders, improves forwarding performance, and supports multi-path communication.

In the context of this project, SCION enables construction of highly available PKI that supports routing operations, and a highly secure PKI for end-entity authentication. In concert with isolation domains, these PKIs enable unprecedented levels of security and availability.

SCION also enables DDoS defense approaches that enable an autonomous system to defend against the strongest DDoS attacks known today. In the SIBRA system that we proposed, we achieve for the first time a property we call "botnet size independence", which guarantees
communication regardless of the size of an adversary's botnet.

SCION also enables efficient anonymous communication, which we have shown with the design of the HORNET system, offering high-speed
communication while retaining strong anonymity.

Finally, we have completed a prototype that implements this functionality. We have deployed SCION routers in the production networks of Swisscom and SWITCH, two large Swiss ISPs. We also have several corporations which are trying out SCION on these networks. Please visit our web site for additional information:

Reported by

Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top