SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communications. SCION organizes existing ASes into groups of independent routing sub-planes, called isolation domains, which then interconnect to form complete routes. Isolation domains provide natural isolation of routing failures and human misconfiguration, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of good design principles, avoiding piecemeal add-on protocols as security patches. Meanwhile, SCION only assumes that a few top-tier ISPs in the isolation domain are trusted for providing reliable end-to-end communications, thus achieving a small Trusted Computing Base. Both our security analysis and evaluation results show that SCION naturally prevents numerous attacks and provides a high level of resilience, scalability, control, and isolation.
The Internet was not designed with security in mind. Fixes to date are mostly ad hoc patches that either introduce unexpected consequences (e.g., S-BGP prevents route hijacking but causes delayed route convergence) or require a single root of trust. The latter is unlikely to exist in today's geographically, administratively, and socially diverse Internet. Moreover, a clean-slate design can be a reference that tells us how good a network could be even if we want to evolve the current Internet.
SCION is running on a number of nodes around the world. Click here for a full-screen map.
Are you interested in setting up your SCION node? Great, send us an email!.
We are grateful for the collaborations and the support we receive from the following institutions:
and XIA, the eXpressive Internet Architecture.
Want to provide ideas? Want to be part of our team? Want to see SCION in action? Want to run SCION yourself? We would be happy to welcome you in our team, just send us an email.