Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2017 | Book

Introduction Read chapter Read first chapter

SCION: A Secure Internet Architecture

Authors: Prof. Dr. Adrian Perrig, Dr. Pawel Szalachowski, Dr. Raphael M. Reischuk, Laurent Chuat

Publisher: Springer International Publishing

Book Series : Information Security and Cryptography

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book describes the essential components of the SCION secure Internet architecture, the first architecture designed foremost for strong security and high availability. Among its core features, SCION also provides route control, explicit trust information, multipath communication, scalable quality-of-service guarantees, and efficient forwarding. The book includes functional specifications of the network elements, communication protocols among these elements, data structures, and configuration files. In particular, the book offers a specification of a working prototype.

The authors provide a comprehensive description of the main design features for achieving a secure Internet architecture. They facilitate the reader throughout, structuring the book so that the technical detail gradually increases, and supporting the text with a glossary, an index, a list of abbreviations, answers to frequently asked questions, and special highlighting for examples and for sections that explain important research, engineering, and deployment features. The book is suitable for researchers, practitioners, and graduate students who are interested in network security.

Table of Contents

Frontmatter

Overview

Frontmatter
Chapter 1. Introduction
Abstract
The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our modern society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate with its importance.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 2. The SCION Architecture
Abstract
This chapter provides an overview of SCION. The goals to be met by a secure Internet architecture were described in the previous chapter, but to recapitulate briefly, our main aim is to design a network architecture that offers highly available and efficient point-to-point packet delivery, even if some of the network operators and devices are actively malicious. The following chapters describe the SCION architecture in increasing detail.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 3. Isolation Domains (ISDs)
Abstract
This chapter discusses SCION isolation domains in more detail. As briefly sketched in Chapter 2, an isolation domain (abbreviated as ISD to distinguish it from the common abbreviation ID) constitutes a logical clustering of the Internet’s most coarse-grained organizational unit, namely that of an autonomous system, or AS for short. An AS is a self-contained network administrated by a single entity (e.g., by an Internet service provider (ISP) or a university) and communicates with other ASes through well-defined interfaces based on contractual business relations. Figure 2.1 on Page 18 sketches how ASes are grouped into ISDs.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat

SCION in Detail

Frontmatter
Chapter 4. Authentication Infrastructure
Abstract
In this chapter, we discuss the authentication infrastructure of SCION, which enables verification of identities and assertions that data did indeed originate unchanged from the claimed entity. SCION offers built-in support for various types of authentication and various uses, and thus provides several infrastructures to support authentication.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 5. ISD Coordination
Abstract
In this chapter, we describe how ISDs are discovered and how they coordinate with each other, especially when a new ISD is created. The goal is for each ISD to have a list of all other ISDs — specifically, an identifier and a description for each ISD along with the roots of trust that enable authentication. An authority could create such a list and distribute it, but this would conflict with SCION’s goal that each ISD can operate independently and communicate with other ISDs without any globally trusted entity.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 6. Name Resolution
Abstract
While the path resolution process is necessary to turn a destination address into a set of paths, this is not sufficient for establishing communication between SCION-connected endpoints: we also need a way to turn an Internet name into a SCION address. As name resolution and path establishment are separate processes, with different timescales and triggered by separate events, we design a dedicated infrastructure that is optimized for each purpose.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 7. Control Plane
Abstract
In this chapter, we discuss SCION’s control plane, whose main purpose is to create and manage path segments, which can be combined into forwarding paths to transmit packets in the data plane.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 8. Data Plane
Abstract
In this chapter, we discuss the SCION data plane. The purpose of the data plane is to forward packets containing a SCION header. In SCION, inter-domain forwarding decisions are encoded as a sequence of hop fields (HFs), which encode AS-level hops augmented with ingress and egress interfaces.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 9. Host Structure
Abstract
This chapter introduces the host software components that enable applications to communicate via SCION. An overview is given in Figure 9.1.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 10. Deployment and Operation
Abstract
How can the deployment of SCION be initiated? Which ISDs exist in the beginning? How can an ISP or end domain start using SCION and what benefits are obtained? This chapter discusses deployment and operation aspects of SCION and provides answers to these questions.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat

Extensions

Frontmatter
Chapter 11. SIBRA
Abstract
This chapter presents SIBRA, the Scalable Internet Bandwidth Reservation Architecture, which enables global bandwidth resource allocation. End hosts can use resource allocations to obtain end-to-end bandwidth guarantees to defend against DDoS attacks, which continue to be a menace on today’s Internet.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 12. OPT and DRKey
Abstract
This chapter presents Origin and Path Trace (OPT)—lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. In-network source authentication and path validation are fundamental primitives for constructing higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat

Analysis and Evaluation

Frontmatter
Chapter 13. Security Analysis
Abstract
Evaluating the security of a network architecture, including its routing protocols and supporting infrastructure, is an ambitious undertaking. Indeed, the security guarantees afforded by the architecture, as well as the security of the architecture itself, depend on a number of factors. For example, should we assume correct implementation and configuration of the protocol at all deploying nodes? Do we consider an adversary that can eavesdrop on a large portion of network links? Can malware on end hosts send arbitrary traffic?
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 14. Power Consumption
Abstract
The Internet, including user equipment, data transmission media, data centers, and access networks, requires a considerable amount of power, consuming nearly 1% of annual electricity production worldwide in 2010 [111]. Around 50 GW of power is consumed by network equipment, and this number is expected to double by 2020 [245]. Increased power consumption not only implies greater monetary cost, but also has an expanding environmental impact in the form of carbon footprint and pollution [96]. Reversing the trend is imperative and would pay off massively.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat

Specifications

Frontmatter
Chapter 15. Packet and Message Formats
Abstract
In this chapter, we describe the header formats of SCION control and data packets. We start with the description of the generic SCION header, which consists of four parts: a common header, a forwarding path, an extensions chain, and a layer-4 protocol header.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 16. Configuration File Formats
Abstract
This chapter describes the details of SCION configuration files. All SCION configuration files are represented in JSON [42] format.
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Chapter 17. Cryptographic Algorithms
Abstract
In this chapter, we describe the algorithm agility property provided by SCION, and the cryptographic algorithms used in the SCION architecture. Algorithm selection was motivated by two main requirements, security and efficiency, and was based on standards related to cryptography, recommendations, best practices, and performance evaluations [95, 190, 221, 224].
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, Laurent Chuat
Backmatter
Metadata
Title
SCION: A Secure Internet Architecture
Authors
Prof. Dr. Adrian Perrig
Dr. Pawel Szalachowski
Dr. Raphael M. Reischuk
Laurent Chuat
Copyright Year
2017
Electronic ISBN
978-3-319-67080-5
Print ISBN
978-3-319-67079-9
DOI
https://doi.org/10.1007/978-3-319-67080-5

Premium Partner

    Image Credits