SCION Five Years Later: Revisiting Scalability, Control, and Isolation on Next-Generation Networks

The SCION (Scalability, Control, and Isolation on Next-generation Networks) inter-domain network architecture was proposed to address the availability, scalability, and security shortcomings of the current Internet. This paper presents a retrospective of the SCION goals and design decisions, its attacker model and limitations, and research highlights of work conducted in the 5 years following SCION's initial publication.

[1]  Akira Yamada,et al.  LAP: Lightweight Anonymity and Privacy , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Patrick Fay,et al.  Breakthrough AES Performance with Intel ® AES New Instructions , 2010 .

[3]  Aziz Mohaisen,et al.  Losing control of the internet: using the data plane to attack the control plane , 2010, CCS '10.

[4]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[5]  J. Noel Chiappa,et al.  The Nimrod Routing Architecture , 1996, RFC.

[6]  NikanderP.,et al.  Host Identity Protocol (HIP) , 2008 .

[7]  Arun Venkataramani,et al.  MobilityFirst: a robust and trustworthy mobility-centric architecture for the future internet , 2012, MOCO.

[8]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[9]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[10]  Adrian Perrig,et al.  PoliCert: Secure and Flexible TLS Certificate Management , 2014, CCS.

[11]  Andreas Haeberlen,et al.  The Nebula Future Internet Architecture , 2013, Future Internet Assembly.

[12]  Yih-Chun Hu,et al.  Lightweight source authentication and path validation , 2014, SIGCOMM.

[13]  Adrian Perrig,et al.  SNAPP: stateless network-authenticated path pinning , 2008, ASIACCS '08.

[14]  Ítalo S. Cunha,et al.  LIFEGUARD: practical repair of persistent route failures , 2012, SIGCOMM '12.

[15]  Ralf Sasse,et al.  ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.

[16]  Michael J. Freedman,et al.  Serval: An End-Host Stack for Service-Centric Networking , 2012, NSDI.

[17]  Nick McKeown,et al.  Architecting for innovation , 2011, CCRV.

[18]  Yao Zhang,et al.  SIBRA: Scalable Internet Bandwidth Reservation Architecture , 2015, NDSS.

[19]  Pekka Nikander,et al.  LIPSIN: line speed publish/subscribe inter-networking , 2009, SIGCOMM '09.

[20]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[21]  Stephen T. Kent,et al.  Securing the Nimrod routing architecture , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[22]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[23]  Scott Shenker,et al.  Internet indirection infrastructure , 2004, IEEE/ACM Transactions on Networking.

[24]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[25]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[26]  Dino Farinacci,et al.  The Locator/ID Separation Protocol (LISP) , 2009, RFC.

[27]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[28]  Adrian Perrig,et al.  Designing a Global Authentication Infrastructure , 2015, ArXiv.

[29]  Amogh Dhamdhere,et al.  Twelve Years in the Evolution of the Internet Ecosystem , 2011, IEEE/ACM Transactions on Networking.

[30]  Prasant Mohapatra,et al.  BGP Convergence Delay under Large-Scale Failures: Characterization and Solutions , 2007 .

[31]  David D. Clark,et al.  FARA: reorganizing the addressing architecture , 2003, FDNA '03.

[32]  Stephen Herzog,et al.  Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses , 2011 .

[33]  Srinivasan Seshan,et al.  XIA: Efficient Support for Evolvable Internetworking , 2012, NSDI.

[34]  X.. Yang,et al.  NIRA: A New Inter-Domain Routing Architecture , 2007, IEEE/ACM Transactions on Networking.

[35]  Brighten Godfrey,et al.  Pathlet routing , 2009, SIGCOMM '09.

[36]  Bruce M. Maggs,et al.  Less pain, most of the gain: incrementally deployable ICN , 2013, SIGCOMM.

[37]  Srikanth Kandula,et al.  Can you hear me now?!: it must be BGP , 2007, CCRV.

[38]  Sean Turner,et al.  An Overview of BGPsec , 2016 .

[39]  Martín Abadi,et al.  Global Authentication in an Untrustworthy World , 2013, HotOS.

[40]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[41]  George Danezis,et al.  HORNET: High-speed Onion Routing at the Network Layer , 2015, CCS.

[42]  Adrian Perrig,et al.  Efficient gossip protocols for verifying the consistency of Certificate logs , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[43]  George N. Rouskas,et al.  ChoiceNet: toward an economy plane for the internet , 2014, CCRV.

[44]  Arun Venkataramani,et al.  A global name service for a highly mobile internetwork , 2014 .