Description
Book SynopsisWhen the SCION project started in 2009, the goal was to create an architecture offering high availability and security for basic point-to-point communication. In the five years since the publication of SCION: A Secure Internet Architecture, this next-generation Internet architecture has evolved in terms of both design and deployment.
On the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.
This unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system:
- Describes the principles that guided SCION's design as a secure and robust Internet architecture
- Provides a comprehensive description of the next evolution in the way data finds its way through the Internet
- Explains how SCION can contribute to reducing carbon emissions, by introducing SCION Green Networking
- Demonstrates how SCION not only functions in academic settings but also works in production deployments
- Discusses additional use cases for driving SCION's adoption
- Presents the approaches for formal verification of protocols and code
- Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases
Assembled by a team with extensive experience in the fields of computer networks and security, this text/reference is suitable for researchers, practitioners, and graduate students interested in network security. Also, readers with limited background in computer networking but with a desire to know more about SCION will benefit from an overview of relevant chapters in the beginning of the book.
Table of ContentsForeword by Joël Mesot xi
Foreword by Fritz Steinmann xiii
Preface xv
How to Read This Book xvii
Acknowledgments xix
1 Introduction 1
1.1 Today’s Internet . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Goals for a Secure Internet Architecture . . . . . . . . . . . 9
I SCION Core Components 15
2 Overview 17
2.1 Infrastructure Components . . . . . . . . . . . . . . . . . . 20
2.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3 Control Plane . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.4 Data Plane . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.5 ISD and AS Numbering . . . . . . . . . . . . . . . . . . . 31
3 Authentication 35
3.1 The Control-Plane PKI (CP-PKI) . . . . . . . . . . . . . . 36
3.2 DRKey: Dynamically Recreatable Keys . . . . . . . . . . . 52
3.3 SCION Packet Authenticator Option . . . . . . . . . . . . . 61
4 Control Plane 65
4.1 Path-Segment Construction Beacons (PCBs) . . . . . . . . 66
4.2 Path Exploration (Beaconing) . . . . . . . . . . . . . . . . 69
4.3 Path-Segment Registration . . . . . . . . . . . . . . . . . . 71
4.4 PCB and Path-Segment Selection . . . . . . . . . . . . . . 73
4.5 Path Lookup . . . . . . . . . . . . . . . . . . . . . . . . . 80
4.6 Service Discovery . . . . . . . . . . . . . . . . . . . . . . 87
4.7 SCION Control Message Protocol (SCMP) . . . . . . . . . 89
5 Data Plane 93
5.1 Inter- and Intra-domain Forwarding . . . . . . . . . . . . . 94
5.2 Packet Format . . . . . . . . . . . . . . . . . . . . . . . . 95
5.3 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 96
5.4 The SCION Path Type . . . . . . . . . . . . . . . . . . . . 101
5.5 Path Construction (Segment Combinations) . . . . . . . . . 104
5.6 Packet Initialization and Forwarding . . . . . . . . . . . . . 115
5.7 Path Revocation . . . . . . . . . . . . . . . . . . . . . . . 120
5.8 Data-Plane Extensions . . . . . . . . . . . . . . . . . . . . 124
II Analysis of the Core Components 127
6 Functional Properties and Scalability 129
6.1 Dependency Analysis . . . . . . . . . . . . . . . . . . . . . 130
6.2 SCION Path Policy . . . . . . . . . . . . . . . . . . . . . . 135
6.3 Scalability Analysis . . . . . . . . . . . . . . . . . . . . . 148
6.4 Beaconing Overhead and Path Quality . . . . . . . . . . . . 150
7 Security Analysis 157
7.1 Security Goals and Properties . . . . . . . . . . . . . . . . 158
7.2 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
7.4 Control-Plane Security . . . . . . . . . . . . . . . . . . . . 165
7.5 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 170
7.6 Data-Plane Security . . . . . . . . . . . . . . . . . . . . . 172
7.7 Source Authentication . . . . . . . . . . . . . . . . . . . . 174
7.8 Absence of Kill Switches . . . . . . . . . . . . . . . . . . . 176
7.9 Other Security Properties . . . . . . . . . . . . . . . . . . . 179
7.10 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
III Achieving Global Availability Guarantees 183
8 Extensions for the Control Plane 185
8.1 Hidden Paths . . . . . . . . . . . . . . . . . . . . . . . . . 185
8.2 Time Synchronization . . . . . . . . . . . . . . . . . . . . 190
8.3 Path Metadata in PCBs . . . . . . . . . . . . . . . . . . . . 197
9 Monitoring and Filtering 203
9.1 Replay Suppression . . . . . . . . . . . . . . . . . . . . . . 204
9.2 High-Speed Traffic Filtering with LightningFilter . . . . . . 207
9.3 Probabilistic Traffic Monitoring with LOFT . . . . . . . . . 217
10 Extensions for the Data Plane 227
10.1 Source Authentication and Path Validation with EPIC . . . . 228
10.2 Bandwidth Reservations with COLIBRI . . . . . . . . . . . 237
11 Availability Guarantees 267
11.1 Availability Goals and Threat Landscape . . . . . . . . . . 268
11.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
11.3 Defense Systems . . . . . . . . . . . . . . . . . . . . . . . 271
11.4 Traffic Prioritization . . . . . . . . . . . . . . . . . . . . . 278
11.5 Protected DRKey Bootstrapping . . . . . . . . . . . . . . . 283
11.6 Protection of Control-Plane Services . . . . . . . . . . . . . 288
11.7 AS Certification . . . . . . . . . . . . . . . . . . . . . . . 294
11.8 Security Discussion . . . . . . . . . . . . . . . . . . . . . . 297
IV SCION in the Real World 301
12 Host Structure 303
12.1 Host Components . . . . . . . . . . . . . . . . . . . . . . . 303
12.2 Future Approaches . . . . . . . . . . . . . . . . . . . . . . 307
13 Deployment and Operation 317
13.1 Global Deployment . . . . . . . . . . . . . . . . . . . . . . 319
13.2 End-Host Deployment and Bootstrapping . . . . . . . . . . 327
13.3 The SCION–IP Gateway (SIG) . . . . . . . . . . . . . . . . 332
13.4 SIG Coordination Systems . . . . . . . . . . . . . . . . . . 336
13.5 SCION as a Secure Backbone AS (SBAS) . . . . . . . . . . 345
13.6 Example: Life of a SCION Data Packet . . . . . . . . . . . 354
14 SCIONLAB Research Testbed 361
14.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 362
14.2 Research Projects . . . . . . . . . . . . . . . . . . . . . . . 366
14.3 Comparison to Related Systems . . . . . . . . . . . . . . . 368
15 Use Cases and Applications 371
15.1 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
15.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . 382
15.3 Case Study: Secure Swiss Finance Network (SSFN) . . . . 385
15.4 Case Study: SCI-ED, a SCION-Based Research Network . . 389
16 Green Networking with SCION 393
16.1 Direct Power Savings with SCION . . . . . . . . . . . . . . 394
16.2 SCION Enables Green Inter-domain Routing . . . . . . . . 399
16.3 Incentives for ISPs to Use Renewable Energy Resources . . 404
17 Cryptography 407
17.1 How Cryptography Is Used in SCION . . . . . . . . . . . . 408
17.2 Cryptographic Primitives . . . . . . . . . . . . . . . . . . . 409
17.3 Local Cryptographic Primitives . . . . . . . . . . . . . . . 410
17.4 Global Cryptographic Primitives . . . . . . . . . . . . . . . 412
17.5 Post-Quantum Cryptography . . . . . . . . . . . . . . . . . 415
V Additional Security Systems 417
18 F-PKI: A Flexible End-Entity Public-Key Infrastructure 419
18.1 Trust Model . . . . . . . . . . . . . . . . . . . . . . . . . . 421
18.2 Overview of F-PKI . . . . . . . . . . . . . . . . . . . . . . 423
18.3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
18.4 Verifiable Data Structures . . . . . . . . . . . . . . . . . . 426
18.5 Selection of Map Servers . . . . . . . . . . . . . . . . . . . 428
18.6 Proof Delivery . . . . . . . . . . . . . . . . . . . . . . . . 428
18.7 Certificate Validation . . . . . . . . . . . . . . . . . . . . . 430
19 RHINE: Secure and Reliable Internet Naming Service 431
19.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . 433
19.2 Why a Fresh Start? . . . . . . . . . . . . . . . . . . . . . . 437
19.3 Overview of RHINE . . . . . . . . . . . . . . . . . . . . . 440
19.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 444
19.5 Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . 452
19.6 Secure Name Resolution . . . . . . . . . . . . . . . . . . . 455
19.7 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 457
20 PILA: Pervasive Internet-Wide Low-Latency Authentication 461
20.1 Trust-Amplification Model . . . . . . . . . . . . . . . . . . 463
20.2 Overview of PILA . . . . . . . . . . . . . . . . . . . . . . 464
20.3 ASes as Opportunistically Trusted Entities . . . . . . . . . 464
20.4 Authentication Based on End-Host Addresses . . . . . . . . 465
20.5 Certificate Service . . . . . . . . . . . . . . . . . . . . . . 466
20.6 NAT Devices . . . . . . . . . . . . . . . . . . . . . . . . . 467
20.7 Session Resumption . . . . . . . . . . . . . . . . . . . . . 467
20.8 Downgrade Prevention . . . . . . . . . . . . . . . . . . . . 468
VI Formal Verification 471
21 Motivation for Formal Verification 473
21.1 Local and Global Properties . . . . . . . . . . . . . . . . . 474
21.2 Quantitative Properties . . . . . . . . . . . . . . . . . . . . 475
21.3 Adversarial Environments . . . . . . . . . . . . . . . . . . 475
21.4 Design-Level and Code-Level Verification . . . . . . . . . . 476
22 Design-Level Verification 477
22.1 Overview of Design-Level Verification . . . . . . . . . . . 478
22.2 Background on Event Systems and Refinement . . . . . . . 482
22.3 Example: Authentication Protocol . . . . . . . . . . . . . . 488
22.4 Verification of the SCION Data Plane . . . . . . . . . . . . 494
22.5 Quantitative Verification of the N-Tube Algorithm . . . . . 510
23 Code-Level Verification 519
23.1 Why Code-Level Verification? . . . . . . . . . . . . . . . . 520
23.2 Introduction to Program Verification . . . . . . . . . . . . . 522
23.3 Verification of Go Programs . . . . . . . . . . . . . . . . . 533
23.4 Verification of Protocol Implementations . . . . . . . . . . 547
23.5 Secure Information Flow . . . . . . . . . . . . . . . . . . . 555
24 Current Status and Plans 563
24.1 Completed Work . . . . . . . . . . . . . . . . . . . . . . . 563
24.2 Ongoing Work . . . . . . . . . . . . . . . . . . . . . . . . 566
24.3 Future Plans and Open Challenges . . . . . . . . . . . . . . 567
VII Back Matter 573
25 Related Work 575
25.1 Future Internet Architectures . . . . . . . . . . . . . . . . . 575
25.2 Deployment of New Internet Architectures . . . . . . . . . 580
25.3 Inter-domain Multipath Routing Protocols . . . . . . . . . . 582
Bibliography 585
Glossary 641
Abbreviations 645
Index 651
