{"product_id":"the-complete-guide-to-scion-from-design-principles-to-formal-verification-9783031052873","title":"The Complete Guide to SCION: From Design","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eWhen the SCION project started in 2009, the goal was to create an architecture offering high availability and security for basic point-to-point communication. In the five years since the publication of \u003ci\u003eSCION: A Secure Internet Architecture,\u003c\/i\u003e this next-generation Internet architecture has evolved in terms of both design and deployment.\u003c\/p\u003e\u003cp\u003eOn the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003eThis unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system\u003cb\u003e:\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eDescribes the principles that guided SCION's design as a secure and robust Internet architecture\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eProvides a comprehensive description of the next evolution in the way data finds its way through the Internet\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExplains how SCION can contribute to reducing carbon emissions, by introducing SCION Green Networking\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eDemonstrates how SCION not only functions in academic settings but also works in production deployments\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eDiscusses additional use cases for driving SCION's adoption\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePresents the approaches for formal verification of protocols and code\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases \u003cbr\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003eAssembled by a team with extensive experience in the fields of computer networks and security, this text\/reference is suitable for researchers, practitioners, and graduate students interested in network security. Also, readers with limited background in computer networking but with a desire to know more about SCION will benefit from an overview of relevant chapters in the beginning of the book.\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eForeword by Joël Mesot xi\u003cbr\u003e\u003c\/p\u003e  \u003cp\u003eForeword by Fritz Steinmann xiii\u003c\/p\u003e  \u003cp\u003ePreface xv\u003c\/p\u003e  \u003cp\u003eHow to Read This Book xvii\u003c\/p\u003e  \u003cp\u003eAcknowledgments xix\u003c\/p\u003e  \u003cp\u003e1 Introduction 1\u003c\/p\u003e  \u003cp\u003e1.1 Today’s Internet . . . . . . . . . . . . . . . . . . . . . . . 2\u003c\/p\u003e  \u003cp\u003e1.2 Goals for a Secure Internet Architecture . . . . . . . . . . . 9\u003c\/p\u003e  \u003cp\u003eI SCION Core Components 15\u003c\/p\u003e  \u003cp\u003e2 Overview 17\u003c\/p\u003e  \u003cp\u003e2.1 Infrastructure Components . . . . . . . . . . . . . . . . . . 20\u003c\/p\u003e  \u003cp\u003e2.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 21\u003c\/p\u003e  \u003cp\u003e2.3 Control Plane . . . . . . . . . . . . . . . . . . . . . . . . . 23\u003c\/p\u003e  \u003cp\u003e2.4 Data Plane . . . . . . . . . . . . . . . . . . . . . . . . . . 28\u003c\/p\u003e  \u003cp\u003e2.5 ISD and AS Numbering . . . . . . . . . . . . . . . . . . . 31\u003c\/p\u003e  \u003cp\u003e3 Authentication 35\u003c\/p\u003e  \u003cp\u003e3.1 The Control-Plane PKI (CP-PKI) . . . . . . . . . . . . . . 36\u003c\/p\u003e  \u003cp\u003e3.2 DRKey: Dynamically Recreatable Keys . . . . . . . . . . . 52\u003c\/p\u003e  \u003cp\u003e3.3 SCION Packet Authenticator Option . . . . . . . . . . . . . 61\u003c\/p\u003e  \u003cp\u003e4 Control Plane 65\u003c\/p\u003e  \u003cp\u003e4.1 Path-Segment Construction Beacons (PCBs) . . . . . . . . 66\u003c\/p\u003e  \u003cp\u003e4.2 Path Exploration (Beaconing) . . . . . . . . . . . . . . . . 69\u003c\/p\u003e  \u003cp\u003e4.3 Path-Segment Registration . . . . . . . . . . . . . . . . . . 71\u003c\/p\u003e  \u003cp\u003e4.4 PCB and Path-Segment Selection . . . . . . . . . . . . . . 73\u003c\/p\u003e  \u003cp\u003e4.5 Path Lookup . . . . . . . . . . . . . . . . . . . . . . . . . 80\u003c\/p\u003e  \u003cp\u003e4.6 Service Discovery . . . . . . . . . . . . . . . . . . . . . . 87\u003c\/p\u003e  \u003cp\u003e4.7 SCION Control Message Protocol (SCMP) . . . . . . . . . 89\u003c\/p\u003e  \u003cp\u003e5 Data Plane 93\u003cbr\u003e\u003c\/p\u003e  \u003cp\u003e5.1 Inter- and Intra-domain Forwarding . . . . . . . . . . . . . 94\u003c\/p\u003e  \u003cp\u003e5.2 Packet Format . . . . . . . . . . . . . . . . . . . . . . . . 95\u003c\/p\u003e  \u003cp\u003e5.3 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 96\u003c\/p\u003e  \u003cp\u003e5.4 The SCION Path Type . . . . . . . . . . . . . . . . . . . . 101\u003c\/p\u003e  \u003cp\u003e5.5 Path Construction (Segment Combinations) . . . . . . . . . 104\u003c\/p\u003e  \u003cp\u003e5.6 Packet Initialization and Forwarding . . . . . . . . . . . . . 115\u003c\/p\u003e  \u003cp\u003e5.7 Path Revocation . . . . . . . . . . . . . . . . . . . . . . . 120\u003c\/p\u003e  \u003cp\u003e5.8 Data-Plane Extensions . . . . . . . . . . . . . . . . . . . . 124\u003c\/p\u003e  \u003cp\u003eII Analysis of the Core Components 127\u003c\/p\u003e  \u003cp\u003e6 Functional Properties and Scalability 129\u003c\/p\u003e  \u003cp\u003e6.1 Dependency Analysis . . . . . . . . . . . . . . . . . . . . . 130\u003c\/p\u003e  \u003cp\u003e6.2 SCION Path Policy . . . . . . . . . . . . . . . . . . . . . . 135\u003c\/p\u003e  \u003cp\u003e6.3 Scalability Analysis . . . . . . . . . . . . . . . . . . . . . 148\u003c\/p\u003e  \u003cp\u003e6.4 Beaconing Overhead and Path Quality . . . . . . . . . . . . 150\u003c\/p\u003e  \u003cp\u003e7 Security Analysis 157\u003c\/p\u003e  7.1 Security Goals and Properties . . . . . . . . . . . . . . . . 158\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e7.2 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . 161\u003c\/p\u003e  \u003cp\u003e7.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 162\u003c\/p\u003e  \u003cp\u003e7.4 Control-Plane Security . . . . . . . . . . . . . . . . . . . . 165\u003c\/p\u003e  \u003cp\u003e7.5 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 170\u003c\/p\u003e  \u003cp\u003e7.6 Data-Plane Security . . . . . . . . . . . . . . . . . . . . . 172\u003c\/p\u003e  \u003cp\u003e7.7 Source Authentication . . . . . . . . . . . . . . . . . . . . 174\u003c\/p\u003e  \u003cp\u003e7.8 Absence of Kill Switches . . . . . . . . . . . . . . . . . . . 176\u003c\/p\u003e  \u003cp\u003e7.9 Other Security Properties . . . . . . . . . . . . . . . . . . . 179\u003c\/p\u003e  \u003cp\u003e7.10 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 181\u003c\/p\u003e  \u003cp\u003eIII Achieving Global Availability Guarantees 183\u003c\/p\u003e  \u003cp\u003e8 Extensions for the Control Plane 185\u003c\/p\u003e  \u003cp\u003e8.1 Hidden Paths . . . . . . . . . . . . . . . . . . . . . . . . . 185\u003c\/p\u003e  \u003cp\u003e8.2 Time Synchronization . . . . . . . . . . . . . . . . . . . . 190\u003c\/p\u003e  \u003cp\u003e8.3 Path Metadata in PCBs . . . . . . . . . . . . . . . . . . . . 197\u003c\/p\u003e  \u003cp\u003e9 Monitoring and Filtering 203\u003c\/p\u003e  \u003cp\u003e9.1 Replay Suppression . . . . . . . . . . . . . . . . . . . . . . 204\u003c\/p\u003e  \u003cp\u003e9.2 High-Speed Traffic Filtering with LightningFilter . . . . . . 207\u003c\/p\u003e  \u003cp\u003e9.3 Probabilistic Traffic Monitoring with LOFT . . . . . . . . . 217\u003c\/p\u003e  \u003cp\u003e10 Extensions for the Data Plane 227\u003cbr\u003e\u003c\/p\u003e  \u003cp\u003e10.1 Source Authentication and Path Validation with EPIC . . . . 228\u003c\/p\u003e  \u003cp\u003e10.2 Bandwidth Reservations with COLIBRI . . . . . . . . . . . 237\u003c\/p\u003e  \u003cp\u003e11 Availability Guarantees 267\u003c\/p\u003e  \u003cp\u003e11.1 Availability Goals and Threat Landscape . . . . . . . . . . 268\u003c\/p\u003e  11.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 270\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e11.3 Defense Systems . . . . . . . . . . . . . . . . . . . . . . . 271\u003c\/p\u003e  \u003cp\u003e11.4 Traffic Prioritization . . . . . . . . . . . . . . . . . . . . . 278\u003c\/p\u003e  \u003cp\u003e11.5 Protected DRKey Bootstrapping . . . . . . . . . . . . . . . 283\u003c\/p\u003e  \u003cp\u003e11.6 Protection of Control-Plane Services . . . . . . . . . . . . . 288\u003c\/p\u003e  \u003cp\u003e11.7 AS Certification . . . . . . . . . . . . . . . . . . . . . . . 294\u003c\/p\u003e  \u003cp\u003e11.8 Security Discussion . . . . . . . . . . . . . . . . . . . . . . 297\u003c\/p\u003e  \u003cp\u003eIV SCION in the Real World 301\u003c\/p\u003e  \u003cp\u003e12 Host Structure 303\u003c\/p\u003e  \u003cp\u003e12.1 Host Components . . . . . . . . . . . . . . . . . . . . . . . 303\u003c\/p\u003e  \u003cp\u003e12.2 Future Approaches . . . . . . . . . . . . . . . . . . . . . . 307\u003c\/p\u003e  \u003cp\u003e13 Deployment and Operation 317\u003c\/p\u003e  \u003cp\u003e13.1 Global Deployment . . . . . . . . . . . . . . . . . . . . . . 319\u003c\/p\u003e  \u003cp\u003e13.2 End-Host Deployment and Bootstrapping . . . . . . . . . . 327\u003c\/p\u003e  \u003cp\u003e13.3 The SCION–IP Gateway (SIG) . . . . . . . . . . . . . . . . 332\u003c\/p\u003e  \u003cp\u003e13.4 SIG Coordination Systems . . . . . . . . . . . . . . . . . . 336\u003c\/p\u003e  \u003cp\u003e13.5 SCION as a Secure Backbone AS (SBAS) . . . . . . . . . . 345\u003c\/p\u003e  \u003cp\u003e13.6 Example: Life of a SCION Data Packet . . . . . . . . . . . 354\u003c\/p\u003e  \u003cp\u003e14 SCIONLAB Research Testbed 361\u003c\/p\u003e  \u003cp\u003e14.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 362\u003c\/p\u003e  \u003cp\u003e14.2 Research Projects . . . . . . . . . . . . . . . . . . . . . . . 366\u003c\/p\u003e  \u003cp\u003e14.3 Comparison to Related Systems . . . . . . . . . . . . . . . 368\u003c\/p\u003e  \u003cp\u003e15 Use Cases and Applications 371\u003c\/p\u003e  \u003cp\u003e15.1 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 372\u003c\/p\u003e  \u003cp\u003e15.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . 382\u003c\/p\u003e  \u003cp\u003e15.3 Case Study: Secure Swiss Finance Network (SSFN) . . . . 385\u003c\/p\u003e  \u003cp\u003e15.4 Case Study: SCI-ED, a SCION-Based Research Network . . 389\u003c\/p\u003e  \u003cp\u003e16 Green Networking with SCION 393\u003c\/p\u003e  \u003cp\u003e16.1 Direct Power Savings with SCION . . . . . . . . . . . . . . 394\u003c\/p\u003e  \u003cp\u003e16.2 SCION Enables Green Inter-domain Routing . . . . . . . . 399\u003c\/p\u003e  \u003cp\u003e16.3 Incentives for ISPs to Use Renewable Energy Resources . . 404\u003c\/p\u003e  \u003cp\u003e17 Cryptography 407\u003cbr\u003e\u003c\/p\u003e  \u003cp\u003e17.1 How Cryptography Is Used in SCION . . . . . . . . . . . . 408\u003c\/p\u003e  \u003cp\u003e17.2 Cryptographic Primitives . . . . . . . . . . . . . . . . . . . 409\u003c\/p\u003e  \u003cp\u003e17.3 Local Cryptographic Primitives . . . . . . . . . . . . . . . 410\u003c\/p\u003e  \u003cp\u003e17.4 Global Cryptographic Primitives . . . . . . . . . . . . . . . 412\u003c\/p\u003e  \u003cp\u003e17.5 Post-Quantum Cryptography . . . . . . . . . . . . . . . . . 415\u003c\/p\u003e  \u003cp\u003eV Additional Security Systems 417\u003c\/p\u003e  \u003cp\u003e18 F-PKI: A Flexible End-Entity Public-Key Infrastructure 419\u003c\/p\u003e  \u003cp\u003e18.1 Trust Model . . . . . . . . . . . . . . . . . . . . . . . . . . 421\u003c\/p\u003e  \u003cp\u003e18.2 Overview of F-PKI . . . . . . . . . . . . . . . . . . . . . . 423\u003c\/p\u003e  \u003cp\u003e18.3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424\u003c\/p\u003e  \u003cp\u003e18.4 Verifiable Data Structures . . . . . . . . . . . . . . . . . . 426\u003c\/p\u003e  \u003cp\u003e18.5 Selection of Map Servers . . . . . . . . . . . . . . . . . . . 428\u003c\/p\u003e  \u003cp\u003e18.6 Proof Delivery . . . . . . . . . . . . . . . . . . . . . . . . 428\u003c\/p\u003e  \u003cp\u003e18.7 Certificate Validation . . . . . . . . . . . . . . . . . . . . . 430\u003c\/p\u003e  \u003cp\u003e19 RHINE: Secure and Reliable Internet Naming Service 431\u003c\/p\u003e  \u003cp\u003e19.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . 433\u003c\/p\u003e  \u003cp\u003e19.2 Why a Fresh Start? . . . . . . . . . . . . . . . . . . . . . . 437\u003c\/p\u003e  \u003cp\u003e19.3 Overview of RHINE . . . . . . . . . . . . . . . . . . . . . 440\u003c\/p\u003e  \u003cp\u003e19.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 444\u003c\/p\u003e  \u003cp\u003e19.5 Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . 452\u003c\/p\u003e  \u003cp\u003e19.6 Secure Name Resolution . . . . . . . . . . . . . . . . . . . 455\u003c\/p\u003e  \u003cp\u003e19.7 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 457\u003c\/p\u003e  \u003cp\u003e20 PILA: Pervasive Internet-Wide Low-Latency Authentication 461\u003c\/p\u003e  \u003cp\u003e20.1 Trust-Amplification Model . . . . . . . . . . . . . . . . . . 463\u003c\/p\u003e  \u003cp\u003e20.2 Overview of PILA . . . . . . . . . . . . . . . . . . . . . . 464\u003c\/p\u003e  \u003cp\u003e20.3 ASes as Opportunistically Trusted Entities . . . . . . . . . 464\u003c\/p\u003e  \u003cp\u003e20.4 Authentication Based on End-Host Addresses . . . . . . . . 465\u003c\/p\u003e  \u003cp\u003e20.5 Certificate Service . . . . . . . . . . . . . . . . . . . . . . 466\u003c\/p\u003e  \u003cp\u003e20.6 NAT Devices . . . . . . . . . . . . . . . . . . . . . . . . . 467\u003c\/p\u003e  \u003cp\u003e20.7 Session Resumption . . . . . . . . . . . . . . . . . . . . . 467\u003c\/p\u003e  \u003cp\u003e20.8 Downgrade Prevention . . . . . . . . . . . . . . . . . . . . 468\u003c\/p\u003e  \u003cp\u003eVI Formal Verification 471\u003c\/p\u003e  \u003cp\u003e21 Motivation for Formal Verification 473\u003c\/p\u003e  \u003cp\u003e21.1 Local and Global Properties . . . . . . . . . . . . . . . . . 474\u003c\/p\u003e  \u003cp\u003e21.2 Quantitative Properties . . . . . . . . . . . . . . . . . . . . 475\u003c\/p\u003e  \u003cp\u003e21.3 Adversarial Environments . . . . . . . . . . . . . . . . . . 475\u003c\/p\u003e  \u003cp\u003e21.4 Design-Level and Code-Level Verification . . . . . . . . . . 476\u003cbr\u003e\u003c\/p\u003e  \u003cp\u003e22 Design-Level Verification 477\u003c\/p\u003e  \u003cp\u003e22.1 Overview of Design-Level Verification . . . . . . . . . . . 478\u003c\/p\u003e  \u003cp\u003e22.2 Background on Event Systems and Refinement . . . . . . . 482\u003c\/p\u003e  \u003cp\u003e22.3 Example: Authentication Protocol . . . . . . . . . . . . . . 488\u003c\/p\u003e  \u003cp\u003e22.4 Verification of the SCION Data Plane . . . . . . . . . . . . 494\u003c\/p\u003e  \u003cp\u003e22.5 Quantitative Verification of the N-Tube Algorithm . . . . . 510\u003c\/p\u003e  \u003cp\u003e23 Code-Level Verification 519\u003c\/p\u003e  \u003cp\u003e23.1 Why Code-Level Verification? . . . . . . . . . . . . . . . . 520\u003c\/p\u003e  \u003cp\u003e23.2 Introduction to Program Verification . . . . . . . . . . . . . 522\u003c\/p\u003e  \u003cp\u003e23.3 Verification of Go Programs . . . . . . . . . . . . . . . . . 533\u003c\/p\u003e  23.4 Verification of Protocol Implementations . . . . . . . . . . 547\u003cp\u003e\u003c\/p\u003e  \u003cp\u003e23.5 Secure Information Flow . . . . . . . . . . . . . . . . . . . 555\u003c\/p\u003e  \u003cp\u003e24 Current Status and Plans 563\u003c\/p\u003e  \u003cp\u003e24.1 Completed Work . . . . . . . . . . . . . . . . . . . . . . . 563\u003c\/p\u003e  \u003cp\u003e24.2 Ongoing Work . . . . . . . . . . . . . . . . . . . . . . . . 566\u003c\/p\u003e  \u003cp\u003e24.3 Future Plans and Open Challenges . . . . . . . . . . . . . . 567\u003c\/p\u003e  \u003cp\u003eVII Back Matter 573\u003c\/p\u003e  \u003cp\u003e25 Related Work 575\u003c\/p\u003e  \u003cp\u003e25.1 Future Internet Architectures . . . . . . . . . . . . . . . . . 575\u003c\/p\u003e  \u003cp\u003e25.2 Deployment of New Internet Architectures . . . . . . . . . 580\u003c\/p\u003e  \u003cp\u003e25.3 Inter-domain Multipath Routing Protocols . . . . . . . . . . 582\u003c\/p\u003e  \u003cp\u003eBibliography 585\u003c\/p\u003e  \u003cp\u003eGlossary 641\u003c\/p\u003e  \u003cp\u003eAbbreviations 645\u003c\/p\u003e  Index 651\u003cbr\u003e\u003cbr\u003e","brand":"Springer International Publishing AG","offers":[{"title":"Default Title","offer_id":51360330973527,"sku":"9783031052873","price":98.99,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9783031052873.jpg?v=1754127356","url":"https:\/\/bookcurl.com\/products\/the-complete-guide-to-scion-from-design-principles-to-formal-verification-9783031052873","provider":"Book Curl","version":"1.0","type":"link"}