Speaker
Description
The Internet routing system (BGP) is rarely considered when discussing cybersecurity even though this remains an insecure aspect of the network and is increasingly used as an attack vector. Even though measures such as RPKI have been developed in recent years to improve routing security, adoption has been limited and still do not address the fundamental issue of limited control over where data is transiting.
SCION is a secure path-aware Internet architecture designed to address many of the limitations of BGP by offering high resilience to routing attacks and path selection for Internet users and operators. The ability to use Internet connections from different ISPs can be more flexible and cost effective than relying on dedicated point-to-point links, but the commodity Internet is not able to provide sufficiently trustworthy, reliable and resilient connections for many critical infrastructures, especially those with safety critical traffic. Having the ability to control the paths that traffic is sent through intermediate networks, is also important for reducing the possibilities for traffic interception, reconnaissance, man-in-the-middle and denial-of-service attacks, as well as ensuring that data can be geofenced especially looking towards a post-quantum world.
SCION addresses many of the existing issues with how traffic is sent over the Internet, including the issues of network trust, path selection, fast failover, and control over where data is transiting. It implements a trust model based around logical groupings of networks sharing a common jurisdiction with agreed trust policies and a standalone trust root (i.e. one that is not reliant on third-party Certificate Authorities) to validate the networks. This ensures that traffic is only exchanged between networks that are members of a trust domain, except that traffic which is explicitly allowed to be exchanged with other trust domains and the rest of the Internet. In particular, this allows truly sovereign networks to be built and operated.
SCION has commercial and open-source implementations and is already in production use in the Swiss financial services, healthcare and power utility industries, as well as being evaluated by other sectors (e.g. defence) running critical infrastructures. It is also being developed as an vendor-neutral IETF specification.
This proposed talk will discuss the use cases and the SCION design, architecture and trust mode. It will also discuss how SCION is deployed and how it compares with other current and proposed solutions such as RPKI, MPLS, SD-WAN, Segment Routing and BGPSEC.
Summary
SCION is a secure path-aware Internet architecture designed to address many of the limitations of BGP by offering high resilience to routing attacks and path selection for Internet users and operators. It implements a trust model based around logical groupings of networks sharing a common jurisdiction with agreed trust policies and a standalone trust root to validate the networks.
SCION is an open technology with multiple implementations that's operated by the Swiss financial, healthcare and power utility networks and currently supported by several UK-based ISPs including BT and Colt amongst others.
| Talk Duration | 25 Minutes Presentation (+5 Minutes Q&A) |
|---|---|
| Can your presentation be broadcast live on our webcast, which will be accessible via Youtube? | Yes |
| Can your presentation slides be published publicly on our Indico instance and the NetUK website? | Yes |
| Can a recording of your presentation be published publicly on our website? | Yes |
| Can a recording of your presentation be uploaded to our public YouTube channel? | Yes |
| Do you consent for us to publish your name and affiliation as a Speaker on the NetUK website and Social Media? | Yes |