SCION architecture – A study

Abstract

This thesis deals with the new network architecture based on the secure transfer of information that is developed in Europe, SCION Architecture. SCION architecture is aiming to replace the existing network infrastructure which is based on the Border Gateway Protocol (BGP) by offering secure and encrypted traffic for the data plane from a secured control plane using source routing and Public Key Infrastructure (PKI). At the same time, it introduces the new concept of Isolation Domains (ISDs), which are logical groups of Autonomous Systems (AS), offering the possibility of connecting to other ASes and inserting them into an Isolation Domain (ISD). Through ISDs it is possible to trust the heterogeneity, the transparency in the security relationships between AS and the network paths that unite them. With SCION the routing process can be isolated from heterogeneous factors such as cyber-attacks, and the scalability of routing can be improved by separating it into two processes; one within the ISD itself and one between the cooperating ISDs. In particular, the SCION architecture offers a secure connection to the Internet without affecting the existing BGP connections of customers that do not participate in the Secure Backbone that SCION creates. Using it can prevent attacks based on BGP’s vulnerabilities such as BGP hijacking, which intercepts and then redirects normal BGP traffic to wrong geographic locations. Furthermore, SCION can significantly reduce, if not completely eliminate, Distributed Denial of Service (DDoS) attacks. Our purpose is to study this new architecture in depth and to arrive at the creation of the first SCION Attachment Point node in Greece for the Academic and Research Network.