Operator survey: Incrementally deployable secure Internet routing

Dear Nanog,

We appreciate that your time is very precious, but we wanted to ask you for your help in answering a brief survey about a new secure routing system we have developed in a research collaboration between ETH, Princeton University, and University of Virginia. We’d like to thank those of you who have already helped us fill out the survey and provided insightful feedback. Your input is critical for helping inform our further work on this project.

Here is the link to our survey, which takes about 10 minutes to complete, including watching a brief 3-minute introductory video:
https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list

Our architecture, called Secure Backbone AS (SBAS), allows clients to benefit from emerging secure routing deployments like SCION by tunneling into a secure infrastructure. SBAS provides substantial routing security improvements when retrofitted to the current Internet. It also provides benefits even to non-participating networks and endpoints when communicating with an SBAS-protected entity.

We currently have a functional prototype of this network using SCIONLab (for the secure backbone) and the PEERING testbed (to make outbound BGP announcements). Our ultimate aim is to develop and deploy SBAS beyond an experimental scope, and the input of network operators that would actually have to run these PoPs would greatly benefit this project and help make secure routing a reality.

With kind regards,

Prateek, Adrian, and Yixin

This all looks like a network made for surveilling the planet's citizens more easily. Even in the FAQs!

Hi Scott,

Thank you for your comment! We understand the privacy concern. As for SBAS, the backbone is operated in a federated manner among PoP operators. In our current deployment, the PoP operators are located across three continents. On the other hand, due to the federated structure of the SBAS PoP operators, a governance structure is needed to coordinate global operation. We have outlined four potential governance models, i.e., ICANN and Regional Internet Registries, a multi-stakeholder organization, a federation of network providers, or a decentralized governance model. The four models are described in further detail in the survey, and we would love to hear your opinions about them.

Best,
Yixin

This seems like Rube Goldberg Machine levels of complexity and overhead to try and solve for forged-origin , when good best practices already makes the risk of that almost negligible.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

Dear Nanog,

We appreciate that your time is very precious, but we wanted to ask you for your help in answering a brief survey about a new secure routing system we have developed in a research collaboration between ETH, Princeton University, and University of Virginia.

Prateek, Adrian, and Yixin,

With the greatest of respect I'm afraid this kind of exemplifies the sort of dream-ware that can only be thought up in the cozy confines of a university campus.

Why do I say this ?

Because the first thing that I thought of when I read the subject line of your email and a cursory glance through the body was "Uh huh, I've heard this sort of thing somewhere before", and that somewhere was ....

IPv6 was sold as "incrementally deployable", and with IPv6 we're talking something natively dual-stack operating over the same old "internet".

And look where we are today ? A decade or so on and the world is still nowhere near 100% IPv6 coverage, with some major networks still not anywhere near, and with other major networks only just launching IPv6 (e.g. the hyperscalers ... or at least some of them). And that's before we start considering the developing world.

Or if we put IPv6 to one side. Why do you think BGP is *still* so stubbornly here ? Because it works (most of the time), everyone knows how it works, and its been battle tested.

So the chances of something more drastic like your proposal ever seeing the light of day beyond some university labs ?

Sorry to rain on your parade guys !

Laura

Hello,

“are described in further detail in the survey”

Doing the survey gives legitimacy to something I feel is not correct

Hi Laura

With the greatest of respect I’m afraid this kind of exemplifies the sort of dream-ware that can only be thought up in the cozy confines of a university campus.

Indeed, that’s the origin of many innovations – and some of them do make it into the real world.

So the chances of something more drastic like your proposal ever seeing the light of day beyond some university labs?

We already have a working prototype system. It’s quite exciting to see how the existing SCION backbone can be used to provide immediate benefits for traditional IP end hosts.

Sorry to rain on your parade guys!

No problem, thank you for your honest feedback! It is very important to gather these opinions / viewpoints.

All the best
Adrian

Hi Scott

"Do you use countries as ISDs? Doesn’t that create opportunities for government intervention and censorship?
I asked about the ISDs and put a FAQ you have as an example. I didn’t ask about the SBAS. It seems to me that the ingress/egress of an ISD is the place a government surveillance network would reside. All country internet communications go through a chokepoint to get on the SBAS, so it’s easier to surveil the population. Especially if you envision the ISD to have its own DNS.

You’re referring to the FAQ on page 409 of the SCION book:
https://www.scion-architecture.net/pdf/SCION-book.pdf

The following question in the book is about government censorship, stating the arguments why censorship is more challenging in SCION than in today’s Internet. As we have witnessed in the past, censorship has been successful in today’s Internet.

Note that the ISD concept represents a virtual grouping of ASes, an AS can be part of several ISDs at the same time. When you look at the ISD concept, it brings transparency and scalability rather than facilitate censorship. A recent paper shows that (partially thanks to ISDs) scalability of SCION inter-domain routing is much improved compared to BGP or BGPsec, with about 200 times lower overhead than BGP and 1000 times lower overhead than BGPsec on a per-path basis:
https://netsec.ethz.ch/publications/papers/2021_conext_deployment.pdf

What will you do about space? The moon? (That one’s coming sooner that folks might expect: https://www.nokia.com/networks/insights/network-on-the-moon)

As for network deployments on the Moon, SCION can bring advantages there as well, for instance a “moon ISD” will make it easy to ensure that moon-to-moon packets don’t inadvertently take a detour via a terrestrial router. A related result that may be of interest to the operator community is our analysis of using path-aware networking for integrating LEO satellite networks into the Internet: https://netsec.ethz.ch/publications/papers/ccr-ibis-2020.pdf

Will each ISD (ISD = Isolation Domain) have it’s own DNS?

The SCION DNS story has evolved much since the first book, to only use a single global name space in the current design (which is written up in the new SCION book that will go to the printer next week, ping me if you’d like to see a pre-print).

All the best
Adrian