Next-generation secure, defined internet with SCION architecture

The internet was built in more simple, innocent times and was seized on by a curious mixture of visionaries, educators, academics and technology geeks as a way to democratise the distribution of information.

Decades later, the protocols that govern this interconnected network of private networks remain much the same, but the makeup of the inhabitants of 2024’s internet has changed significantly.

Now, the very basis on which the internet operates – its underlying communication protocols – are the means by which bad actors hope to extort and steal from, ransom, and exploit the internet’s users.

Financial data of the world’s nations intermingle with medically sensitive information, the video feeds of a billion CCTV cameras, and gossip about celebrities. Among this mass, teams of highly-skilled technologists we call hackers prey on the easily exploitable, with their sights set on vulnerable targets who are ill-prepared to combat the clever, cutting-edge methods of compromise their systems encounter every day.

While technologies exist that encrypt internet traffic in general (such as the SSL-based https used to obfuscate web traffic) and in particular (like VPNs established to specific hosts between secure endpoints), they are still transported by the same technologies in the form of protocols established deep in the history of the internet. These protocols were designed to be gregarious, so mission-critical data or financial private information is carried across the internet in the same manner as any other.

That issue means that although payloads can be relatively protected, the means of directing or routing traffic remain exploitable. This situation was the basis of research carried out by Swiss academic Adrian Perrig, who devised the SCION architecture at the prestigious ETH Zurich as a way of determining secure and resilient traffic routing. Without getting too deep into the technological weeds, the SCION architecture enables its users to dictate routes between privately-owned destinations and send data between them independently from the rest of the internet.

The Professor’s work has been so successful that the Swiss interbank clearing system, which could be called the heart and the brain of the Swiss banking system, runs entirely over the SCION network, ensuring the reliability and security that are paramount.

Anapaya is the commercial offspring of the SCION research project, that brings SCION technology to the open market. Its products, available as physical or virtual devices, arbitrate and route sensitive information between pre-defined nodes, with extensive granular rulesets allowing participating networks to exchange information in predetermined patterns, with set hosts, waypoints, traffic types and possible destinations dictated by the operators.

Next-generation secure, defined internet with SCION architectureNext-generation secure, defined internet with SCION architecture

Speaking exclusively to Cloud Computing News, the CEO of Anapaya, Martin Bosshardt gave us his ‘elevator pitch’ to the SCION network, saying, “The SCION protocol guarantees that your Internet Service is routable [and] you can grant access to your network to authorised users only. So you can render yourself invisible, or non-existent, to bad actors. Let’s say you have an SDN [software-defined network] of 50 locations. These 50 locations can share their routing information exclusively among each other. For anyone else on the internet, these 50 locations just don’t exist. There is no way that someone who does not own the routing information to your service can route or access to it, because they do not know it is there.”

For a layperson in the world of cybersecurity, it may seem like overkill for an organisation to effectively upgrade at least some of the more sensitive parts of its infrastructure. But Martin gave us some context as to quite how important it is to be able to trade, exchange information and use networked devices for the world at large. It’s most apparent in simple monetary terms, he said.

“The whole network security market has become a huge industry, so we would need to quote the figures exactly [$238bn in 2024]. But it seems that the network security market is now larger than the cancer treatment market [$223bn in 2024 ]. Cancer is perhaps the most scary and most fundamental concern to humanity and yet the industry to protect us in the internet has become larger. So we really have to fix this. Unlike cancer, the internet is man-made; we understand exactly how the internet works and why it has become a dangerous place. To make the internet a safe, secure and reliable network is comparably very, very simple.”

Given the need for secure networks, some companies go to extraordinary measures to protect themselves, involving replacing their network infrastructure from the ground up with physical replacements for standard internet devices and investing in MPLS connections (leased, dedicated lines).

“Go with a single provider, because obviously, if you build your own cabling or have your own infrastructure, you can create an isolated, secure situation. But very often you cannot bring your own cables to all the authorities you want to connect. And there comes the superpower of the internet. Critical services that run over the internet are not choosing it as their preferred network; they choose the internet because there is just no alternative.

“To render an internet connection private, you’re always dependent on layer five functionalities [of the OSI layers], right? Fundamentally you trust the routing protocol of the internet and BGP [border gateway protocol], and then you create privacy on the content – not on routing level. The moment you are on the internet, you have no control over the routing side. Isolation is happening with encryption. However, encryption is not isolating your service from bad actors. It’s only making sure you are in control of the content.”

That’s where Anapaya steps in. “With the SCION protocol you are in control of routing. You decide [and] design policies depending on the service. You control who has routable access to your service. You enforce geographic boundaries or limit connections to specific markets and network groups.”

SCION-based networks are rendering the ultimate combination of the security we know primarily from closed, private networks but with the flexibility and resilience of open, interdomain networks like the internet. What makes SCION compelling, is that it does not need new infrastructure, new cabling or routers. SCION is simply ‘chip-tuning’ the existing infrastructure of the internet which offers the most apt global network fit for the requirements of today.

To find out more about SCION and the implementation options Anapaya offers, the company will be appearing at Cyber Security and Cloud track at TechEx Europe coming up in Amsterdam on October 1 and 2, 2024. If you can’t make it in person, head to the Anapaya website and/or read the documentation, or contact a networking and security expert to book a demo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cybersecurity, encryption, fintech, Privacy, vpn