Register now: SCION Day 2024 on 22 October 2024! Visit
17 September 2024

How soon can SCION reach escape velocity?

A blog by Adrian Perrig, ETH Zurich, and Nicola Rustignoli, SCION Association

Share this post

The SCION secure network architecture represents a groundbreaking shift in Internet design, adding exciting new properties compared to the current Internet infrastructure. SCION promises to introduce security benefits, optimize the efficiency of network communication, and enable new business models for Internet Service Providers (ISPs).

Given these benefits and the steady stream of Internet outages, how come SCION is not in wide use already? Why do national governments and large corporations not immediately adopt and deploy SCION? As we have seen in the past, the adoption speed of new Internet technologies such as IPv6 has been very sluggish, put mildly. In this article, we describe the circumstances in which the speed of adoption of SCION is rapid to reach escape velocity (e.g., achieve 1% of global Internet traffic). Once this milestone is achieved, wide-spread adoption will be rapid, as the wide-spread availability of a secure, reliable, and efficient network architecture will inherently drive further adoption. The question remains: how soon can we reach escape velocity?

The solution for critical infrastructure ecosystem communication

As witnessed in Switzerland, SCION is an ideal network communication technology for critical infrastructures. In fact, the Secure Swiss Finance Network (SSFN) has substantially advanced the early SCION deployment in Switzerland. With the availability of SCION connectivity, other critical infrastructures can now rapidly innovate and establish their secure communication networks, such as healthcare (SSHN) and energy (SSEN). Furthermore, the Swiss experience with SCION can serve as a model that can be adopted internationally as global deployment grows, by joining forces between the SCION ecosystem and the SCION Association.

SCION provides transformative benefits for any Internet-based communication, giving rise to the question on how fast the adoption speed would be until everyday consumers can benefit from SCION. In this article, we first describe the advantages that SCION can offer to everyday consumers, hinting at potential business models that could facilitate and accelerate this adoption, and sketching how technical adoption could proceed.

As with many new technologies, adoption of a disruptive technology needs to overcome many barriers, especially in the case of a new Internet technology. Specifically, user demand, availability of infrastructure, and technical implementations must be aligned. Experience with IPv6 suggests an at best very sluggish uptake that would require 2 decades to reach a meaningful magnitude of deployment. In contrast, we expect the uptake of SCION to be rapid, thanks to the intrinsic benefits and because IPv6 has cleared a pathway in the jungle of obstacles. The core of the argument is that a software update enabling SCION can translate
into a noticeable performance and network quality increase for the user – in a competitive application landscape the innovators’ adoption will give them an advantage, forcing competitors to also use the technology. Once set in motion, such a feedback cycle can rapidly drive adoption, providing the exciting prospect of a widely deployed secure Internet before the end of this decade.

Significant Security Benefits Over Today’s Internet

SCION’s architecture addresses several fundamental issues inherent in the current Internet design. Today’s Internet, despite its vast success, suffers from vulnerabilities such as prefix hijacking, BGP instabilities, and the lack of inherent security features. Through a security-centric design, SCION fundamentally enhances reliability and availability, by redesigning the trust infrastructures, control protocols, and packet forwarding mechanisms. It introduces isolation domains (ISDs) that provide fault isolation – preventing the widespread impact of local failures, attacks, and configuration errors. Secure routing is used by default, protecting routing information with digital signatures. Geofencing provides control over which paths packets can traverse and where they cannot, protecting packets from potential eavesdroppers.

Thus, it is fair to say that SCION offers a comprehensive security upgrade that we desperately need to achieve highly resilient and available communication at low cost on a public Internet infrastructure. Given its significant security benefits, we anticipate that SCION will be actively promoted by regulators and industry seeking solutions for secure WAN communication.

Multipath Offers Optimization Opportunities

One of the key features of SCION is its multipath communication capability. Unlike the traditional single-path forwarding of IPv4 and IPv6, SCION allows the sender to select among multiple path options offered by the network. This multipath capability provides exciting optimization opportunities:

  • Improved performance: By leveraging multiple paths, SCION can optimize for latency, bandwidth, or reliability, enhancing overall performance. Even after a modest amount of adoption in international networks, SCION can achieve performance gains surpassing 10% in many cases, in some cases even exceeding 50% in terms of end-to-end latency (which indicates the time for a network packet to travel from the sender to the receiver). Further gains are expected as deployment expands and additional paths become available.

  • Resilience and availability: Multipath routing inherently increases network resilience. If one path fails or becomes congested, traffic can be dynamically rerouted through alternative paths, reducing downtime and maintaining service quality. Such fast failover provides operational continuity, which is especially important in critical infrastructures.

  • Enhanced security: Multipath communication also mitigates certain types of attacks, such as Distributed Denial of Service (DDoS), by distributing traffic across multiple routes, making it harder for attackers to overload a single point of failure.

The IETF is now developing multipath QUIC, a new transport protocol that can leverage multiple paths. MPQUIC and SCION are perfectly synergistic: SCION can offer dozens of path options, and MPQUIC can become a technical enabler to SCION adoption.

New Business Models for Internet Service providers

SCION opens up innovative business opportunities for ISPs that are not feasible with today’s Internet architecture. These include:

  • Premium path-aware services: ISPs can differentiate with premium services based on path control, allowing customers to select or avoid specific paths for their traffic, based on criteria such as latency, security, or jurisdiction. For example, ISPs can offer premium paths that bear a higher cost, for instance, paths traversing a low earth-orbit (LEO) satellite network, or a high-speed microwave network.

  • Extended customer reach: ISPs can sell services to customers who are not directly connected to their network by leveraging SCION’s inter-domain capabilities. This extends the potential customer base and creates new revenue streams. For instance, ISPs can provide CDN offerings or cloud computation products that are announced through the SCION path dissemination mechanism.

  • Enhanced security services: With built-in path security and a reduced DDoS attack surface, ISPs can offer enhanced security packages, providing added value to customers threatened by cyber attacks.

Experiences in deploying SCION within critical infrastructure ecosystems have demonstrated clear market opportunities for B2B communication. In addition, SCION-based products such as the GATE, can extend some of the benefits of SCION to small business and residential customers. In Switzerland, thanks to the secure networks built for the finance and healthcare industries, over 80% of consumers can now obtain SCION connectivity from their ISP. In particular, for the Anapaya GATE offering, close to 100% of users in Switzerland can benefit from SCION protection to reach important websites or services that elect to protect their traffic through this service. GATE is the result of collaboration of Anapaya and network service providers to offer SCION connectivity to critical services without requiring any hardware or software changes by users, as an IP-to-SCION translation is performed within the network.

New deployment models such as the GATE enable adoption on a wide scale, expanding monetization opportunities to a broad B2C customer base, improving ROI for ISPs.

As with any disruptive technology, business model innovation is unpredictable as it is fueled by human ingenuity, thus it is expected that ISPs will offer exciting new products based on SCION for many years to come.

Additional Endhost Software Unlocks SCION’s Benefits

Benefitting from SCION does not require a complete overhaul of existing infrastructure. Instead, it can be deployed incrementally, for instance by using SCION-IP Gateways (SIG) that converts IP packets into SCION packets, and back to IP at the destination. This approach does not require any changes to existing applications, and it proved itself to be viable for critical infrastructure ecosystems such as the secure ecosystem “S*N” networks.
However, to unlock the full benefits of SCION, software changes on the end host are needed, either in the application or in the operating system. Both changes are daunting: convincing millions of end applications to update is unrealistic, and updating operating systems is similarly challenging until SCION achieves broader adoption. A more promising avenue is making changes in “middleware” or libraries that are used by many applications. One avenue is to extend the “Happy Eyeballs” protocol that was introduced to facilitate the use of both IPv4 and IPv6 for applications, which is supported by widely used libraries and by all major operating systems. Happy Eyeballs shields applications from handling the complexities of switching between IPv4 and IPv6, and its use is thus expanding to many applications. By adding SCION as a third option to Happy Eyeballs, all applications using those libraries running on end hosts in SCIONabled networks would immediately benefit from SCION for communicating with SCIONabled services.
Another example is an HTTP proxy that can switch HTTP connections to SCIONabled servers, which was demonstrated as a prototype in a Chromium extension. This extension enables, for example, users using the Brave browser in SCIONabled networks to fetch the ETH web page via a native SCION connection.
Finally, coupling SCION with the upcoming Multipath QUIC standard, would make it possible for applications to leverage the benefits of multipath. Similarly to the Happy Eyeballs approach, a SCION extension to Multipath QUIC would enable QUIC to simultaneously use IPv4, IPv6, and a diversity of SCION paths to the destination. This would open up a new world of opportunities for optimizing communication.
Through the availability of SCION communication, applications could optimize for latency and jitter (e.g., for high-quality voice communication), optimize for throughput (e.g., for fast data transfers), optimize for monetary cost, or optimize to reduce the CO2 emissions along the path to the destination. Although most users would not be aware of the underlying network operation, they would certainly notice higher-quality communication and increased reliability compared to the single-path Internet.

Two’s a Company, Three’s a Party

In redundancy and decentralization, the saying “two’s a company and three’s a crowd” doesn’t apply, as efficiency and reliability can improve in well-engineered systems through more options.

A significant advantage of SCION is its ability to run side-by-side with existing Internet protocols. A triple-way stack approach ensures that IPv4 and IPv6 can always be used as a fallback, guaranteeing that communication quality can be strictly improved by adding SCION as a third option.

A Potential Adoption Scenario

The technology adoption life cycle often follows an S-curve, where initial adoption is limited, but once the right conditions are in place the deployment rapidly transitions toward full adoption.

Conditioned on a continuing rollout of SCION connectivity, consolidation and international expansion of critical infrastructure networks (e.g., secure ecosystem networks “S*N”) will drive the adoption of SCION by service providers.

Once SCION is available to users through mobile networks, and to services through cloud providers, the SCION infrastructure established for critical infrastructure becomes an enabler for adoption in mass markets. The opportunity for increasing communication quality can drive SCION adoption in gaming, teleconferencing, high-availability use cases, etc.

Once the early adopters deploy SCION, market competition will force adoption by their competitors. This will set in motion a virtuous cycle, where increasing adoption of SCION in an application will produce more SCION traffic, which incentivizes more ISPs to offer SCION connectivity, which results in more users and services being reachable via SCION, which in turn incentivizes more applications to adopt SCION as an additional option besides IPv4/6. Given the short update cycles in today’s software, deployment and rollout can be very rapid.

Summary

SCION’s deployed infrastructure offers the potential for significant improvements in performance, security, and reliability for network communication. Its ability to deploy incrementally and operate side-by-side with IPv4 and IPv6 promises to enhance communication quality whenever possible. Surprisingly, these benefits can be achieved through a software update of the application or the networking library the application relies on.
Following adoption in critical infrastructure ecosystems, SCION’s availability is now expanding to millions of users, enabling the emergence of SCION-native applications, which is anticipated to set in motion a virtuous feedback cycle for SCION adoption. It is thus conceivable that our society will benefit from a widely available secure Internet infrastructure before the end of this decade.