Scalability, Control, and Isolation On Next-Generation Networks.

SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication.

Community

SCION organizes existing ASes into groups of independent routing planes called isolation domains (ISDs).

Isolation domains interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding.

ISD ISD

As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers.

Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.

Why a clean-slate design? Why can't we adopt existing solutions?

The Internet was not designed as a high-security network. Security improvements primarily address specific attacks, but do not solve the fundamental problems and often introduce new undesirable consequences (e.g., BGPSEC prevents route hijacking but causes delayed route convergence, and does not support prefix aggregation which contributes to reduce scalability). With a clean-slate design, we can fundamentally improve the security to a level that is unlikely to be achievable through incremental changes.

SCION is being deployed with local and global ISPs to allow access to a wide base of end users.

The production network by Anapaya sees use in research, military applications, healthcare, and the financial sector, with one of the biggest deployments being the Swiss Secure Finance Network (SSFN), which connects all banks clearing Swiss francs. The SCION Education, Research and Academic (SCIERA) network connects universities and national research and education networks (NRENs), providing native SCION connectivity to students and researchers in an overlay-free, BGP-free network spanning North-America, Europe, Africa and Asia.

Check if you already have SCION connectivity

SCION currently has 250.000 connected end hosts, and many more are coming.

Placeholder
Placeholder
Placeholder

SCIONLab is a global (overlay) research network to test the SCION next-generation internet architecture.

SCIONLab works on top of the current (IP+BGP) internet, which means that you can join the SCIONLab network even if your ISP does not yet offer a native SCION connection. In the SCIONLab network you can run your own autonomous system (AS), which wil actively participate in routing in the SCIONLab network and enable experiments.

Learn more about SCIONLab

Resources that are live and ready for you to use on the SCION network.

The SCION ecosystem is continously growing with SCIONabled applications being developed on a regular basis. Here is a selection of a few awesome things that you can use right now, either directly connected to SCION or via SCIONLab.

  1. Jinglepings (coming soon)

    Use SCION Pings to light up specific pixels on a screen that is placed in Zürich, Switzerland. Code your own patterns and see them appear on the 24/7 livestream.

  2. Packet Inspector

    Send a SCION packet to a specific address and see the path your packet has taken, as well as the contents of your packet. An easy-to-use debugging tool.

  3. Hercules and Lightning Filter

    Hercules enables high-speed file transfer over the SCION network. Lightning Filter allows high-speed packet authentication, defending against unauthorized access and DDoS attacks. Start a file transfer now, or set up your own Hercules server.

The SCION Association facilitates the global adoption of SCION.

The SCION Association is a non-profit organisation that promotes collaboration within the ecosystem, sharing know-how with its members, facilitating open source development and enabling reliable, secure, and interoperable implementations thanks to standardisation and a certification program. The association organizes events such as the SCION Day, a day dedicated to sharing insights on SCION and connecting with industry leaders.

Visit the SCION association website

We are grateful for the collaborations and the support we receive from the following institutions:

European Research Council ETH Zuerich KDDI Corporation Swisscom Switch Infosec Global

and XIA, the eXpressive Internet Architecture.

The research leading to these results has received funding from the European Research Council under the European Union's Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement 617605. We gratefully acknowledge support from ETH Zurich and from the Zurich Information Security and Privacy Center (ZISC).

Connect with us

Want to provide ideas? Want to be part of our team? Want to see SCION in action? Want to run SCION yourself?

We would be happy to hear from you!

Email LinkedIn X