SCION secure internet enters everyday service

Today, anyone at ETH Zurich looking to transmit data or messages usually uses internet services such as the World Wide Web or e-mail applications. From now on, should they need to transmit data that has special requirements, members of the ETH community can instead opt to use the SCION network infrastructure ¨C a fast, secure and reliable alternative to conventional internet infrastructure.

SCION was invented and developed at ETH Zurich by Adrian Perrig, Professor of Computer Science, and his Network Security Group. Other computer science professors play a key role, too: David Basin¡¯s Information Security Group helps maintain the high security of the system and Peter M¨¹ller¡¯s Program Methodology Group helps ensure the security of the implementation.

The name SCION stands for ¡°Scalability, Control, and Isolation On Next-Generation Networks¡±. In contrast to conventional internet infrastructure, a data packet sent via SCION is not only provided with the receiving address, but already contains the entire route it is to take on its way through the internet at the time of sending. This means that with SCION, data packets don¡¯t take detours ¨C as they often do in today¡¯s internet ¨C and confidential data doesn¡¯t go astray unexpectedly.

Now, as part of its ¡°SCION @ ETH Domain (SCI-ED)¡± project, IT Services (ITS) has installed the SCION network at ETH Zurich. From now on, ITS will operate the data network for the ETH community and make it available to members on demand. SCION has yet to be integrated into the IT Service catalogue. Should any group have a need to use SCION, they can contact ITS and ITS will look at how best to provide it to them.

No need for a special computer

Do users need special network components or software to use SCION? ¡°Fortunately, no! In the simplest case, one of ITS¡¯s existing SCION IP gateways can transparently rewrite the conventional IP network packets,¡± says Dordaneh Arangeh of ETH IT Services, who is project leader for SCION @ ETH Domain. ¡°This lets ETH employees benefit from SCION features without making changes to their system. Depending on the application, it may be a good idea to install the SCION software directly, so that ¨C like the current internet ¨C the SCION internet is available to every computer on the ETH network.¡± The gateway is the connection point that enables data exchange via SCION.

For users, SCION is just as easy to use as conventional internet services. But it has some advantages over these for anyone wanting to transmit sensitive and strictly confidential data. This may be necessary in medical informatics, for example, when highly sensitive patient data is transmitted from hospitals and processed on the high-performance Leonhard Med cluster set up specifically for medical data analyses.

Directing data traffic securely

In the case of highly confidential data, SCION makes it possible to establish particularly secure connections at the user¡¯s request. By carefully choosing a path for the data, the user can enable geofencing and limit traffic to a specific geographic area. What¡¯s more, the connections can be set up in a way that greatly increases the data transmission rate, for example by using several different network paths simultaneously. ¡°This is a case of SCION increasing not only network security and speed but also flexibility,¡± Arangeh says.

Not limited to ETH Zurich

Use of SCION isn¡¯t limited to ETH: in 2018, the ETH Board decided to introduce SCION technology throughout the ETH Domain (ETH, EPFL, PSI, WSL, Empa, Eawag). This resulted in the ¡°SCION @ ETH Domain¡± project, in which ETH Zurich was the lead partner, with the institutions each setting up their own implementation teams. Employees of the Singapore-ETH Centre can also use SCION. In addition, SWITCH, the data network operator for Swiss universities, offers SCION to all universities in Switzerland via its network.

Furthermore, IT Services concluded licence and maintenance agreements with the SWITCH Foundation and the ETH spin-off Anapaya Systems, which emerged from the Network Security Group. Anapaya provided the necessary infrastructure components and software for operation at ETH Zurich. ¡°SCION @ ETH Domain¡± was concluded in the summer of 2021. The ETH Executive Board was briefed on SCION¡¯s introduction in November.