SCION: A Secure Internet Architecture

Perrig, Adrian; Szałachowski, Paweł; Reischuk, Raphael M.; Chuat, Laurent

doi:10.1007/978-3-319-67080-5

Cited by 49 publications

(48 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although proposed since over 20 years [26], the deployment of DNSSEC can still be considered to be in its early stages [65,68]. Bearing this and efforts to further deploy HTTPS in mind [59], it is questionable if the WebPKI is going to be replaced by more promising, clean-slate architectures such as SCION in the near future [11,54]. This assumption leads to the question how to handle the risks which come along with the flawed WebPKI architecture as is?…”

Section: Resultsmentioning

confidence: 99%

MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness

Heinl

Giehl

Wiedermann

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

View full text Add to dashboard Cite

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.

show abstract

Section: Resultsmentioning

confidence: 99%

MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness

Heinl

Giehl

Wiedermann

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

View full text Add to dashboard Cite

show abstract

“…We implement a prototype SVLAN on top of SCION [44], a future Internet architecture that supports native segment routing, for testing the general functionality and performance. In addition, since SCION is designed for inter-domain segment routing, we expand the SCION data plane with an SVLAN extension header that conveys the intra-domain path segment and authorization proof, enabling communication at an endhost (and even application) granularity.…”

Section: Methodsmentioning

confidence: 99%

“…Figure 4 details the SVLAN extension header structure. The header begins with three bytes of general extension header fields [44]. SecType specifies the type of MAC that are used for generating the authorization proof, such as CMAC or HMAC.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

SVLAN: Secure & Scalable Network Virtualization

Kwon¹,

Lee²,

Hähni³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Network isolation is a critical modern Internet service. To date, network operators have created a logical network of distributed systems to provide communication isolation between different parties. However, the current network isolation is limited in scalability and flexibility. It limits the number of virtual networks and it only supports isolation at host (or virtualmachine) granularity. In this paper, we introduce Scalable Virtual Local Area Networking (SVLAN) that scales to a large number of distributed systems and offers improved flexibility in providing secure network isolation. With the notion of destination-driven reachability and packet-carrying forwarding state, SVLAN not only offers communication isolation but isolation can be specified at different granularities, e.g., per-application or per-process. Our proof-of-concept SVLAN implementation demonstrates its feasibility and practicality for real-world applications.

show abstract

“…This rate of connectivity interruptions would introduce a significant overhead for BGP speakers and negatively impact BGP convergence times. An important next step in our research agenda is to explore recent trends in networking (e.g., path-aware networking) and alternate interdomain networking architectures that improve on today's architecture [29].…”

Section: Effect On Bgp Announcementsmentioning

confidence: 99%

Networking in Heaven as on Earth

Klenze

Giuliari

Pappas

et al. 2018

Proceedings of the 17th ACM Workshop on Hot Topics in Networks

Self Cite

View full text Add to dashboard Cite

The Internet will undergo a major transformation as satellitebased Internet service providers start to disrupt the market. Constellations of hundreds to thousands of satellites promise to offer low-latency Internet to even the most remote areas. We anticipate exciting business and research opportunities. Motivated by the potential of the new satellite networks, we describe business and interconnection models for space-operating ISPs and how they could be integrated into the backbone of today's Internet. At the same time, in view of the high risk of these ventures, we study constellations under partial deployment. We take the SpaceX constellation as an example and show that even at 10% deployment it offers a high level of connectivity to most areas. However, this connectivity is intermittent, which raises challenges for integrating satellite networks into the Internet backbone.

show abstract

SCION: A Secure Internet Architecture

Cited by 49 publications

References 0 publications

MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness

MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness

SVLAN: Secure & Scalable Network Virtualization

Networking in Heaven as on Earth

Contact Info

Product

Resources

About