An internet immune to cyberattacks? Yes, it exists!
The financial industry is built on trust, but with cyberattacks becoming more common, how can that trust be maintained moving forward? There may be a solution: an internet immune to cyberattacks by the design of its architecture. Computer science professor Adrian Perrig and his team at ETH Zurich are working on a highly-secure internet called SCION. Tanya König found out more in the latest finance.swiss interview.
The Swiss National Bank and SIX Swiss Exchange have been using SCION for a few years now. How can industries such as the financial sector benefit from it?
SCION can mainly help with the networking aspects and provide high levels of availability for the communication, which is very critical. In a transaction processing system, if you cannot communicate, you cannot process the transactions. And so SCION plays an important role for any place where online transactions are needed in order to ensure high availability so that if there’s a denial service attack, a DDoS attack, or also a routing attack, your communication cannot be blocked and you can continue to process your transactions. However, there are many other aspects to security, of course, including the secrecy of the data. And here SCION can help by avoiding that the data leaves certain jurisdictions or goes through areas of the internet where you don’t want the data to go through. Even if you encrypt your data securely, data can be stored and in some cases saved and then attempted to be cracked at a later point in time. For instance, when quantum computers become available 20–30 years from now or when algorithm vulnerability is detected, then someone can store the data, and a year or 10 years later crack it, which is a problem. So SCION enables it to ensure that the data does not traverse certain jurisdictions or does not traverse certain parts of the internet to prevent these kinds of issues.
So what you’re saying is that we need a revolution and not an evolution of the internet. What aspects exactly are you trying to change from what we have?
In today’s internet, many of the fundamental systems were designed 30–40 years ago. This is very similar to the road system. We have had a lot of innovation in cars, but there’s very little innovation with the road material itself. And similarly on the internet there’s a lot of innovation on the side of applications and web browsers and websites and so on but very little innovation—similar to the road system—in the fundamental communications structures. These protocols that we’re still using today are literally 30–40 years old. And one can count on the fingers of a single hand how many innovations have occurred in the last few years. So it’s really quite striking. And so in SCION, we rethought the entire architecture of the internet, and we try to see how we can make use of more modern mechanisms using all the research from the last 40 years in a new way. And we’re able to also redesign an entire system from a security perspective. So every aspect of SCION was designed to make it highly secure and highly available against attack. And in today’s internet, security was very much added as an afterthought, which causes a lot of problems.
For those who think of Herzog & de Meuron when they hear the word architecture, tell us briefly how the internet is designed—and how your architecture, SCION, is different?
Similar to architecture in the real world, networking also has an architecture. But there are also trends in networking, and one trend that we’re introducing is of pathwork networking. So in today’s internet, packets traverse the network similar to letters in the postal system. You throw a letter into the mailbox and the postal service takes the letter and brings it to the next entity and so on until it gets to the destination. Whereas in SCION and in pathwork networking, the sender first obtains a set of paths from the network and selects one of these paths. So when you send the packet, you already know the exact path the packet will take, and this then leads to a lot of advantages doing it in a completely different way than how today’s internet works.
So these packages cannot be hijacked while they’re traveling somewhere?
Exactly right. So one aspect is not only that you know the path it’s going to take—because in today’s internet you sent a package from Zurich to Geneva and it could be that this package goes through Frankfurt or London, in some cases even through Stockholm, and that can cause regulatory compliance issues. And in SCION you can embed the path so that the package goes directly from Zurich to Geneva—say via Bern—and does not leave Switzerland, for instance. And similarly you can use the same system to ensure that traffic stays inside the EU or doesn’t traverse certain jurisdictions.
So there are many benefits to SCION. When will everyone be using it? When will it be as recognizable as Google?
It could actually be deployed in the near future on everyone’s cell phone. And this is because of the higher speed that SCION enables. So we found that for a website where the servers are more than 500 km away, that SCION can reduce the time of download for the web page by 10–20 percent, and the advantage gets larger the farther the webpage is away. Obviously downloading a web page faster is of very high interest to the industry, and this can massively accelerate the whole SCION deployment once these forces start to play out.
So you’re basically saying that once you try it, you don’t want to go back to the current internet.
That’s absolutely what we always say. Once you’ve experienced SCION, you cannot go back anymore. It’s similar to once you drive an electric car and you see all these benefits, it’s also hard to go back to the standardized ICE cars. So very similarly, the entities who start working with SCION then get used to all those benefits: the multi-pathing, the fast failover, the ability to optimize connectivity to reduce the exposure to jurisdictions that are not trusted, and so on. Once you experience all this, it’s hard to go back to a single path internet that doesn’t give you any of these choices, and you’re at the mercy of the network to do with your packets whatever the network wants to do with them.