Full Report
SCION: Proven in banking and healthcare, slow to spread everywhere else Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.…
Analysis Summary
# Research: SCION: Scalability, Control, and Isolation On Next-Generation Networks
## Metadata
- **Authors:** Adrian Perrig (Principal Architect), with contributions noted from Kevin Curran and Reto Steinmann.
- **Institution:** ETH Zürich
- **Publication:** The Register (Technical Feature)
- **Date:** March 17, 2026
## Abstract
This research outlines the development and deployment of SCION, a clean-slate internet routing architecture designed to replace the Border Gateway Protocol (BGP). While BGP is plagued by architectural vulnerabilities such as route hijacking and leaks, SCION introduces a path-aware networking stack that integrates security into the routing fabric. Currently proven in Switzerland’s banking and healthcare sectors, the research examines why this "secure-by-design" internet remains a regional success rather than a global standard.
## Research Objective
The research addresses the fundamental insecurity of the global internet routing infrastructure. Specifically, it seeks to solve:
1. The lack of native verification in BGP for address ownership.
2. The inability to ensure a cryptographic chain of custody for data packets.
3. The slow convergence times (minutes) of current routing protocols during network failures.
## Methodology
### Approach
The research follows a "Clean-Slate" architectural design approach. Instead of patching BGP (the "Band-Aid" method), the team designed a new network protocol from the ground up, emphasizing path control and isolation.
### Dataset/Environment
- **Production Environment:** The Swiss Secure Finance Network (SSFN) and the Health Info Net (HIN).
- **Stakeholders:** An ecosystem of over 10 ISPs, the Swiss National Bank, SIX (stock exchange operator), and major hospitals.
### Tools & Technologies
- **SCION Protocol:** The core routing architecture.
- **ISDs (Isolation Domains):** Clusters of Autonomous Systems (AS) that share a common trust root.
- **Path-Aware Networking:** Technology allowing the source to select the end-to-end path.
## Key Findings
### Primary Results
1. **Structural Reliability:** SCION offers multi-path routing, establishing hundreds of parallel paths. This allows for failover in under 150-250ms—below the threshold of human perception.
2. **Cryptographic Integrity:** Every packet's journey is secured via a cryptographic chain of custody, preventing unauthorized route hijacking.
3. **Operational Sovereignty:** Through "Isolation Domains" (ISDs), entities can control exactly which jurisdictions or networks their traffic traverses.
### Supporting Evidence
- **Real-world Migration:** The Swiss financial sector successfully migrated from a private network to SCION and subsequently decommissioned the old infrastructure.
- **Validation:** Proven operational stability within the Swiss banking ecosystem, handling high-value interbank transactions without relying on the traditional, vulnerable public internet.
### Novel Contributions
- **Path Control:** Moves the power to choose routes from the network operators (ISPs) to the end-user/source.
- **Isolation by Design:** Avoids global "single points of failure" by allowing regional trust roots to operate independently.
## Technical Details
SCION operates by grouping Autonomous Systems into **Isolation Domains (ISDs)**. Within these ISDs, a **Trust Root Configuration (TRC)** defines the local policy. Unlike BGP (where "best path" is decided by the neighbors), SCION uses **Path Exploration** to discover multiple route segments, which are then combined by the sender into an end-to-end path. This path information is embedded in the packet header, ensuring routers along the way only follow the cryptographically signed instructions of the sender.
## Practical Implications
### For Security Practitioners
- **Zero-Trust Networking:** SCION extends zero-trust principles to the routing layer, ensuring traffic never touches hostile or "blacklisted" jurisdictions.
- **Resilience:** Critical services can maintain uptime even during massive global BGP "route dampening" events or hijacks.
### For Defenders
- **DDoS Mitigation:** Because paths are authorized via "path tokens," unauthorized traffic can be dropped at the network edge before it reaches its target.
- **Visibility:** Defenders gain precise control over the geographical egress and ingress points of corporate data.
### For Researchers
- **Internet Governance:** SCION provides a model for "Digital Sovereignty" where nations or industries can set their own trust rules without needing a single global consensus.
## Limitations
- **Deployment Inertia:** Adoption requires coordination between ISPs and hardware vendors, creating a "chicken-and-egg" problem for global rollout.
- **Geopolitical Barriers:** The governance-heavy model (defining trust roots) is difficult to implement in regions with less regulatory cohesion than Switzerland.
- **Hardware Support:** While it can run over existing fiber, optimal performance requires specialized routing logic.
## Comparison to Prior Work
Unlike **RPKI** or **BGPsec**, which are "Band-Aids" attempting to verify BGP's path announcements, SCION is a total replacement. It moves away from the "shortest path" logic of Dijkstra’s algorithm toward a "most-trusted/most-stable path" logic determined by the sender.
## Real-world Applications
- **Interbank Settlements:** Secure, high-speed communication between financial institutions (e.g., SSFN).
- **Critical Infrastructure:** Connecting hospitals and utility providers to ensure services remain online during cyber warfare.
- **Governmental Communications:** Ensuring sensitive diplomatic traffic stays within specific national boundaries.
## Future Work
- **Global Standardization:** Moving the protocol through international bodies to encourage non-Swiss ISP adoption.
- **Scaling Governance:** Solving how diverse global powers can agree on the management of regional Isolation Domains.
- **Native Implementation:** Integrating SCION support into standard consumer and enterprise networking hardware.
## References
- Perrig, A., et al. (ETH Zürich research foundational papers).
- *Anapaya Systems* (Commercial implementation of SCION).
- *IETF Drafts* related to Path-Aware Networking.