Simple, safe, reliable

Seriously flawed

Talking to Perrig, it soon becomes clear that a reboot would make sense. For the normal user, the internet might seem to work flawlessly. But behind the smooth façade of the browser windows, a number of flaws lie hidden that urgently need to be remedied. One of these shortcomings, for instance, is the fact that every user does not have access to certain net­works for around ninety seconds per day. This might seem a negligible amount of time at first glance. But if you consider that a growing number of time-critical applications are pro­cessed online, these blips no longer seem quite so insignificant. Especially as even more serious breakdowns can occur. There are many internet rout­ers – the accounts via which data traf­fic is processed – and it is perfectly possible that a misconfiguration in one of them can cause turbulence that is palpable on the other side of the world. In 2008, for example, an at­tempt by the Pakistani government to block certain YouTube videos in its own country brought the video plat­form to its knees worldwide for two hours.

The situation becomes even more awkward if you bear in mind that no internet users know in advance how their data will reach the recipient. Only afterwards can the routes taken by data packages through the network be determined – and some of them are quite risky. Tricky situations fre­quently occur here, too. At times, for instance, data from US companies and authorities has been redirected via Iceland, Belarus or China.

The internet’s Achilles heel

The current structure of the internet is responsible for these drawbacks. Physically, the network is composed of around 60,000 autonomous sys­tems that are operated by internet ser­vice providers such as Swisscom or other institutions and companies. Within every autonomous system, the respective operator controls how data is exchanged between computers. If data is to be exchanged between au­tonomous systems, however, this oc­curs in accordance with a common set of rules: the Border Gateway Protocol (BGP). These guidelines determine the paths which path is used when data is transferred, and they were originally developed in the 1980s at a time when relatively few networks had to be connected with each other. This very protocol is one of the internet’s Achilles heels today. It makes the net­work both error-prone and unsafe be­cause it can easily be manipulated – to redirect data in a targeted fashion, for instance.

Perrig has now developed a net­work architecture with his team that may enable all these drawbacks to be remedied. This concept, called Scion, is not only supposed to make the in­ternet safer, but also more straightfor­ward and efficient. The central idea is to divide the internet into several in­dependent units, so-called “isolation domains”. In every domain, the au­tonomous systems themselves control the paths along which they exchange data. Therefore, autonomous systems in Domain 1 no longer have an influ­ence on the data traffic in Domain 2 and vice versa.

Of course, a global data exchange is also possible with this new structure – via so-called edge routers at the boundaries of the individual domains. Anyone who wishes to send a data packet from Domain 1 to a recipient in Domain 2 can stipulate how the data reaches the edge router, but no longer has any influence on how the information is subsequently pro­cessed in Domain 2. This enables every domain to be protected against hostile attacks or problems from an­other domain. Perrig is convinced that this means Scion can boost both the security and the reliability of the internet.

The Scion project is not without its critics, however. For example, some claim that while the idea is clever, it is almost impossible to implement. There is also talk of a “balkanisation of the internet” and even an abandon­ment of one of its fundamental princi­ples, namely free access to informa­tion all over the world. But the doubters don’t faze Perrig: “Those who really know the ropes and have examined the subject in any detail are enthusiastic about our proposal”, he explains. “And Scion wouldn’t betray the basic idea of the internet. Quite the contrary, in fact: with our system, it would actually be even easier to combat state censorship laws or spy­ing by foreign services.”

Concrete evidence

A growing number of researchers and companies who collaborate with Per­rig’s group evidently believe that his “reboot” is possible. Not only do they include various universities in Asia and the second-largest Japanese tele­communications company, KDDI, but also Swisscom, which made Perrig’s chair at ETH Zurich possible with a donation. “The beauty is that you could introduce the new system bit by bit”, explains Perrig. “It would even be possible to run the two systems in parallel.” Scion is attractive to companies because they could save money with Perrig’s approach. For the new protocol makes it easier and less CPU-intensive to control data traffic. Moreover, Scion also enables firms to offer new services. For instance, a net­work operator could issue its custom­ers with a guarantee that sensitive data will no longer make a detour abroad.

Together with his partners, Perrig has set up a test environment to demonstrate the feasibility of the new approach. But he doesn’t want to shout his idea from the rooftops just yet: “We still need to finalise some technical details within the next year. If we want to realise our idea, we need the help of numerous partners. And we can only get them on board if our concept is ironclad.”