Exciting Opportunities for ETH’s IT Training Lab

As part of the SCI-ED Project, we are aiming to expand the audience that will come in contact with the SCION technology at ETH. The IT Training Lab educates apprentices aspiring to become system administrators. We are currently in the process of setting up an educational module, allowing the students to gain an exclusive insight into the SCION Internet architecture.

The global distribution of the infrastructure components comprising the Internet enable near-instant communication around the world, but they are also a weakness. The decades old protocols, most of them designed without security in mind, are struggling to evolve and become more secure. The case of increasing DDoS attacks show: while we can mitigate by increasing networking resources to match the volume of the attack, many attacks are unlikely to completely go away with the current Internet architecture.

The SCION Internet architecture is a fresh redesign of the Internet, with security as a core principle.

The apprentices undertaking this module will explore the alternative networking protocols of SCION and sharpen their awareness of attacks that are still possible in today’s Internet.  Contrasting alternative protocols to today’s will deepen their understanding of current technologies, and will show them alternatives to thwarting attacks, that go beyond the blunt increase of resources.

The exact focus of the module is still being determined, but we are currently considering the following two thematic areas.

  1. Routing and Forwarding

Todays flat Internet scales, but this has its price. The Internet is treated as a “blackbox”, without providing guarantees that communication will succeed. Additionally, the route of our data is obscured. The ever-growing networks also require more complex configurations, that are error-prone and whose misconfigurations can have global consequences. 

SCION performs a paradigm shift, which returns control of the communication path to the end-users.

The apprentices will sharpen their awareness for the boundaries of today’s Internet-Infrastructure. They will further expand their horizon about the breadth of possible solutions, by studying alternative intercommunication mechanisms. Path-control enables new applications, that are very difficult to implement in the traditional networking context. Our SCION research network will be used, to allow the apprentices a hands-on experience with the differing ways of operation, and the new applications enabled by SCION.

  1. A Cryptographic Internet

The arrival of the wide prevalence of the https protocol has brought Cryptography to the end-users. Computer Scientists working with the World Wide Web, are now expected to understand how to manage it and will encounter the Web-Public-Key-Infrastructure (PKI) enabling the encryption of in-flight data.

SCION, as Internet architecture with a focus on security, has a PKI built into its core, to mathematically secure the routing operations.

The apprentices will dive into the concept of PKIs, specifically today’s Web-PKI and the SCION control-plane PKI. They will explore the commonalities and differences between the two trust-models and deepen their understanding of the security guarantees of today’s model. They will learn about the issues in the Web-PKI and reflect on the proper handling of Web-certificates, to minimize risks. Furthermore, they will experience concrete security mechanisms built based on the SCION control-plane PKI and encounter concrete applications hands-on with our research network.