EAGER: NDN+SCION: Toward a global name-based network service

The original Internet architecture is "host-centric" as it focuses on sending information to a host computer using an address to specify the destination, using the Internet Protocol (IP) and IP addresses. This approach has a number of well-recognized challenges, including achieving desired levels of security. The Named-data Networking (NDN) architecture is "data-centric" and defines a network service that delivers data objects requested by a name rather than an address.

The NDN protocol emphasizes security (especially integrity and authenticity) and location-independence of delivered data. Unlike the legacy web, which authenticates the server where the data resides, the NDN protocol cryptographically binds the data and name, thus making security independent of which server the data is retrieved from. NDN has been shown to be useful within individual networks, but scaling it to a global service has been an ongoing challenge, both because the set of data names is unbounded and because those names are not tied to specific locations.

SCION (Scalability, Control, and Isolation on Next-generation networks), is an inter-domain routing (IDR) architecture designed to carry packets between network domains while overcoming certain shortcomings of the current Internet's IDR system, which is based on the Border Gateway Protocol (BGP). BGP was designed and deployed before cryptographic security mechanisms came into widespread use.

SCION, on the other hand, was designed from the ground up to be secure, and fully independent of the BGP-based IDR system. It also provides increased control over the paths packets follow between domains, including concurrent use of multiple paths between source and destination, to increase transmission capacity and resilience.

Motivated by the synergy between these two next-generation protocols, this project aims to design, develop and prototype NDN+SCION: a secure, scalable, global name-based network service based on the existing NDN and SCION protocols. This project aims to address two main research questions: (i) where and how to implement the interface between NDN within a network domain and SCION across domain boundaries; and (ii) where and how application trust, which determines what data is considered authentic, interacts with network trust, which determines how requests for named data are routed.

The prototype service will be deployed and tested on the FABRIC testbed. A planned outcome of this project is making SCION available to experimenters on the FABRIC testbed.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.