Talking to Perrig, it soon becomes clear that a reboot would make sense. For the normal user, the internet might seem to work flawlessly. But behind the smooth façade of the browser windows, a number of flaws lie hidden that urgently need to be remedied. One of these shortcomings, for instance, is the fact that every user does not have access to certain networks for around ninety seconds per day. This might seem a negligible amount of time at first glance. But if you consider that a growing number of time-critical applications are processed online, these blips no longer seem quite so insignificant. Especially as even more serious breakdowns can occur. There are many internet routers – the accounts via which data traffic is processed – and it is perfectly possible that a misconfiguration in one of them can cause turbulence that is palpable on the other side of the world. In 2008, for example, an attempt by the Pakistani government to block certain YouTube videos in its own country brought the video platform to its knees worldwide for two hours.
The situation becomes even more awkward if you bear in mind that no internet users know in advance how their data will reach the recipient. Only afterwards can the routes taken by data packages through the network be determined – and some of them are quite risky. Tricky situations frequently occur here, too. At times, for instance, data from US companies and authorities has been redirected via Iceland, Belarus or China.
The internet’s Achilles heel
The current structure of the internet is responsible for these drawbacks. Physically, the network is composed of around 60,000 autonomous systems that are operated by internet service providers such as Swisscom or other institutions and companies. Within every autonomous system, the respective operator controls how data is exchanged between computers. If data is to be exchanged between autonomous systems, however, this occurs in accordance with a common set of rules: the Border Gateway Protocol (BGP). These guidelines determine the paths which path is used when data is transferred, and they were originally developed in the 1980s at a time when relatively few networks had to be connected with each other. This very protocol is one of the internet’s Achilles heels today. It makes the network both error-prone and unsafe because it can easily be manipulated – to redirect data in a targeted fashion, for instance.
Perrig has now developed a network architecture with his team that may enable all these drawbacks to be remedied. This concept, called Scion, is not only supposed to make the internet safer, but also more straightforward and efficient. The central idea is to divide the internet into several independent units, so-called “isolation domains”. In every domain, the autonomous systems themselves control the paths along which they exchange data. Therefore, autonomous systems in Domain 1 no longer have an influence on the data traffic in Domain 2 and vice versa.
Of course, a global data exchange is also possible with this new structure – via so-called edge routers at the boundaries of the individual domains. Anyone who wishes to send a data packet from Domain 1 to a recipient in Domain 2 can stipulate how the data reaches the edge router, but no longer has any influence on how the information is subsequently processed in Domain 2. This enables every domain to be protected against hostile attacks or problems from another domain. Perrig is convinced that this means Scion can boost both the security and the reliability of the internet.
The Scion project is not without its critics, however. For example, some claim that while the idea is clever, it is almost impossible to implement. There is also talk of a “balkanisation of the internet” and even an abandonment of one of its fundamental principles, namely free access to information all over the world. But the doubters don’t faze Perrig: “Those who really know the ropes and have examined the subject in any detail are enthusiastic about our proposal”, he explains. “And Scion wouldn’t betray the basic idea of the internet. Quite the contrary, in fact: with our system, it would actually be even easier to combat state censorship laws or spying by foreign services.”
A growing number of researchers and companies who collaborate with Perrig’s group evidently believe that his “reboot” is possible. Not only do they include various universities in Asia and the second-largest Japanese telecommunications company, KDDI, but also Swisscom, which made Perrig’s chair at ETH Zurich possible with a donation. “The beauty is that you could introduce the new system bit by bit”, explains Perrig. “It would even be possible to run the two systems in parallel.” Scion is attractive to companies because they could save money with Perrig’s approach. For the new protocol makes it easier and less CPU-intensive to control data traffic. Moreover, Scion also enables firms to offer new services. For instance, a network operator could issue its customers with a guarantee that sensitive data will no longer make a detour abroad.
Together with his partners, Perrig has set up a test environment to demonstrate the feasibility of the new approach. But he doesn’t want to shout his idea from the rooftops just yet: “We still need to finalise some technical details within the next year. If we want to realise our idea, we need the help of numerous partners. And we can only get them on board if our concept is ironclad.”