Sui Integrates SCION as a First-of-its-Kind Security Protocol for Network Validators

Grand Cayman, Cayman Islands, October 2nd, 2024, Chainwire

Sui becomes the first blockchain to enable the most secure modern alternative to the Border Gateway Protocol

Sui, the Layer 1 blockchain offering industry-leading performance and infinite horizontal scaling, announced that it will be the first blockchain to provide validators with a comprehensive defense against Internet routing attacks that have caused significant downtime on other networks, addressing the risks to Web 3.0 at the layer of the underlying Internet infrastructure and fortifying what is already the most secure and reliable Layer 1 blockchain, with 100% uptime since its mainnet launch. The new infrastructure is based on a networking technology called SCION and is currently live on Sui’s testnet.

The protocol that routes data packets between the independent networks that form the Internet is called Border Gateway Protocol (BGP) and was created in the late 1980s. At that time, achieving scalable global routing was the main focus, without consideration for security. Since then, the Internet has become much more important and dangerous, but unfortunately, the security of BGP has not kept pace with the increasing risks.

The current lack of security enables malicious actors to reroute traffic toward their own infrastructure and then either drop it, or worse, impersonate the intended communication partners. For example, in 2018, attackers rerouted DNS traffic and redirected visitors of MyEtherWallet to their own servers – stealing over $17 million in Ethereum. Notably, the attackers didn’t just take on any small DNS server but AWS’s Route 53 service, one of the world’s largest DNS services. In 2022, an attack on KLAYswap was possible despite the fact that KLAYswap followed security best practices. Simply rerouting traffic allowed the attacker to bypass state-of-the-art security protocols DNSSEC and TLS.

So far, no blockchain has a comprehensive defense against this class of attacks. Sui will be the first blockchain to integrate SCION, which is a next-generation network architecture that solves these major vulnerabilities. Importantly, the principals from the team of Swiss researchers that invented SCION have brought their unique knowledge and skills to Mysten Labs – forming the core of the team implementing this critical infrastructure technology for Sui.

“SCION is the security layer that the Internet desperately needs: it is built from the ground up with security in mind,” said George Danezis, Co-Founder and Chief Scientist at Mysten Labs. “With the integration of this technology, Sui will be the first blockchain to provide validators with access to a next-generation internet that is cryptographically protected against attacks”

The SCION technology being implemented on Sui’s network is an Internet architecture, which, like today’s Internet, coordinates multiple smaller networks. However, on Sui, SCION radically alters the way the Sui network will find paths toward external destinations and leverages cryptography to ensure that it cannot be influenced by unauthorized parties. This renders the type of attacks described above ineffective against Sui.

Implementing SCION arms Sui with unique resilience to network hijacking attacks and the ability to fall back from one network to another results in:

More resilient consensus participation. For individual validators on Sui, the ability to fall back from one network to another in the event of attacks against either network will mean higher resilience to network attacks that attempt to take the validator offline—an event which can impact epoch rewards.
More available state-sync. For full nodes on Sui, this means higher available connections to their syncing full nodes or validators, offering an alternative to retrying other, possibly more distant nodes, and the ability to circumnavigate network bottlenecks.
Robustness in the case of IP DDoS attacks. In the event of IP DDoS attacks, in which it is targeted by an attack utilizing multiple sources of attack traffic, Sui will be able to prioritize communication over SCION instead of over IP, rendering the attack against the validators ineffective.

In contrast to the Internet Protocol (IP), which is used to send and forward packets in the current Internet, a SCION-enabled Sui node can select among multiple paths towards the intended destination and encode their choice in the packet’s header. SCION’s support for the simultaneous use of multiple paths allows Sui nodes to serve different types of traffic over different paths, such as assigning consensus and sync to different network paths with different properties.

In addition to the security benefits it provides, by employing SCION’s new packet-forwarding protocol, Sui enables new control for end hosts that also further improves the networks already industry-leading speeds. Experiments with the SCION-enabled network showed that the latency between distant nodes could be reduced by over 10%, through automatic path choice and optimization available via SCION-enabled Sui nodes.

The steps to SCION-enable a Sui node, in brief, involve obtaining a SCION connection from a SCION-enabled Internet service provider or network operator and running a SCION network appliance that is accessible by the Sui node (e.g., colocated with the node or on a separate host). As the SCION network is running side-by-side with the Internet, network connectivity is achieved on Sui if either IP or SCION connectivity is operational – achieving an unprecedented level of availability. Consequently, the new infrastructure further enhances Sui to become the prime blockchain for critical infrastructure use cases.

The SCION infrastructure was established in collaboration with Anapaya Systems, which was responsible for building the router software and other tools necessary for the Sui SCION network implementation, Cyberlink and InterCloud, which operate the global SCION infrastructure interconnecting the Sui validators, and Martincoit Networks, which helped design and coordinate the rollout of the SCION/Sui project. Karrier One is providing SCION network connectivity in Canada and beyond, and is building up SCION-enabled data center hosting services. The SCION Association, which recently welcomed Mysten Labs as a member, was involved as the organization responsible for propagating the technology.