Sui Integrates SCION Network Architecture to Enhance Security and Performance
Sui, a layer 1 blockchain, is fortifying its security by integrating SCION, a next-generation network architecture designed to protect against Internet routing attacks, particularly those targeting blockchains.
Unlike the traditional IP-based Internet model, SCION utilizes a routing system based on multiple alternate paths, providing better resilience for validators against DDoS attacks and optimizing node synchronization to improve network availability and security.
The integration of SCION into Sui has also demonstrated a more than 10% reduction in latency between remote nodes through automated routing path optimization, while ensuring network redundancy and connectivity continuity, even in the event of compromise.
The security of blockchains often relies on the strength of their network infrastructure, with many networks remaining vulnerable to attacks targeting Internet layers. Sui, a recognized layer 1 blockchain known for its performance and scalability, has taken a new step in protecting its validators.
By integrating SCION, a next-generation network architecture, Sui becomes the first blockchain to offer comprehensive defense against Internet routing attacks. Since its launch, Sui’s main network has experienced no downtime, and this new integration aims to strengthen its reliability.
Key Issue: Border Gateway Protocol (BGP) Security
One of the weak links of the Internet is the Border Gateway Protocol (BGP), developed in the late 1980s to manage data traffic between different networks. At that time, scalability was the priority, and security aspects were largely overlooked. Today, BGP’s lack of security allows malicious actors to hijack Internet traffic for attacks such as redirection, data interception, or identity theft. Examples abound: an attack in 2018 against MyEtherWallet allowed hackers to divert AWS Route 53 traffic and steal over $17 million worth of Ethereum. In 2022, despite advanced security protocols such as DNSSEC and TLS, a diversion affected the KLAYswap platform.
No blockchain network has yet succeeded in implementing comprehensive protection against these types of attacks. Sui is the first to integrate SCION, an advanced solution to address these vulnerabilities. Developed by a team of Swiss researchers, some of whom have joined Mysten Labs, the entity behind Sui, SCION offers a complete redesign of routing mechanisms focused on security.
SCION: A Revolutionary Architecture
Unlike the current Internet, which relies on the Internet Protocol (IP) to route data packets, SCION uses an architecture where each node can choose from multiple routing paths to reach a destination. This approach avoids the influence of unauthorized actors on traffic, bolstering communication security on the Sui blockchain. Validators can operate more resiliently, even in the face of network attacks, ensuring continuity of participation in consensus and avoiding reward losses.
In the event of DDoS attacks targeting validators’ IP addresses, SCION provides rapid failover capability to alternative communication paths, effectively bypassing the attacks. Moreover, the infrastructure enables smoother synchronization of full nodes, bypassing potential network bottlenecks. Separating different types of traffic, such as consensus and synchronization, on different paths further optimizes network robustness.
Enhanced Resilience and Availability
SCION is designed to be an essential security layer for the Internet. The technology offers a proactive approach to avoid routing attacks by employing cryptographic mechanisms. By integrating it into Sui, the network can maintain unparalleled availability, even in the face of routing-targeted attacks. If IP traffic is compromised, SCION ensures redundancy to maintain network connectivity.
The process of making a Sui node SCION-compatible is quite simple. It involves obtaining a SCION connection from a compatible Internet service provider and running a SCION appliance accessible to the Sui node. As SCION operates in parallel with the traditional Internet, Sui node connectivity is maintained as long as at least one of the two connection options is operational, further reinforcing network availability.
Improved Latency and Performance
Beyond security, the implementation of SCION on the Sui network also brings performance gains. Experiments conducted on the SCION network have demonstrated latency reduction of over 10% between remote nodes through automated routing path optimization.
The integration of SCION into Sui has been the result of close collaboration with various actors in the technology ecosystem. Anapaya Systems played a key role in developing routing software and tools for SCION implementation on Sui. Operators such as Cyberlink and InterCloud managed the global SCION infrastructure that interconnects Sui validators, while Martincoit Networks coordinated the design and deployment of the SCION/Sui project. Karrier One provides SCION connectivity in Canada and offers compatible hosting services. Finally, the SCION Association, which welcomed Mysten Labs as a member, has played a crucial role in spreading this technology.