RSS

Switzerland built an alternative to BGP. Nobody noticed

1vuio0pswjnm71 pts0 comments

Switzerland built an alternative to BGP. Nobody noticed

Jump to main content

Search

REG AD

Networks

Switzerland built a secure alternative to BGP. The rest of the world hasn't noticed yet

SCION: Proven in banking and healthcare, slow to spread everywhere else

Kim Loohuis

Kim<br>Loohuis

Published<br>tue 17 Mar 2026 // 08:15 UTC

FEATURE BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.

For four decades, it has done exactly that. It has also, throughout those four decades, been exploited, misconfigured, and abused in ways that were predictable from the start. Route hijacks reroute traffic through hostile networks. Route leaks knock services offline. Nation-state cyber crews weaponize BGP to intercept communications at scale. These are not theoretical threats. They are documented, recurring events, and they remain possible today for one simple reason: BGP has no native way to verify that a network claiming to own a block of addresses actually does.

Log files that describe the history of the internet are disappearing. A new project hopes to save them

Read more

A series of patches and extensions like Resource Public Key Infrastructure (RPKI), BGPsec, and RPKI-based Route Origin Authorization (ROA) have been layered over the original protocol in an attempt to address the worst of these vulnerabilities. They help at the margins. They do not solve the underlying problem.

REG AD

There is, however, a system that does, or at least claims to. SCION, which stands for Scalability, Control, and Isolation On Next-Generation Networks, is an internet routing architecture developed at ETH Zürich. Unlike the patches applied to BGP, SCION does not attempt to retrofit security onto a 40-year-old foundation. It replaces the foundation entirely. That redesign is the life's work of Adrian Perrig, professor of computer science at ETH Zürich and the principal architect of SCION.

REG AD

The boat full of holes

Perrig has been worrying about internet security since 1991, when he first worked with Cisco routers before starting his bachelor's degree at EPFL. He has spent most of the intervening years trying to make the internet more secure. Eventually, he concluded it was the wrong approach. "You cannot bolt on security," says Perrig. "You cannot get to a truly secure global network unless you actually change the design. It's like saying you want to go to the Moon, so let's put rocket boosters on an airplane. No, you have to design the vehicle differently."

Perrig launched SCION in 2009 after gaining tenure and the freedom to pursue something most of his colleagues told him was career suicide. His core frustration was simple: the same vulnerabilities had been documented since the 1980s, and nobody had tried to fix them at the architectural level. "The best security companies in the world are still being exploited through them," he says. "There has not even been an attempt to address them properly."

Kevin Curran, a cybersecurity professor at Ulster University who has been teaching computer networks for 27 years, offers an independent assessment that lands in the same place. The internet, he says, was built without security in mind, and what followed was a succession of workarounds. "What we have had over 40 years is a series of Band-Aids," says Curran. "Nothing has come close to addressing the need for truly secure paths across an adversarial network."

Perrig's metaphor for the current state of internet security is a boat full of holes: people run around with buckets, throwing water out and plugging gaps, but the hull remains compromised. Security today, he argues, works the same way: patches get applied, vulnerabilities get closed, and new ones open up elsewhere. SCION, in his framing, is a fundamentally redesigned vessel. Water might splash in from outside, but it doesn't pour through structural gaps.

Dijkstra's algorithm won't be replaced in production routers any time soon

Read more

A different kind of routing

To understand what SCION actually does differently, it helps to understand what BGP gets wrong. In today's internet, there is no cryptographic chain of custody for a packet's journey from source to destination. And if a network somewhere along the path fails, the rerouting process – which involves detecting the failure, finding a new path, establishing a new session, and reconciling in-flight transactions – can take minutes.

SCION addresses this problem through three interlocking mechanisms. The first is multi-path routing. Where today's internet offers a single path between two points, SCION establishes tens or even hundreds of parallel paths simultaneously. If one fails, the system reroutes within milliseconds. Perrig is precise about the threshold: "Human reaction time for auditory stimulus is roughly 150 milliseconds, and for visual, it's 250 milliseconds....

scion internet security perrig secure built

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.