Over the past months, we have already reported on Sui achieving unprecedented latency, throughput, and stability. We have also shown how we ensure that Sui remains secure in an adversarial environment.
There is one system that, although any blockchain depends on it, remains outside of the spotlight and is extremely hard to control: the networking infrastructure over which blockchain nodes and users communicate.
Given that all the infrastructure nodes are globally distributed, it seems there is no way around relying on the Internet for this purpose. Unfortunately, the Internet is a dangerous place. In this article, we discuss some of the security issues with today’s Internet, how they affect blockchains, how an up-and-coming new Internet architecture may help, and Sui’s plans to reach a level of security and availability of network communications beyond any other blockchain system.
We have all witnessed countless reports about hacks, malware, phishing, ransomware, and other attacks. However, when we talk about the “Internet” in this article, we do not mean websites and web applications but the network infrastructure and protocols used to exchange data between hosts. While not quite as visible, the intrinsic security problems of the very foundation of today’s Internet can even render modern security protocols like TLS ineffective.
At this level, the Internet is, as the name suggests, a network that is the result of the interconnection of (tens of thousands of) smaller networks. To ensure communication across the whole Internet, then, these networks somehow need to determine where to send packets whose destination is not one of their own hosts.
The protocol that performs this task is called Border Gateway Protocol (BGP) and was created in the late 1980s. At that time, making it work at all was the main focus, and no security features were built in. Unfortunately, while the Internet has become much more important and more dangerous since then, the security of BGP has not improved at the same pace.
This lack of security enables malicious actors to reroute traffic toward their own infrastructure and then either drop it or, worse, impersonate the intended communication partners. There are several examples of such attacks in the space of cryptocurrencies.
In 2018, attackers were able to reroute DNS traffic and redirect visitors of MyEtherWallet to their own servers. As a result, they stole more than $17 million in Ethereum. Notably, the attackers didn’t just take on any small DNS server but AWS’s Route 53 service, one of the world’s biggest DNS services. [References: The Verge, The Register]
A 2022 attack on KLAYswap, while smaller in damages (”only” $2 million in cryptocurrencies), is even more worrying: This attack was possible despite the fact that KLAYswap followed all security best practices. Simply rerouting traffic allowed the attacker to bypass state-of-the-art security protocols DNSSEC and TLS. [Reference: Freedom to Tinker]
While these two examples target users of cryptocurrencies, even the core infrastructure of blockchains could be attacked. For some blockchains, specifically proof-of-work blockchains, rerouting traffic could facilitate additional attacks on the integrity of the chain itself [References: Hacking Distributed, IEEE S&P]. In the case of other blockchains including Sui, this is not the case, but a large-scale attack could slow down or temporarily halt blockchain operation.
So far, no blockchain has a comprehensive defense against this class of attacks.
Our goal at Mysten Labs is to ensure that Sui is not only one of the fastest and most efficient option for Web 3.0, but also the most stable and secure. Our commitment to our chain propels us to reduce the risk and the opportunities for attacks at all layers of the technology stack: we code in Rust, a secure and efficient systems programming language; our nodes communicate using modern and secure transport protocols like gRPC and QUIC; and now, we aim to address the risks to Web 3.0 at the layer of the underlying Internet infrastructure.
Traditional finance may skirt issues in the current Internet by spending large amounts of money and effort on private, dedicated networks; however, such an approach would negate the core promise of blockchains, namely their decentralization and lack of single points of failure.
Our search for secure decentralized networking technologies has finally led us to SCION, a next-generation network architecture developed by a team of Swiss researchers. SCION is an Internet architecture, and, like today’s Internet, coordinates multiple smaller networks. However, the way these networks find paths toward external destinations is changed radically and leverages cryptography to ensure that it cannot be influenced by unauthorized parties. This renders the type of attacks discussed above completely ineffective.
But not just routing (discovering paths) is changed: A new packet-forwarding protocol enables new control for end hosts. In contrast to the Internet Protocol (IP), a SCION host can select among multiple paths towards the intended destination and encode their choice in the packet’s header. This can improve latency (for example, going eastward from Europe to Southeast Asia instead of westward via America) and allows the sender to exclude networks it distrusts. [References: SCION Architecture, SCION Association, SCION Book]
To make Sui the first chain that does not solely depend on the traditional Internet, Mysten Labs has hired several researchers behind the SCION project, including its original designer and lead researcher, Adrian Perrig. [Reference: Mysten Blog Post] In addition, we have invested in and are closely collaborating with Anapaya, a leading company that designs and manufactures SCION infrastructure. [Reference: Mysten Blog Post]
However, our efforts to integrate SCION into the Sui network can only be completed with the help of you, our community. With your help, we will begin SCION-enabling Sui nodes such that they can communicate with each other through the SCION network, while keeping the connections to the traditional BGP Internet for redundancy and to communicate with non-SCION-enabled nodes.