Anapaya blog

Huawei proposes a ‘New IP’, but it is already here!

Christelle Gloor
Posted by Christelle Gloor on 26 May, 2020
SD-WAN-SCION-network_1920

Huawei has caused quite a stir online recently. 

New IP is set to change the way the world uses the internet and may present a fundamental change in how the internet operates. Naturally, other nations around the world are expressing concerns over the authoritarian nature of the move while Huawei asserts that it is required for future technologies.

However, is any of this really necessary considering Anapaya have been deploying SCION-based networks for years now?

You can find Anapaya's detailed response to the ideas online in the full report below. Otherwise, read on to find out more about Huawei’s proposal, NewIP and SCION.

Download the "New IP" Report (PDF)

What did Huawei propose?

At the UN International Telecommunications Union meeting, Huawei has proposed radical changes to the way the internet works entitled “New IP”. These changes claim to support future technologies such as holograms and self-driving cars as well as present a harder stance on data security and privacy. 

Countries such as the US, UK and Sweden have opposed the move, fearing that China is seeking more authoritarian control over the internet and its use. They instead would like to stick with the 30-year-old TCP/IP architecture that currently exists.

What is New IP?

Huawei have stated that the way the current internet works is “unstable” and “vastly insufficient.” They highlight the lack of control and security the current TCP/IP system already exhibits as lacking for future technologies and propose that a redesign is thus needed. 

The China-based telecommunications company asserted that New IP is being developed purely to meet future technical requirements and that it does not have any type of built-in control mechanisms.

To address these issues, Huawei proposes an array of requirements that new networks should meet:

  1. A flexible and variable-length addressing scheme, which provides stronger privacy than today's location-based addressing.
  2. A mechanism to provide different Quality of Service for different traffic types mainly in relation to latency and bandwidth. This includes the use of multiple paths to meet high bandwidth requirements.
  3. An improved key exchange mechanism to mitigate man-in-the-middle attacks.
  4. The possibility to audit and shut down connections in order to protect against Denial of Service attacks.

Huawei suggests the following to meet these requirements:

  1. In order to allow for flexible address lengths, and to improve privacy, New IP will decouple the identity and location of a user by assigning different IDs to both. An Encrypted Identifier would be assigned to each user binding the identity through an Identity Manager. The inner address would get obfuscated at the domain border router, providing additional privacy. However, these addresses would be traceable through the Accountability Manager which will have the power to shut down undesirable or unauthorised connections.
  2. To enable Quality of Service, they mention the possibility for encoding user preferences for traffic treatment in their ‘New IP’ header. 
  3. To reinforce security, New IP includes an ‘Accountability Manager’. This is labelled as a ‘Decentralised Public Key Database’ and they explain that this module together with the Identity Manager can be used to audit and therefore trace a connection. 

The final point of how New IP handles security has caused a wave of controversy around the world and from other members of the UN.

Internet users and companies around the world stand divided on the benefits and risks of New IP. The current vulnerabilities of the internet leave a lot to be desired, and as Huawei points out, these vulnerabilities will cause massive problems for future technologies such as self-driving cars.

The truth is what Huawei is proposing today is actually already available and better developed.

Is New IP really necessary?

Whether you agree with Huawei’s approach to security or not, the problems they highlight on today's Internet are valid. Security and control are major hurdles for users of the internet. And its base architecture, which did not take security into consideration at all, has not been upgraded in over 30 years.

However, New IP is not really necessary when you consider that the SCION protocol has been available for many years now, and not only satisfies Huawei’s requirements but exceeds them. 

SCION - a better way to connect

SCION represents a fundamental departure from today’s routing-table based internet. It has an open-source reference implementation and anyone is welcome to join the global research network and experiment with this new infrastructure. Commercial solutions offered by Anapaya have been supporting enterprises like banks and ISPs since 2017, who have been profiting from SCION’s improved availability and security guarantees.

The SCION internet architecture aims to replace the current internet core protocols on a global level and represents a fundamental departure from today’s routing-table based internet.

First, with SCION, the governance is open and decentralised. Any entity, as for example a group of internet service providers, a state nation or a large ecosystem may define its own governance structure, separated from the network infrastructure providers, thus creating a clear sovereign network jurisdiction, to which users decide to connect. 

Then, Anapaya’s solutions give the sender of the traffic the ability to choose which regions of the world the packets will traverse, making sure it does not cross untrusted parts and retains control and privacy. 

Finally, with its clean-slate design, SCION also alleviates many security concerns, such as DDoS attacks, without an external third-party or authority auditing information exchange.

Let’s briefly take a look at how SCION already meets the requirements listed by Huawei:

  1. Since the SCION architecture does not impose any limitations on how local networks are managed, administrators are free to implement any addressing scheme they want. The SCION border router will encapsulate local traffic with the SCION header in order to forward it over the Internet. Huawei’s approach is conceptually very similar.
  2. The system built on top of SCION provides global Quality of Service guarantees based on the idea of local resource reservations.
  3. The public key infrastructure in SCION is built-in and supports heterogeneous trust relationships.
  4. We disagree that an audit system is needed to protect against denial of service attacks. Instead, the new way paths are chosen and encoded makes it possible to ‘hide’ certain paths by not announcing them publicly. These paths can then be communicated to legitimate users out of band creating ‘virtual leased lines’ which cannot be used by an adversary who does not know of the cryptographic values needed to use these paths. 

The last point is where SCION’s approach is fundamentally different. In many ways, Anapaya’s solutions satisfy Huawei’s goals without the need for mechanisms that can be abused for censorship as an audit system like New IP’s might, and aims to provide a decentralised way to defend against denial of service attacks while preserving the key property of openness that is highly valued and arguably, the Internet’s greatest strength. These mechanisms cannot be abused for censorship as an audit system like New IP’s might.

Is SCION available?

Fortunately, SCION internet architecture is more than just a proposal. For a decade, the concept of SCION has been explored, experimented with and since implemented for different users and industries.

Anapaya Systems is a Swiss company whose goal is to develop and support industrial-grade SCION-components and to build an international ecosystem providing SCION-based services. They have supported companies that require reliable and highly secure connections for their daily business operations. Industries such as the financial, life sciences and telecommunications industries.

Through two primary solutions named Anapaya EDGE and Anapaya CORE, Anapaya has given the business a better way to connect, enabling them to control where their data goes and ensure its uninterrupted delivery.

A stable solution, available today

While Huawei’s proposals for a completely new internet architecture have caused debate around the world, perhaps the world should pause and examine the solution available today, for everyone. 

SCION not only fulfils the requirements and purpose of Huawei’s proposed solution, but excels beyond its expected performance. SCION offers unprecedented stability, security and transparency while putting the control and power of data in the hands of those who own it. In many ways SCION is the better solution - and it’s already available today.

If you would like to know more about New IP and how Anapaya provides this and more today, read the full report now.

Download the "New IP" Report (PDF)

Otherwise to find out more about SCION or the solutions that enable you to access it, contact Anapaya and gain access to a better way to connect today.