Projects

SCION is a path-aware inter-domain network architecture that provides applications and users opportunities to optimise data transport over the Internet. This project aims to integrate SCION into the Brave web browser to enable path-aware retrieval of web resources.

However, finding the most suitable paths is a challenging problem. This browser will use PANAPI to automatically find the corresponding paths, optimising application- and user-based metrics such as overall page load time, latency, bandwidth, privacy, and CO2 footprint according to the application's needs and user's preferences set in the browser. Additionally, it will also integrate support for RHINE into the Brave browser.

View project in the research portal

The DNS protocol (DNS over Port 53) is now over 35 years old. It was not originally developed with today's data protection and security requirements in mind. Since DNS is unencrypted, the corresponding connections can be read or even changed anywhere in the network between the DNS client and server. DNS-over-HTTPS (DoH) is a new secure DNS approach that was adopted as RFC 8484 in October 2018. DoH uses the HTTPS protocol to secure DNS connections. In contrast to DNS-over-TLS (DoT), which uses TCP port 853 and whose traffic can therefore be easily monitored and blocked, DoH is part of normal HTTPS traffic and is therefore more difficult to monitor. Other relevant topics in this area are DNS-over-QUIC (DoQ), DNS Discovery (DDR) and DNS in the context of Apple Private Relay, Google Privacy Relay and ECS implementations.
This text was translated with DeepL on 28/11/2025

View project in the research portal

Modern secure Internet routing solutions, like Border Gateway Protocol-Security (BGPsec) and Scalability, Control and Isolation On Next-generation networks (SCION), remain under deployed. Addressing this gap, the SBAS project presents an innovative approach, integrating it as a unified virtual AS within the prevailing BGP-oriented Internet. Through this, SBAS aims to provide hundreds of thousands of users with secure routing via the established SCION network.
Tackling key challenges:

• Sustainability: Using SCION's path-aware infrastructure, SBAS offers optimized "green" routing, minimizing the Internet's carbon footprint.
• Cross-Atlantic Digital Governance: Unlike the traditional singular trust model, SCION promotes individualized trust-based connections. SBAS, leveraging SCION, fosters secure cross-border data interactions for regular Internet users.
• Data Security and Privacy: In today's Internet, control vulnerabilities and hijacking are concerns. SCION introduces defined sovereign Internet regions, and SBAS, built atop it, ensures data sovereignty and geo-fencing while resisting hijacking attacks, all without compromising global communication.

The project's core goal is deploying and evaluating SBAS across the operational SCION network, enriching secure routing access for a vast user base. To materialize this, we'll establish SBAS Points of Presence (PoPs) within SCION, serving as a foundation for experiments and performance evaluations, underscoring SBAS's advancements in security and efficiency.

View project in the research portal

The DNS protocol (DNS over Port 53) is now over 35 years old. It was not originally developed with today's data protection and security requirements in mind. Since DNS is unencrypted, the corresponding connections can be read or even changed anywhere in the network between the DNS client and server. DNS-over-HTTPS (DoH) is a new secure DNS approach that was adopted as RFC 8484 in October 2018. DoH uses the HTTPS protocol to secure DNS connections. In contrast to DNS-over-TLS (DoT), which uses TCP port 853 and whose traffic can therefore be easily monitored and blocked, DoH is part of normal HTTPS traffic and is therefore more difficult to monitor. Other relevant topics in this area are DNS-over-QUIC (DoQ) and DNS Discovery (DDR).
This text was translated with DeepL on 28/11/2025

View project in the research portal

The DNS protocol (DNS over Port 53) is now over 35 years old. It was not originally developed with today's data protection and security requirements in mind. Since DNS is unencrypted, the corresponding connections can be read or even changed anywhere in the network between the DNS client and server. DNS-over-HTTPS (DoH) is a new secure DNS approach that was adopted as RFC 8484 in October 2018. DoH uses the HTTPS protocol to secure DNS connections. In contrast to DNS-over-TLS (DoT), which uses TCP port 853 and whose traffic can therefore be easily monitored and blocked, DoH is part of normal HTTPS traffic and therefore more difficult to monitor. For a network provider, DoH could therefore be considered as an alternative to previous DNS protocols (DoT, DNS53) in order to meet data protection and security requirements on the part of customers.
This text was translated with DeepL on 28/11/2025

View project in the research portal

SCION is a novel NGI architecture that has reached a level of maturity, which renders it ready today for large-scale deployment. The objective is to deploy SCION over the NSF BRIDGES infrastructure over two very high-speed transatlantic links and validate its characteristics. This project will demonstrate the SCION benefits by means of experiments between the US and Europe over the SCIONLab testbed to show the privacy-enhancement (e.g., by splitting traffic over multiple paths) and improved reliability (e.g. with multi-path and seamless path failover) over SCION, as well as the scalability of our SCION-based path discovery mechanisms which help to effectively reduce the network’s power consumption and incentivize ISPs and transit providers to shift towards greener electricity.

View project in the research portal

The PANAPI (Path Aware Networking API) project will design a sophisticated host-based network-path selection engine on top of the SCION network architecture, and provide it as an open source implementation of the abstract next-generation transport service API currently being drafted in the IETF TAPS Working Group.

PANAPI will provide a powerful and extensible framework for automatic path property measurements, path quality evaluation, and optimized path selection, complete with automatic load balancing and failure recovery in a PAN environment, all hidden behind upcoming standard application-facing API abstractions.

Our work will empower a large community of developers interested in adding PAN support to their
applications. Incorporation of developer feedback, permissive open source licensing, close collaboration with PAN architects on the PANAPI implementation, and engagement with the IETF community about front end API compatibility and best practices are among our most important priorities.

View project in the research portal

RAINS (RAINS, Another Internet Naming Service) is a name resolution protocol that has been designed with the aim to provide an ideal naming service for the SCION Internet architecture. The goal of this project is to enhance and refine the RAINS prototype implementation on top of the newest SCION release, and make it available within the SCIONLab network for developers and end-users to be able to use it.

View project in the research portal

The DNS protocol (DNS over Port 53) is now over 35 years old. It was not originally developed with today's data protection and security requirements in mind. Since DNS is unencrypted, the corresponding connections can be read or even changed anywhere in the network between the DNS client and server. DNS-over-HTTPS (DoH) is a new secure DNS approach that was adopted as RFC 8484 in October 2018. DoH uses the HTTPS protocol to secure DNS connections. In contrast to DNS-over-TLS (DoT), which uses TCP port 853 and whose traffic can therefore be easily monitored and blocked, DoH is part of normal HTTPS traffic and is therefore more difficult to monitor.

For network providers, DoH could therefore be considered as an alternative to previous DNS protocols (DoT, DNS53) in order to fulfill data protection and security requirements on the part of customers. The question therefore arises as to how well DoH performs and to what extent DoH can be considered as an alternative to DoT or DNS53.
This text was translated with DeepL on 28/11/2025

View project in the research portal

In this project we aim to develop a secure and reliable decentralized storage platform enabling fast and scalable content search and lookup going beyond existing approaches. The goal is to leverage path-awareness to use underlying network resources efficiently in order to achieve a low search and lookup delay while increasing the overall throughput.

View project in the research portal

The main goal of this project is the deployment and evaluation of the SCION network on multiple Fed4FIRE+ testbeds, specifically GEANT GTS, Virtual Wall, Grid5000, and Exogeni. Our SCIONLab infrastructure facilitates the interaction between different deployed SCION networks and services, whereas SCIONLab nodes themselves contribute to the routing within the SCION topology, thus enabling a broad range of novel path-aware applications. To this end, the aim is to interconnect instances of SCION nodes deployed on the different Fed4FIRE+ testbeds among each other as well as with other nodes in the global SCIONLab network such as within DFN and SWITCH and their associated universities OVGU Magdeburg and ETH Zurich.

View project in the research portal

DDoS (Distributed Denial of Service) attacks continue to be a reality in 2020. In its 2020 State of the Internet Security Report, for example, Akamai reports a DDoS attack on a bank that reached an astonishing 160 GBit/s. Effective DDoS mitigation approaches, such as cloud-based, collaborative or SDN-based defense mechanisms, are still required to protect against such attacks. Deutsche Telekom Technik GmbH has therefore been working with Prof. Hausheer's chair since 2019 to develop DDoS mitigation mechanisms based on open source and programmable hardware. This collaboration is set to continue in 2020.
This text was translated with DeepL on 28/11/2025

View project in the research portal

The DNS protocol (DNS over Port 53) is now over 35 years old. It was not originally developed with today's data protection and security requirements in mind. Since DNS is unencrypted, the corresponding connections can be read or even changed anywhere in the network between the DNS client and server. DNS-over-HTTPS (DoH) is a new secure DNS approach that was adopted as RFC 8484 in October 2018. DoH uses the HTTPS protocol to secure DNS connections. In contrast to DNS-over-TLS (DoT), which uses TCP port 853 and whose traffic can therefore be easily monitored and blocked, DoH is part of normal HTTPS traffic and is therefore more difficult to monitor. For a network provider such as Deutsche Telekom, DoH could therefore be considered as an alternative to previous DNS protocols (DoT, DNS53) in order to meet data protection and security requirements on the part of customers.
This text was translated with DeepL on 28/11/2025

View project in the research portal

According to a study by Akamai, DDoS (Distributed Denial of Service) attacks have increased recently and have also become bigger and bigger. An attack by the DDoS botnet Mirai at the end of 2016 against the security website "Krebs on Security", for example, caused 650 Gbps of traffic with over 150 million packets per second (Mpps), originating from unsecured IoT devices. At the same time, attacks are becoming increasingly sophisticated. In a DNS amplification attack, for example, an attacker sends just 1 Gbps of initial traffic, but generates 100 Gbps against the target of the attack. It is not always easy to distinguish traffic from malicious bots from regular bot traffic (e.g. search service bots) or human-generated traffic.
Many customers of Internet service providers and hosting providers have already fallen victim to DDoS attacks in the past. Effective DDoS mitigation approaches, such as cloud-based, collaborative or SDN-based defense mechanisms, are necessary to protect them from such attacks.
This text was translated with DeepL on 28/11/2025

View project in the research portal

SCION (Scalability, Control, and Isolation on Next-Generation Networks) is a secure Internet architecture that is now ready for pilot deployment in carrier-grade networks. The multifaceted SCION approach includes several features that are difficult or impossible to implement in today's Internet, including multipath communication, defense against DDoS attacks in the network, as well as path-based applications and inter-domain routing architectures.
At the same time, SCION adds minimal complexity (and cost) to the existing infrastructure, as the existing internal switching infrastructure of an ISP can be used and only a few border routers need to be installed or upgraded. In addition, SCION offers incentives for use, for example by increasing the availability and reliability of applications, making better use of network capacities through multipath communication and enabling cost savings, e.g. for leased lines. This opens up opportunities for new business models and services for ISPs, e.g. in the context of future Internet applications such as IoT.
This text was translated with DeepL

View project in the research portal

The project provides personnel support for the application of a project proposal. In terms of content, the project focuses on the design of software-defined infrastructures for efficient and reliable networked systems. Software-defined networking (SDN) is a promising new concept that allows the flexible control of communication networks in software, while network function virtualization (NFV) even allows network functions themselves to be fully virtualized and outsourced to software-based cloud infrastructures. In this context, new SDN/NFV-based mechanisms are to be designed that enable the reliable, secure and efficient operation of large distributed and networked systems. NFV-based systems in particular require new, innovative approaches to the verification and certification of network functions before they can be used in productive communication networks.
This text was translated with DeepL

View project in the research portal