{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T20:17:52Z","timestamp":1760300272374,"version":"build-2065373602"},"reference-count":39,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2019,8,24]],"date-time":"2019-08-24T00:00:00Z","timestamp":1566604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100005416","name":"Norges Forskningsr\u00e5d","doi-asserted-by":"publisher","award":["251370"],"award-info":[{"award-number":["251370"]}],"id":[{"id":"10.13039\/501100005416","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Contemporary Service Function Chaining (SFC), and the requirements arising from privacy concerns, call for the increasing integration of security features such as encryption and isolation across Network Function Virtualisation (NFV) domains. Therefore, suitable adaptations of automation and encryption concepts for the development of interconnected data centre infrastructures are essential. Nevertheless, packet isolation constraints related to the current NFV infrastructure and SFC protocols, render current NFV standards insecure. Accordingly, the goal of our work was an experimental demonstration of a new SFC packet forwarding standard that enables contemporary data centres to overcome these constraints. This article presents a comprehensive view of the developed architecture, focusing on the elements that constitute a new forwarding standard of encrypted SFC packets. Through a Proof-of-Concept demonstration, we present our closing experimental results of how the architecture fulfils the requirements defined in our use case.<\/jats:p>","DOI":"10.3390\/fi11090183","type":"journal-article","created":{"date-parts":[[2019,8,26]],"date-time":"2019-08-26T04:38:23Z","timestamp":1566794303000},"page":"183","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Proof-of-Concept Demonstration of Isolated and Encrypted Service Function Chains"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4498-3235","authenticated-orcid":false,"given":"H\u00e5kon","family":"Gunleifsen","sequence":"first","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2802 Gj\u00f8vik, Norway"}]},{"given":"Thomas","family":"Kemmerich","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2802 Gj\u00f8vik, Norway"}]},{"given":"Vasileios","family":"Gkioulos","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2802 Gj\u00f8vik, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2019,8,24]]},"reference":[{"key":"ref_1","unstructured":"ETSI (2019, August 23). Network Function Virtualization (NFV); Architectural Framework. ETSI GS NFV 001 v1.1.1. Available online: http:\/\/www.etsi.org\/deliver\/etsi_gs\/NFV\/001_099\/002\/01.01.01_60\/gs_NFV002v010101p.pdf."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Halpern, J.M., and Pignataro, C. (2015). Service Function Chaining (SFC) Architecture, Internet Engineering Task Force (IETF). Available online: https:\/\/tools.ietf.org\/html\/rfc7665.","DOI":"10.17487\/RFC7665"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Gunleifsen, H., Gkioulos, V., and Kemmerich, T. (2018). A Tiered Control Plane Model for Service Function Chaining Isolation. Future Internet, 10.","DOI":"10.3390\/fi10060046"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Gunleifsen, H., and Kemmerich, T. (2017, January 27\u201330). Security requirements for service function chaining isolation and encryption. Proceedings of the 2017 IEEE 17th International Conference on Communication Technology (ICCT), Chengdu, China.","DOI":"10.1109\/ICCT.2017.8359856"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","article-title":"A design science research methodology for information systems research","volume":"24","author":"Peffers","year":"2007","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_6","unstructured":"Gunleifsen, H., Kemmerich, T., and Petrovic, S. (2016, January 25\u201331). An End-to-End Security Model of Inter-Domain Communication in Network Function Virtualization. Proceedings of the Norsk Informasjonssikkerhetskonferanse (NISK), Bergen, Norway."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1016\/j.comnet.2019.05.015","article-title":"Dynamic setup of IPsec VPNs in service function chaining","volume":"160","author":"Gunleifsen","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Filsfils, C., Previdi, S., Ginsberg, L., Decraene, B., Litkowski, S., and Shakir, R. (2018). Segment Routing Architecture, Internet Engineering Task Force (IETF). Available online: https:\/\/tools.ietf.org\/html\/rfc8402.","DOI":"10.17487\/RFC8402"},{"key":"ref_9","unstructured":"Stubbe, H. (2017, January 1). P4 compiler & interpreter: A survey. Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM), Munich, Germany."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Alwakeel, A.M., Alnaim, A.K., and Fernandez, E.B. (2018, January 19\u201322). A Survey of Network Function Virtualization Security. Proceedings of the SoutheastCon 2018, St. Petersburg, FL, USA.","DOI":"10.1109\/SECON.2018.8479121"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"2429","DOI":"10.1109\/COMST.2018.2815638","article-title":"Network slicing and softwarization: A survey on principles, enabling technologies, and solutions","volume":"20","author":"Afolabi","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1016\/j.future.2016.07.002","article-title":"Security challenges with network functions virtualization","volume":"67","author":"Firoozjaei","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.jnca.2016.09.001","article-title":"A survey on service function chaining","volume":"75","author":"Bhamare","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gross, J., Ganga, I., and Sridhar, T. (2019). Geneve: Generic Network Virtualization Encapsulation, Internet Engineering Task Force. Work in Progress.","DOI":"10.17487\/RFC8926"},{"key":"ref_15","unstructured":"Sajassi, A., Banerjee, A., Thoria, S., Carrel, D., Weis, B., and Drake, J. (2019). Secure EVPN, Internet Engineering Task Force. Work in Progress."},{"key":"ref_16","unstructured":"Maino, F., Kreeger, L., and Elzur, U. (2019). Generic Protocol Extension for VXLAN, Internet Engineering Task Force. Work in Progress."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Quinn, P., Elzur, U., and Pignataro, C. (2018). Network Service Header (NSH), Internet Engineering Task Force. Available online: https:\/\/tools.ietf.org\/html\/rfc8300.","DOI":"10.17487\/RFC8300"},{"key":"ref_18","unstructured":"Bashandy, A., Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., and Shakir, R. (2019). Segment Routing with MPLS Data Plane, Internet Engineering Task Force. Work in Progress."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"1423","DOI":"10.1109\/COMST.2015.2439033","article-title":"Network programmability with ForCES","volume":"17","author":"Haleplidis","year":"2015","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"B62","DOI":"10.1364\/JOCN.7.000B62","article-title":"Integrated SDN\/NFV management and orchestration architecture for dynamic deployment of virtual SDN control instances for virtual tenant networks","volume":"7","author":"Vilalta","year":"2015","journal-title":"J. Opt. Commun. Netw."},{"key":"ref_21","unstructured":"Yin, H., Xie, H., Tsou, T., Lopez, D., Aranda, P., and Sidi, R. (2012). SDNi: A Message Exchange Protocol for Software Defined Networks (SDNS) across Multiple Domains, Internet Engineering Task Force. Available online: https:\/\/tools.ietf.org\/html\/draft-yin-sdn-sdni-00."},{"key":"ref_22","unstructured":"Farrel, A., Drake, J., Rosen, E.C., Uttaro, J., and Jalil, L. (2019). BGP Control Plane for NSH SFC, Internet Engineering Task Force. Internet-Draft draft-ietf-bess-nsh-bgp-control-plane-12."},{"key":"ref_23","unstructured":"Sangha, T., and Wibowo, B. (2018). VMware NSX Cookbook, Packt Publishing Ltd."},{"key":"ref_24","unstructured":"ONF (2019, August 23). Open Networking Foundation, Stratum Project. Available online: https:\/\/www.opennetworking.org\/stratum\/."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/2656877.2656890","article-title":"P4: Programming protocol-independent packet processors","volume":"44","author":"Bosshart","year":"2014","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_26","unstructured":"Lopez, R., Lopez-Millan, G., and Pereniguez-Garcia, F. (2019). Software-Defined Networking (SDN)-Based IPsec Flow Protection, Internet Engineering Task Force. Work in Progress."},{"key":"ref_27","unstructured":"Carrel, D., and Weis, B. (2019). IPsec Key Exchange Using a Controller, Internet Engineering Task Force. Work in Progress."},{"key":"ref_28","unstructured":"Hares, S. (2014). Use Cases for Resource Pools with Virtual Network Functions (VNFs), Internet Engineering Task Force. Work in Progress."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Filsfils, C., Nainar, N.K., Pignataro, C., Cardona, J.C., and Francois, P. (2015, January 6\u201310). The segment routing architecture. Proceedings of the 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA.","DOI":"10.1109\/GLOCOM.2015.7417124"},{"key":"ref_30","unstructured":"Filsfils, C., Dukes, D., Previdi, S., Leddy, J., Matsushima, S., and Voyer, D. (2019). IPv6 Segment Routing Header (SRH), Internet Engineering Task Force. Work in Progress."},{"key":"ref_31","unstructured":"(2019, August 23). The VXLAN-Tool Website. Available online: https:\/\/github.com\/opendaylight\/sfc\/blob\/master\/sfctest\/nsh-tools\/vxlan_tool.py."},{"key":"ref_32","unstructured":"ETSI (2019, August 23). Network Function Virtualization (NFV); Management and Orchestration. ETSI GS NFV-MAN 001 v1.1.1. Available online: http:\/\/www.etsi.org\/deliver\/etsi_gs\/NFV-MAN\/001_099\/001\/01.01.01_60\/gs_nfv-man001v010101p.pdf."},{"key":"ref_33","unstructured":"Peacock, M. (2015). Creating Development Environments with Vagrant, Packt Publishing Ltd."},{"key":"ref_34","unstructured":"Kapadia, A., and Chase, N. (2017). Understanding OPNFV: Accelerate NFV Transformation Using OPNFV, CreateSpace Independent Publishing Platform."},{"key":"ref_35","unstructured":"Denton, J. (2014). Learning OpenStack Networking (Neutron), Packt Publishing Ltd."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/3139645.3139648","article-title":"The P416 Programming Language","volume":"51","author":"Budiu","year":"2017","journal-title":"Oper. Syst. Rev."},{"key":"ref_37","unstructured":"Kanclirz, J. (2008). Netcat Power Tools, Elsevier."},{"key":"ref_38","unstructured":"(2019, August 23). Scapy Webpage. Available online: https:\/\/github.com\/secdev\/scapy."},{"key":"ref_39","unstructured":"Reddy, T., Patil, P., Fluhrer, S., and Quinn, P. (2015). Authenticated and Encrypted NSH Service Chains, Internet Engineering Task Force. Available online: https:\/\/tools.ietf.org\/html\/draft-reddy-sfc-nsh-encrypt-00."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/9\/183\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:13:47Z","timestamp":1760188427000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/9\/183"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,24]]},"references-count":39,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2019,9]]}},"alternative-id":["fi11090183"],"URL":"https:\/\/doi.org\/10.3390\/fi11090183","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2019,8,24]]}}}