Cyber Security in Virtualized Communication

Networks: Open Challenges for NATO

2021 International Conference on Military Communication and Information Systems (ICMCIS) | 978-1-6654-4586-3/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICMCIS52405.2021.9486421

Roberto Rigolin F. Lopes Caroline Bildsten Konrad Wrona

Communication Systems (KOM) Division of C4ISR NATO Cyber Security Centre /
Fraunhofer FKIE Swedish Defense Research Agency Military University of Technology
Bonn, Germany Linköping, Sweden The Hague, Netherlands / Warsaw, Poland
roberto.lopes@fkie.fraunhofer.de caroline.bildsten@foi.se konrad.wrona@[ncia.nato.int,wat.edu.pl]

Simo Huopio Daniel Eidenskog Olwen L. Worthington

Information Technology Division Division of C4ISR Defence Science and Technology Laboratory (Dstl)
Finnish Defense Research Agency Swedish Defense Research Agency UK Ministry of Defence
Riihimäki, Finland Linköping, Sweden London, United Kingdom
simo.huopio@mil.fi daniel.eidenskog@foi.se olworthington@mail.dstl.gov.uk

Abstract—Modern multi-nation military communication and
information systems demand rapid deployment and reconfigu-
ration to enable secure information exchange between domains
belonging to different nations. In order to support such a multi-
nation mission scenarios NATO has been developing the concept
of a federated mission network (FMN). These networks are
leveraging the advantages of software-defined networking (SDN)
and network function virtualization (NFV) to adapt to a wide
range of security requirements using network security functions
(NSF). The investigation reported in this paper discusses two
use cases, namely how to automate security policy evaluation,
and how to deploy a security guard (Information Exchange
Function) between network segments with different classification.
Both cases use network scenarios from protected core network
(PCN) because the goal is to compile open challenges to automate
the deployment and management of secure coalition networks.
Index Terms—Military Communication Networks, Software-
Defined Networking, Network Security Function, Network Func-
tion Virtualization
I. I NTRODUCTION
Future military communication networks will increasingly
rely on Software Defined Networking (SDN) and Network
Function Virtualization (NFV) to support complex and con-
tinuously evolving multi-nation operations [1]–[4]. In such
a softwarized environment, the services are hosted within
containers and virtual machines connected together by a hybrid
network, with physical and virtual components, managed by
software. The network will be programmable and will support
virtualization of many network services, including some of
Network Security Function (NSF).
This increasing softwarization of Communication and Infor-
mation Systems (CIS) would support the Federated Mission
Networks (FMN) concept [5] in providing a comprehensive
support to future agile missions and thus demands a rapid
reconfiguration and a decentralized control. Another benefit,
applicable to FMN as well as to the NATO Enterprise and
NATO STO IST-ET-114: Cyber Security in Virtualized Networks
national systems, would be support for an automated validation
and deployment of security policies leading to more agile and
rapid response to cyber threats as well as to improve security
posture by increasing automation and thus reducing human
errors in low-level technical configuration tasks.
This article compiles the results of an investigation per-
formed by the exploratory team on cyber security in virtu-
alized networks under the umbrella of NATO Science and
Technology Organization (STO) (IST-ET-114) [6]. The goal
is to assess how the recent developments in commercial
technologies, particularly SDN, NFV and NSF, can facilitate
the deployment of multi-nation military networks. The military
has several specific requirements that are different from the
civilian communication systems [7]–[9].
Current surveys and literature reviews, e.g., [10], usually
do not address those particular requirements from military
communication networks such as rapid cross-layer reconfig-
uration and co-existence of multiple security domains. Thus,
the present study complements the state-of-the-art by listing
directions for possible solutions and identifying open research
questions that are pertinent for modern military communica-
tion networks.
Our investigation focuses on how SDN, NFV and NSF can
be leveraged to enhance cyber security in mission federate
networks. We are particularly interested in dynamically plac-
ing NSF in multi-nation networks and in automating tests
to verify security policies. We have defined two network
scenarios to guide the investigation inspired by NATO’s recent
specifications on Protected Core Network (PCN) [11] and
Tactical Edge [12]. The scenarios include core services like e-
mail, chat, intelligence sharing, Friendly Force Tracking (FFT)
and Video Tele-Conference (VTC).
The goal of this paper is to compile open challenges to
automate the deployment and management of secure multi-
nation networks. The present study is part of a longer re-
search project that aims to (1) assess which cyber security

Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
 Availability

Risk-aware routing Protecting data Confidentiality

1 Integrity
Software Defined Networking (SDN) Traffic-flow confidentiality

Automated security policy evaluation Regulatory compliance

Security guard
2 Information Exchange
Military Communication Networks Network Function Virtualization (NFV) Function (IEF)
Data-sanitization
Strategic

Deployed
Manual
Tactical Data protection
Prevent Guided
IAM Access
management Autonomous
3
Network Security Function (NSF)
Detect Real Time Detection
Defend
Recover Restore

Manage risk
Assess
Audit
Service Function Chaining
Sustain Implement

Microsegmentation
Inform Collect

Fig. 1. Three technologies supporting the implementation, configuration and management of military networks

functions that can be effectively virtualized; (2) evaluate the
benefits and risks of dynamic placement of cyber security
functions and service function chaining; and (3) investigate
advantages and pitfalls of global view and global control of
the network. These overall goals of the main project will be
evaluated through network scenarios derived from Protected
Core Network (PCN) and Tactical Edge, while taking the cyber
security effects of emerging approaches, such as Experiential
Networked Intelligence (ENI) and Secure Access Service Edge
(SASE), into account.
The remainder of this paper is organized as follows. Section
II discusses the fundamental concepts related to the present
investigation. Section III lists the network scenarios and use
cases used to guide this study. Section IV describes open
challenges for coalition networks that can be addressed with
support of new technologies. Finally, Section V concludes the
paper and lists future work.
II. BACKGROUND
This section defines the fundamental concepts and tech-
nologies supporting the present investigation. We have also
reviewed recent literature proposing solutions to improve cyber
security in military coalition networks using SDN, NFV and
NSF.
A. Military Communication Networks
Modern military communications leverage recent technolo-
gies, such as SDN, NFV and NSF, to create heterogeneous
networks connecting the strategic, deployed and tactical do-
mains. These domains need the following capabilities:
• Strategic: have the infrastructure to access and utilise
information systems from any security classification.
Parts of the network can rely on stable and reliable
communication technologies and computational power;
• Deployed: have mobile infrastructure (e.g. mobile com-
mand posts) deployed in the battlefield with network
capabilities to connect to both strategic and tactical
domains;
• Tactical: be deployed in the battlefield, or in a contested
region, using constraint radio links to connect mobile
nodes, such as vehicles, soldiers and sensors. The tactical
edge has more stringent requirements than the civilian
edge networks in respect to security and reliability, and
needs to be adaptable to ever-changing communication
scenarios [13]–[18].
In this paper, we investigate how SDN, NFV and NSF can
support the deployment and validation of security policies in
multi-nation military networks. The concepts and how they
are interrelated is shown in Fig. 1. The goal is to discuss
how these technologies can improve the way we implement
cyber security in coalition networks by providing the means to
automate the detection, reaction, protection and recovery from
cyber attacks. We discuss definitions and related investigations
in the following sections.
B. Software Defined Networking (SDN)
SDN is an approach for network programmability, in which
the data forwarding plane is separated from the control plane
through standardized interfaces [19]. The programmability is
given by creating network policies, in which the SDN switches
can be made to act like a router, switch, load balancer or a
firewall [10], [20]. Fig. 2 shows the Northbound, Southbound
and East/West SDN controller interfaces in a multi-nation
configuration, using a guard in the data plane.

Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
 Nation A Nation B
Application 1, …, n 2
Northbound Interface
Controller
East/
1 West
Control Plane
Southbound Interface
Data Plane
SDN switch
3 clouds at the tactical edge for Command, Control, Commu-
Guard
Node UHF VHF SatCom
Fig. 2. Two controllers from different nations
There are two different approaches to SDN, one based
on an imperative model and one on a declarative model.
An imperative-based SDN, such as OpenFlow, means that
the control unit describes in detail how each package is to
be handled by the data plane, which in practice means that
decisions on packet forwarding are not taken in the data
plane. In the declarative model, such as OpFlex, a certain
degree of decision-making is left to the network components
in the data plane, which makes the decision-making distributed
to a certain extent [21]. In parallel of these two models,
there is also concept called intent-based networking which
can be viewed as an extension to SDN; While software-
defined networks are about coordination and automation of
policies and configurations, intent-based networks supports an
increased autonomy of network administration. In addition,
intent-based networking automate translation from intent to
policy and evaluates network behavior [22].
1) Security challenges: Care must be taken to protect a
SDN against the attack vectors caused by the centralisation
of control [23]. Since the controller is centralised in SDN, it
is a single-point of failure and therefore a target for attack.
An attacker gaining control over the controller will have
control over the network traffic, which can result in for
example denial of service or manipulated traffic. Overtaken
SDN switches in the data plane may also result in manipulated
traffic. Applications used for controlling the network in the
application plane needs to be vetted to ensure they are not
malicious [23]. For the central programmability and control
to work, a global topology mapping over network entities is
maintained [24]. A manipulated topology mapping may lead to
traffic being misdirected or affect availability of the network, it
is therefore fundamental to protect it from manipulation [25].
2) Global view: The built-in topology mapping has a
positive side effect that it also can be used to learn about the
network and monitor it for malicious changes [24]. A global
topology mapping can also be obtained in traditional networks,
but in the case of SDN it is already provided by the controller.
Additional protocols can be used to monitor the data flow, both
for traditional and SDN. There are protocols developed for
SDN that integrate with the controller and gives an additional
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
overview for decisions (e.g. sFlow) [24].
Application 1, …, n
3) Related Works: The investigation reported in [26] dis-
Northbound Interface
cuss the benefits of using SDN in coalition networks like
East/ Controller PCN. Also discussing the benefits, challenges and risks of
West
using unreliable wireless links in tactical networks to create
Southbound Interface
the control plane. The authors argue that the use of radio links
in the control plane creates a new vector for cyber attacks.
In [27], the authors leverage SDN to support distributed
SDN‐capable devices and radios nications, Computers, Intelligence, Surveillance and Recon-
naissance (C4ISR). The goal is to improve network resource
allocation to reduce the end-to-end delay over radio links.
The solution creates a hierarchy of controllers collaborating
to manage the radios, the clouds at the tactical edge and
also relying on a centralized controller. The distributed clouds
share a trust anchor using the public key infrastructure through
digital certificates from a common certification authority.
Recent literature has been introducing a hierarchical control
plane for realizing 5G and beyond [28]. The goal is to study
interaction among the controllers while executing network
slicing mechanisms and end-to-end paths at the edge of
the network. They performed experiments and measured the
latency overhead in the control plane.
Software-Defined Perimeter (SDP) is a security framework,
aimed to protect infrastructure against network threats by hid-
ing the application infrastructure and enforcing need-to-know
connectivity [29], [30]. SDN and NFV can be combined with
Software-Defined Perimeter (SDP) to mitigate some network
threats [31].
C. Network Security Function (NSF)
Military activities are sensitive therefore demanding strict
cyber security measures in coalition networks. Network secu-
rity devices like gateways and firewalls usually had its own
dedicated hardware to be deployed in the network. With the
increasing adoption of virtual networks, these devices have
been implemented in virtual machines or containers to be
easily deployed in network as Network Security Function
(NSF). NSF is a software developed to enforce integrity,
confidentiality and availability of user data flows in computer
networks. To do so, the security functions must prevent, detect,
block or mitigate cyber attacks [32].
In this investigation, we are particularly interested in secu-
rity functions that can be virtualized and dynamically placed
in a coalition network. Fig. 1 depicts some of possible network
security functions based on CIS security capability breakdown
introduced in [33]. In particular, these functions can be orches-
trated (or chained) in order to support the use cases discussed
in Section III. Therefore, in this section we review recent
investigations using SDN and NFV to support the development
and execution of network security functions.
There are investigations using the SDN infrastructure for
detection and mitigation of cyber attacks. In [34], the authors
use SDN infrastructure to compile an accurate view of the
network so to identify cyber attacks. As a result, the authors
extended the controller functionalities adding a framework to
 detect and classify anomalies in user data flows. In [35], the
authors introduced a performance aware mechanism for the
detection and mitigation of Denial of Service (DoS) attacks.
The solution is part of an agile security frameworks that is
re-configurable to address a particular attack.
There are also investigations leveraging SDN to simulate
attacks and countermeasures in tactical networks [36], [37].
The goal is to automate security check for decision making
and training addressing the particular challenges from tacti-
cal operations. In [37], the authors introduce a platform to
develop and test Machine Learning (ML) models to detect
cyber attacks using NFV and SDN. The authors leverage the
monitoring capabilities of software-defined networks to gather
features to build and test supervised ML models to detect
network anomalies related to cyber attacks.
The authors in [38], introduced a guard architecture to allow
e-mail exchange among nations in a coalition network. Their
solution is an e-mail guard with policies to allow the exchange
of emails with attachment among networks with different
security classifications. In section III-B we discuss a use case
to deploy a guard in a virtualized coalition network.
The investigation in [39] is using SDN control and monitor-
ing features to develop security applications. The authors argue
that SDN centralized management and control can support
applications enforcing security policies in the network. There-
fore, they introduced an architecture to orchestrate security
functions in a SDN-capable network.
D. Network Function Virtualization (NFV)
NFV is a network architecture to decouple network func-
tions from dedicate hardware, therefore, virtualizing network
functions into building blocks that connect or chain together
to create network segments [40], [41]. There is an on going
symbiosis between SDN and NFV creating the platform for
dynamic deployment of network functions [42]. The goal is to
develop a flexible, secure and low-cost architecture for service
providers. The main driver for this technology is the telecom
industry with the advent and development of 5G network and
its successors.
The availability of virtual machines, hypervisors and cloud
platforms triggered the development of virtualized network
devices, such as switches, routers, firewalls, Intrusion Detec-
tion Systems (IDS) and Network Address Translation (NAT).
Recent investigations are deploying network services as soft-
ware and proposing solutions to optimize resource allocation
in virtualized networks [43]. NFV allows the fulfillment of
particular application requirements by dynamic deployment
of network services and new security policies. It also enable
management and control of network functions from a central
controller, say using machine learning models. Control appli-
cations can isolate compromised network devices, slice the
network to create security zones and reroute traffic to mitigate
cyber attacks.
Complementing, recent investigations are developing mech-
anisms to keep the integrity of Service Function Chaining
(SFC) orchestrating NFV services [44]. The investigation in
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
[44] introduced a framework to support the deployment of
anomaly detection mechanisms. The goal is to keep SFC
protected against well-known attacks and be rapidly patched
for zero-day attacks. There are also investigations compiling
the challenges and use cases to protect NFV Infrastructure
(NFVI) against cyber attacks [45].
III. U SE C ASES
We defined three use cases, depicted in Fig. 1, to illus-
trate the potential benefits of NFV and SDN technologies
to improve cyber security measures in coalition networks.
The risk-aware routing in PCN has been already introduced
and analyzed in previous works [46]–[48]. The other two
use cases are introduced below. The first use case discusses
the automation of verification of the correct enforcement
of security policies in the network. The second use case
describes the deployment of an information exchange guard
fully implemented as a network function.
A. Automated security policy evaluation
The goal is to investigate the new possibilities for automat-
ing network policy verification and deployment, increasing
operational agility and mitigating human errors. Ultimately,
continuous softwarization and virtualization of network and
security functions could lead to fully automated network
management of FMN and Core Services.
This use case assumes the existence of a network between
two or more nations, as illustrated in Fig. 3. Protected core
network consist of the protected core segments that provide
connectivity for the user segments or colored clouds. Each pro-
tected core segment can be built upon SDN and communicate
with other protected core segments, to route traffic securely
between colored clouds. SDN can also be used within the
colored clouds and for example be leveraged for better control
in traffic flows towards provisioned services and therein protect
user nodes from malicious flows.
Since federated network partners each manage their own
network infrastructure, security policy verification is needed
to ensure that the connected national infrastructures meet the
common security requirements.
In an SDN-enabled PCN (SD-PCN), a pre-configured set
of information is gathered automatically from a target network
segment. The gathered information is used to validate whether
the common security policies are met.
A basic management flow for an SD-PCN would consist of:
• Setting up network route to the target network segment;
• Enumeration of all network resources;
• Enumeration of services provided by each found network
resource;
• Interrogation of software versions providing each found
service;
• Executing functional test cases needed to validate that
the core services are available and up with the basic
functionality and interoperability;
• Verification if the gathered data is within the bounds of
the security policy set to the target network in question.

Controller A PCN‐1
E
Provider A P PCN‐2 E Core A
E PCN‐1
Fig. 3. Data and Control plane for PCN
An outcome of an automated security policy evaluation
could consist of:
• Indication whether the target network has the core ser-
vices available;
• Indication whether the target network adheres with the
security policy set to the network;
• Base set of raw data gathered from the target network
to be used as a basis for further interactive analysis or
decision making.
This use case could be easily executed using resources that
are virtualized within the SDN network NFV infrastructure.
Locating the validation resources within the core SDN network
infrastructure is feasible especially when sought verification
is done against security policies which are common to all
networks that the core network connects.
The above use case demonstrates opportunities of develop-
ing a generic network security tool-set which is implemented
and offered as part of core network infrastructure. The tools
would be available for interactive and automated use already
within the network without the need of connecting any addi-
tional tools and audit workstations. Implementation as a NFV
could relatively straightforward: the tools can be packaged in
a virtual machine or a container, and data gathering, tool usage
and the needed network connections can be configured using
Management and Orchestration (MANO).
B. Information Exchange Function (IEF)
The interconnection of network segments belonging to
different security domain demands an Information Exchange
Function (IEF) (commonly called a guard) mediating the
exchange of information, as depicted in Fig. 4. We assume
that the IEF is implemented as an NSF.
The IEF could be implemented in a distributed form by
enabling dynamic orchestration of services implemented, in
virtualized or physical form, at various location of the network
by means of SFC. Such a modular architecture relying on
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
Controller B
P Provider B
PCN‐2
Core B
E E PCN‐1
E Controller C
Protected Core Core C E PCN‐2 P Provider C
Network
E
SDN and SFC would enable a more dynamic and timely re-
configuration of the guard capabilities in order to support
evolving mission information exchange requirements. The
solution must be modular with open API-based interfaces
and employing open standard mechanisms for mediating and
securing the information flow.
Feasibility analysis for an IEF requires several distinctive
steps:
• Identification of security policies applicable to the inter-
connected network segments;
• Setting up network route to the target network segment
passing through the IEF;
• Enumeration of types of data to be exchanged between
the network segments;
• Use a model to generate random sequences of messages
or data streams [15] and functional test cases for exchang-
ing the different types of data through the IEF;
• Verification that the exchanged data is within the bounds
of the security policy set to the target network in question;
• Quantification of both communication and computation
overhead added by the IEF to the data flows in order to
obtain an indication if the guard can handle data flows
using the total link capacity;
• Verification whether the IEF is sufficiently resilient to
failures.
The IEF use case can be thought as an prototype of the
generic NSF, some of them located between different security
domains and having access to all or part of the traffic flowing
between in order to make autonomous decisions on the data
flow mediation based on information exchange policy.
When thinking about implementing the IEF as a virtualized
network function, it is essential to establish first where in
logical an physical terms the NFV infrastructure is located
as the guard will terminate the protocols there. In case of
PCN architecture, terminating and inspecting the connections
of user nodes would make the NFV implementation as part
 Fig. 4. Information Exchange Function between two security domains
of the user nodes itself. Depending on the security policy, this
could force locating the NFV in the user node. In practice this
would be the case also for other similar NSF, such as firewalls,
IDS/IPS, and other sensors gathering data to form a cyber
situational awareness. There are already many commercial
examples of firewalls and other security controls which are
available in NFV format.
One of important challenges is implementing IEF security
controls that result in a residual risk that is acceptable for
successful security accreditation of an operational IEF. A
sufficient level of assurance, required for accreditation of a
solution supporting multiple security classification levels and
types of services, could be possibly achieved by implementing
some of the security-critical functionality in secure enclaves,
e.g. using Intel SGX or AMD SEV technologies [49]. Another
potential accreditation issue is management of risk related to
dynamic reconfiguration of the security functions involved in
the IEF chain. Supporting accreditation of such agile systems
is an open challenge that is critical for supporting increasingly
software-intensive military systems and modern software de-
velopment and deployment paradigms, e.g., DevSecOps [50].
An approach to applying a dynamic accreditation to military
CIS has been proposed in [51] and an example of working
implementation, applicable to DevSecOps and infrastructure
as a code, has been presented in [52]. We believe that similar
approach could be also applied in the context of NFV and
SFC.
IV. O PEN CHALLENGES
Currently, there are still several challenges a wide de-
ployment of the SDN, NFV and NSF can potentially ease
the deployment and configuration of coalition networks. In
particular, centralized management of the Alliance and mission
networks is not yet possible. One of the reasons for this is
existence of multiple network security domains in federated
networks where each of the partners manages their own
network devices. Moreover, coordination between different
partner networks and security domains is hard. Different
domains are separated by policy and management activities
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
require human-in-the-loop that is inefficient, slow, expensive,
error prone, and often results in complicated procedures.
Although implementation of at least partial network security
functionality within military networks at the deployed and
tactical domains constitutes and attractive solution, the control
plane in these systems must be implemented over unreliable
links with both network topology and link quality changing.
In order to facilitate use of NFV concepts within NATO
PCN and FMN, we need to define guidance and recom-
mendations regarding for using virtualization within military
networks without adversely affecting, but rather increasing,
security and performance of these systems. For example,
there is a need for the policy of terminating the through-
going connections on different physical and logical network
locations. It is also important to identify some policy templates
for access of security functionality by different participants.
On a technical level, we need a more detailed investigation
of suitability of SDN and NFV for secure routing in and
between protected core segments. SDN and NSF could po-
tentially be used within a protected core segment, to securely
route traffic between user nodes depending on classification. In
particular, using SDN, granular control on flows between user
nodes can be achieved. The next subsections list the technical
challenges for creating a security control plane across different
security domains in federated networks.
A. Cross-domain security controls
Within a multi-domain architecture, SDN controllers could
be used to implement cross-domain security boundary controls
within a coalition, providing integrated management control
of red and black security infrastructure, enabling full man-
agement from the high-side security domain. Provided that
the multi-domain architecture is under common organisational
control, so there is no need for negotiation across the security
boundary, the red-side controller would be fully in charge.
The black side infrastructure is untrusted from an information
security perspective.
The SDN controller would still be considered logically
centralised, even though in some implementations it may be
 physically distributed each side of the security boundary, and
various architectural options would include:
• Placing the boundary on the southbound interface (so
there are no controllers on the black side, only switches);
• Placing the boundary on the northbound interface (so the
controller is on the black side but applications are on the
red side of the network);
• Using a hierarchical controller structure.
The main challenges would be as follows:
• Protocol requirements for running controller interfaces
through a guard (e.g. reliability and flow control);
• Message sanitisation requirements, avoiding information
leakage from high to low, and avoiding malicious traffic
from low to high security domains;
• Options for integration with control of the domain border
crypto (e.g. how traffic flows should be marked so they
can be appropriately controlled on the black side without
compromising traffic flow confidentiality).
B. East/West interfaces for SDN controller federation
Using SDN in federated environments, (e.g. where there
may be multiple coalition partners, or use of third party
infrastructure to provide transport), the SDN interfaces may
be crossing not just security boundaries, but also crossing
administrative boundaries where it is no longer possible to
assume logical centralisation. In this case the controller func-
tions must be logically distributed, for example, different
parts of the network may have different priorities about how
application flows should be able to use their bandwidth, and
flow installation must be the result of a negotiation rather than
a single decision.
The main challenges would be as follows:
• How many negotiation stages between SDN controllers
would be required: would the negotiation just be between
the flow source and sink, or can there be transit domains
taking part in the negotiation?
• Flow initiation architectures: does the application initiate
the flow in each domain in parallel, or are flows set up
from source to destination?
• Benefits in sharing communications Situational Aware-
ness (SA) between domains, or should comms SA remain
strictly inter-domain? This relates to the requirements
question of how dynamically the inter-domain commu-
nications need to be managed.
V. C ONCLUSIONS AND FUTURE WORK
This paper discussed how three key technologies, namely
SDN, NFV and NSF, can improve the deployment of secure
and robust virtualized coalition networks in a alliance like
NATO. This is result of an initial investigation performed
by the IST-ET-114 exploratory team on cyber security for
virtualized networks. The main motivation for the exploratory
team was to discuss the feasibility of dynamic deployment of
cyber security functions in military communication networks
operated by a nation or as a multi-national federated CIS
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
based on PCN. Our results suggest that a symbioses among
SDN, NFV and NSF is going to allow automated detection,
protection, reaction and recovery for cyber security measures.
We have defined two use cases that will guide our feasibility
analysis of applicability of NFV and SDN to facilitate the
deployment, re-configuration of secure multi-nation military
networks.
As a future work, we plan to define a three years research
task to investigate the design and deploy of cyber security
functions in coalition networks composed by physical and
virtualized network segments. Our goal is to setup a PCN
among three or more nations to realize the use cases described
in this paper. The exploratory team concludes that a hands on
experience with these technologies is fundamental to develop
and test intelligent and secure solutions for coalition networks
within NATO Science and Technology Organization (STO).
ACKNOWLEDGMENT
This investigation was part of the Exploratory Team on
Cyber Security in Virtualized Networks (IST-ET-114). The
authors thank the Ministry of Defense from their respective
nations for supporting this investigation, namely Finland,
Germany, Poland, Sweden and United Kingdom.
R EFERENCES
[1] X. Gao, K. Li, and B. Chen, “Invulnerability measure of a military
heterogeneous network based on network structure entropy,” IEEE
Access, vol. 6, pp. 6700–6708, 2018.
[2] K. Poularakis, G. Iosifidis, and L. Tassiulas, “SDN-enabled tactical
ad hoc networks: Extending programmable control to the edge,” IEEE
Communications Magazine, vol. 56, no. 7, pp. 132–138, 2018.
[3] I. Zacarias, L. P. Gaspary, A. Kohl, R. Q. Fernandes, J. M. Stocchero,
and E. P. de Freitas, “Combining software-defined and delay-tolerant ap-
proaches in last-mile tactical edge networking,” IEEE Communications
Magazine, vol. 55, no. 10, pp. 22–29, 2017.
[4] J. Nobre, D. Rosario, C. Both, E. Cerqueira, and M. Gerla, “Toward
software-defined battlefield networking,” IEEE Communications Maga-
zine, vol. 54, no. 10, pp. 152–157, 2016.
[5] M. R. Brannsten, F. T. Johnsen, T. H. Bloebaum, and K. Lund,
“Toward federated mission networking in the tactical domain,” IEEE
Communications Magazine, vol. 53, no. 10, pp. 52–58, 2015.
[6] IST-ET-114 (COM). Cyber security in
virtualized networks. [Online]. Available:
https://www.sto.nato.int/Lists/test1/activitydetails.aspx?ID=16836
[7] M. S. Vassiliou, J. R. Agre, S. Shah, and T. MacDonald, “Crucial dif-
ferences between commercial and military communications technology
needs: Why the military still needs its own research,” in IEEE Military
Communications Conference (MILCOM), 2013, pp. 342–347.
[8] G. Elmasry, “A comparative review of commercial vs. tactical wireless
networks,” IEEE Communications Magazine, vol. 48, no. 10, pp. 54–59,
October 2010.
[9] R. R. F. Lopes, A. Viidanoja, M. Lhotellier, A. Diefenbach, N. Jansen,
and T. Ginzler, “A queuing mechanism for delivering QoS-constrained
web services in tactical networks,” in International Conference on
Military Communications and Information Systems (ICMCIS), May
2018, pp. 1–8.
[10] D. Kreutz, F. M. V. Ramos, P. E. Verı́ssimo, C. E. Rothenberg,
S. Azodolmolky, and S. Uhlig, “Software-defined networking: A com-
prehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76,
2015.
[11] G. Hallingstad and S. Oudkerk, “Protected core networking: an ar-
chitectural approach to secure and flexible communications,” IEEE
Communications Magazine, vol. 46, no. 11, pp. 35–41, 2008.
[12] S. H. Cha, M. Shin, J. Ham, and M. Y. Chung, “Robust mobility
management scheme in tactical communication networks,” IEEE Access,
vol. 6, pp. 15 468–15 479, 2018.
 [13] R. R. F. Lopes and S. D. Wolthusen, “Distributed security policies for
service-oriented architectures over tactical networks,” in IEEE Military
Communications Conference (MILCOM), 2015, pp. 1548–1553.
[14] R. R. F. Lopes, P. H. Balaraju, P. H. Rettore, and P. Sevenich, “Queuing
over ever-changing communication scenarios in tactical networks,” IEEE
Transactions on Mobile Computing, pp. 1–15, June 2020, (early access).
[15] R. R. F. Lopes, P. H. Balaraju, and P.Sevenich, “Creating ever-changing
QoS-constrained dataflows in tactical networks: An exploratory study,”
in International Conference on Military Communications and Informa-
tion Systems (ICMCIS), Budva, Montenegro, May 2019, pp. 1–8.
[16] R. R. F. Lopes, P. H. Balaraju, A. T. Silva, P. H. Rettore, and P. Sevenich,
“Experiments with a queuing mechanism over ever-changing datarates
in a VHF network,” in IEEE Military Communications Conference
(MILCOM), Norfolk VA, USA, November 2019, pp. 712–717.
[17] R. R. F. Lopes, J. F. Loevenich, P. H. Rettore, S. M. Eswarappa, and
P. Sevenich, “Quantizing radio link data rates to create ever-changing
network conditions in tactical networks,” IEEE Access, vol. 8, pp.
188 015–188 035, September 2020.
[18] J. Loevenich, R. R. F. Lopes, P. H. Rettore, S. M. Eswarappa,
and P. Sevenich, “Maximizing the probability of message deliv-
ery over ever-changing communication scenarios in tactical net-
works,” IEEE Networking Letter, pp. 1–5, March 2021, early access,
doi:10.1109/LNET.2021.3066536.
[19] E. Haleplidis, K. Pentikousis, S. Denazis, J. H. Salim, D. Meyer, and
O. Koufopavlou, “Software-Defined Networking (SDN): Layers and
Architecture Terminology,” RFC 7426, Jan. 2015. [Online]. Available:
https://rfc-editor.org/rfc/rfc7426.txt
[20] D. F. Macedo, D. Guedes, L. F. M. Vieira, M. A. M. Vieira, and
M. Nogueira, “Programmable networks—from software-defined radio to
software-defined networking,” IEEE Communications Surveys Tutorials,
vol. 17, no. 2, pp. 1102–1125, 2015.
[21] Z. Latif, K.Sharif, F. Li, M. M. Karim, S. Biswas, and Y. Wang,
“A comprehensive survey of interface protocols for software defined
networks,” Journal of Network and Computer Applications, vol. 156, p.
102563, 2020.
[22] Cisco, “2020 Global Networking Trends Report,” 2019.
[Online]. Available: https://www.cisco.com/c/en/us/solutions/enterprise-
networks/networking-technology-trends.html
[23] S. Y. Zhu, S. Scott-Hayward, L. Jacquin, and R. Hill, Guide to
Security in SDN and NFV: Challenges, Opportunities, and Applications.
Springer, 01 2017.
[24] C. da Silva, S. Lima, and J. Silva, “Challenges and trends for sampling-
based monitoring in SDN,” in Smart Spaces, and Next Generation
Networks and Systems: 17th International Conference, NEW2AN 2017,
10th Conference, ruSMART 2017, Third Workshop NsCC 2017, 2017,
pp. 109–120.
[25] S. Hong, L. Xu, H. Wang, and G. Gu, “Poisoning network visibility
in software-defined networks: New attacks and countermeasures,” in
Network and Distributed System Security Symposium (NDSS), 2015.
[26] J. Spencer and T. Willink, “SDN in coalition tactical networks,” in IEEE
Military Communications Conference (MILCOM), 2016, pp. 1053–1058.
[27] D. A. Chekired and L. Khoukhi, “Distributed SDN-based C4ISR com-
munications: A delay-tolerant network for trusted tactical cloudlets,”
in 2019 International Conference on Military Communications and
Information Systems (ICMCIS), 2019, pp. 1–7.
[28] D. Giatsios, K. Choumas, P. Flegkas, T. Korakis, J. J. A. Cruelles,
and D. C. Mur, “Design and evaluation of a hierarchical SDN control
plane for 5g transport networks,” in IEEE International Conference on
Communications (ICC), 2019, pp. 1–6.
[29] CloudSecurityAlliance, “Software Defined Perimeter,” 2013.
[Online]. Available: https://downloads.cloudsecurityalliance.org/ini
tiatives/sdp/SoftwareDefinedPerimeter.pdf
[30] A. Sallam, A. Refaey, and A. Shami, “On the security of SDN: A
completed secure and scalable framework using the software-defined
perimeter,” IEEE Access, vol. 7, pp. 146 577–146 587, 2019.
[31] J. Singh, A. Refaey, and A. Shami, “Multilevel security framework for
nfv based on software defined perimeter,” IEEE Network, vol. 34, no. 5,
pp. 114–119, 2020.
[32] S. Hares, D. Lopez, M. Zarny, C. Jacquenet, R. Kumar, and J. P.
Jeong, “Interface to Network Security Functions (I2NSF): Problem
Statement and Use Cases,” RFC 8192, Jul. 2017. [Online]. Available:
https://rfc-editor.org/rfc/rfc8192.txt
Authorized licensed use limited to: Center for Science Technology and Information (CESTI). Downloaded on December 21,2023 at 10:01:41 UTC from IEEE Xplore. Restrictions apply.
[33] G. Hallingstad and L. Dandurand, “Communication and Information
System Security Capability Breakdown - Revision 4,” NCI Agency, The
Hague, The Netherlands, Tech. Rep., 2013.
[34] A. Santos da Silva, J. A. Wickboldt, L. Z. Granville, and A. Schaeffer-
Filho, “ATLANTIC: A framework for anomaly traffic detection, classi-
fication, and mitigation in SDN,” in IEEE/IFIP Network Operations and
Management Symposium (NOMS), 2016, pp. 27–35.
[35] W. Navid and M. N. M. Bhutta, “Detection and mitigation of denial
of service (DoS) attacks using performance aware software defined
networking (SDN),” in International Conference on Information and
Communication Technologies (ICICT), 2017, pp. 47–57.
[36] F. Battiati, G. Catania, L. Ganga, G. Morabito, A. Mursia, and A. Viola,
“CSSS: Cyber security simulation service for software defined tacti-
cal networks,” in International Conference on Information Networking
(ICOIN), 2018, pp. 531–533.
[37] A. Pastor, A. Mozo, D. R. Lopez, J. Folgueira, and A. Kapodistria,
“The mouseworld, a security traffic analysis lab based on NFV/SDN,”
in Proceedings of the 13th International Conference on Availability,
Reliability and Security, ser. ARES 2018. New York, NY, USA:
Association for Computing Machinery, 2018. [Online]. Available:
https://doi.org/10.1145/3230833.3233283
[38] T. Gibson, “A guard architecture for improved coalition operations,” in
IEEE International Workshop on Information Assurance (IWIAS), 2003,
pp. 89–94.
[39] A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “OrchSec: An
orchestrator-based architecture for enhancing network-security using
network monitoring and SDN control functions,” in IEEE Network
Operations and Management Symposium (NOMS), 2014, pp. 1–9.
[40] B. Yi, X. Wang, K. Li, S. k. Das, and M. Huang, “A
comprehensive survey of network function virtualization,” Computer
Networks, vol. 133, pp. 212–262, 2018. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S1389128618300306
[41] Y. Li and M. Chen, “Software-defined network function virtualization:
A survey,” IEEE Access, vol. 3, pp. 2542–2553, 2015.
[42] T. Wood, K. K. Ramakrishnan, J. Hwang, G. Liu, and W. Zhang, “To-
ward a software-based network: integrating software defined networking
and network function virtualization,” IEEE Network, vol. 29, no. 3, pp.
36–41, 2015.
[43] I. J. Sanz, D. M. F. Mattos, and O. C. M. B. Duarte, “SFCPerf: An
automatic performance evaluation framework for service function chain-
ing,” in IEEE/IFIP Network Operations and Management Symposium
(NOMS), 2018, pp. 1–9.
[44] L. Bondan, T. Wauters, B. Volckaert, F. De Turck, and L. Z. Granville,
“Anomaly detection framework for SFC integrity in NFV environments,”
in IEEE Conference on Network Softwarization (NetSoft), 2017, pp. 1–5.
[45] W. Yang and C. Fung, “A survey on security in network functions
virtualization,” in IEEE NetSoft Conference and Workshops (NetSoft),
2016, pp. 15–19.
[46] K. Wrona, S. Oudkerk, S. Szwaczyk, and M. Amanowicz, “Content-
based security and protected core networking with software-defined
networks,” IEEE Communications Magazine, vol. 54, no. 10, pp. 138–
144, 2016.
[47] K. Wrona, S. Szwaczyk, M. Amanowicz, and K. Gierłowski, “SDN
testbed for validation of cross-layer data-centric security policies,” in
Proc. of the International Conference on Military Communications and
Information Systems (ICMCIS), 2017.
[48] S. Szwaczyk, M. Amanowicz, and K. Wrona, “Applicability of risk
analysis methods to risk-aware routing in software-defined networks,”
in Proc. of the International Conference on Military Communications
and Information Systems (ICMCIS), 2018.
[49] V. Lefebvre, G. Santinelli, T. Müller, and J. Götzfried, “Universal trusted
execution environments for securing SDN/NFV operations,” in Proc.
of the 13th International Conference on Availability, Reliability and
Security (ARES), 2018.
[50] N. Chaillan, “DoD Enterprise DevSecOps Reference Design, V1.0,” US
Department of Defense, Tech. Rep., 2019.
[51] R. Goode, G. Hallingstad, and K. Wrona, “Dynamic federated accredi-
tation,” in Military CIS Conference, Prague, Czech Republic, 2009.
[52] K. Wrona, F. M. Scharf, and M. Jarosz, “Security accreditation and soft-
ware approval with smart contracts,” IEEE Communications Magazine,
vol. 59, no. 2, pp. 56–62, 2021.