Trustworthy SFC Architecture

In this research, we aim to establish a trustworthy SFC architecture. In SFC scenarios, there is a lack of mechanisms to verify that traffic traverses VNFs in the correct order. Path deviations, caused by administrator misconfigurations or malicious attackers, can lead to security breaches in SFC. In this research, we design a path deviation detection mechanism for SFC using Ordered Proof of Transit (OPoT), a path verification method based on Shamir’s secret sharing, implemented with eBPF1. By leveraging eBPF, we achieve a balance between lightweight performance and flexibility, enabling the implementation of a foundation applicable to various network environments.


  1. T. Hara and M. Sasabe, “eBPF-based Ordered Proof of Transit for Trustworthy Service Function Chaining,” IEEE Transactions on Network and Service Management, vol. 22, no. 4, pp.3138-3149, Aug. 2025. doi: 10.1109/TNSM.2025.3550333 ↩︎

Takanori Hara
Takanori Hara
Associate Professor