On the Integration of Blockchain and SDN: Overview, Applications, and Future Perspectives

The present survey discusses essential information related to both SDN and BC considering also their security and privacy aspects as well as their applications. In the last years, many works have focused on these technologies proving that they are heavily attracting the interest of the research community. Hereinafter, we review the most recent surveys (published within the last 5 years) regarding such technologies and their integration, briefly discussing the aspects on which each work is focused.¹

SDN. In [37], the authors discuss the 5G network softwarization and slicing strategy based on SDN and network function virtualization (NFV) technologies. Different industrial initiatives and projects, their requirements, and various architectural approaches for 5G networks are also described. Similarly, Bannour et al. [38] focus on the SDN approach and particularly on distributed SDN controllers. Improving the security of the SDN environment and especially of SDN controllers is the main topic of the work in [39]. Additionally, Bizanis and Kuipers [40] propose the joint utilization of SDN and network virtualization technologies to bring several functionalities to IoT applications. In [41], a brief discussion on SDN control plane focusing on scalability issues is presented. The authors also develop different controller design schemes such as flat, hierarchical, and hybrid controllers. Furthermore, in [42], the authors present a strategy for smart homes using SDN that ensures the privacy of the system. The authentication of user is accomplished by encryption procedure based on a symmetric key protocol. In another SDN–IoT integration-based work [43], the authors suggest to integrate SDN and IoT to develop an intelligent framework that is capable of providing solutions to different problems related to Industry 4.0 applications that have arisen during the COVID-19 pandemic.

Blockchain. Tariq and al. [44] propose to leverage BC to manage several applications such as Wireless Sensor Networks, Vehicular Ad hoc Networks (VANETs), IoT, and healthcare systems. They review the existing problems, their solutions, and possible security issues. Besides, Deepa et al. [45] integrate these studies presenting different approaches for potential integration of Big Data applications with BC technology. More recently, the survey in [46] discusses different case studies of practical usage of BC for healthcare data management systems. The integration of BC within IoT systems is analyzed in [47] where the authors propose the definition of Blockchain of Things to name the synthesis of BC into 5G and industrial applications. Also, the survey in [21] focuses on the management of information system using BC with particular attention on the security issues. Similarly, Bhutta et al. [22] present the evolution of BC technology along with the specific security measures introduced, while Hewa et al. [23] discuss the technical aspects of BC focusing on its future scopes.

Integration of BC and SDN. Wadhwa et al. [48] investigate healthcare systems enriched with the integration of BC and SDN. They describe various use cases where the benefits of these two technologies can be fruitfully leveraged. With a specific eye on security, in [49], the authors discuss SDN-based intrusion detection systems (IDSs) in BC applications. Likewise, Alharbi [50] takes into account BC to protect the SDN environment, also assessing the feasibility of this powerful integration.

For the sake of completeness, other related surveys on BC and SDN—not detailed in the present subsection for brevity—are reported in Table 1, which groups them based on the related technology and summarizes the main topics covered by each work.

Positioning of Our Survey. In the present survey, we aim to investigate the integration of BC and SDN technologies with an eye on security and privacy issues in real applications. To the best of our knowledge, this study is the first survey that takes into account BC and SDN technologies by providing details on both their main features and deepening their effective integration along with actual use cases. As reported in previous paragraphs and further summarized in Table 1, we analyze in a systematic manner different aspects scattered across previous works. Indeed, unlike the works investigating the application of BC or SDN alone, we firstly provide an overview of BC and SDN applications underlining their security and privacy aspects, then we discuss the BC–SDN integration by analyzing the peculiarities and (security) issues deriving from it. In this regard, comparing our survey with recent ones covering BC–SDN [48‐50], (i) we expressly make BC–SDN the main pillar of our investigation (differently than [49]) and we do not narrow our dissertation to (ii) specific use cases (e.g., healthcare [48]) or (iii) particular aspects of interest (e.g., implementation feasibility [50]).

In this work, we discuss SDN and BC leading technologies and their fruitful integration. In detail, we provide an extensive analysis of their features, security and privacy issues, and applications. Finally, we discuss open challenges and future perspectives. We also consider valuable benefits achieved with the integration of these technologies in order to better support applications in many fields. To summarize, in this survey, we offer the following contributions:In view of these aims, we review recent papers related to BC and SDN, and their integration by considering state-of-art proposals (with related motivations) and focusing on their features and benefits, as well as security and privacy concerns. Moreover, we review articles related to real application scenarios of BC–SDN as an extension of their individual application fields. In particular, we have selected such studies prioritizing more relevant ones (i.e. those deepening security and privacy aspects or describing actual use cases) published in the last five years (see e.g. Table 3).

The remainder of this survey is organized as follows: Sect. 2 presents a general overview of analyzed technologies (i.e. BC and SDN). Section 3 introduces the motivations behind the BC–SDN integration also reviewing state-of-art proposals. The security and privacy issues in BC and in the aforementioned integration are discussed in Sect. 4, Successively, the applications of BC and BC–SDN are presented in Sect. 5. Furthermore, in Sect. 6, we focus on the current research challenges and future directions for the effective employment of considered technologies. Finally, we conclude the survey in Sect. 7. To ease readers, Fig. 1 depicts the road map of the present survey. Also, Table 2 summarizes the acronyms used in the text for readability.

BC technology was firstly introduced by Satoshi Nakamoto (pseudonym) in 2008 and it is currently exploited in numerous applications. A BC is a decentralized and distributed ledger and every participant can authenticate it without the interference of any central authority or special individual which provides a clearinghouse service verifying and clearing all transactions. Therefore, the BC is assembled independently by every node in the network. Each block records some or all most recent transactions that have not been recorded in a previous block. As shown in Fig. 2, each block consists of (i) the block header encompassing current and prior cryptographic block hash values, a timestamp, and a nonce; (ii) the main body encompassing transaction hash value, sender and receiver identity, and signature for each transaction. The users who share their computing power to verify if the transactions in the blocks are legitimate in exchange for a reward are called miners. They have to resolve a statistical problem based on the calculation of a cryptographic hash function to confirm the latest transactions and list all of them within the global ledger. Normally, a block is extracted every 5 to 10 min.

The newly mined block is attached to the BC once the majority of its participants agree that it is valid; in other words, adding a new block requires to reach a consensus among the miners (also called nodes in this context). More specifically, the consensus is an artifact of the asynchronous interaction of thousands of independent nodes, all following simple rules. The most common consensus algorithms are the Proof of Work (PoW) and the Proof of Stake (PoS) in which the miners needs to provide a certain proof that must be validated by other nodes in the network to be allowed to publish (cf. Sect. 2.1.3).

It is worth underlining that blocks can only be added and not modified. Indeed, after a block is added to the BC, modifying data in a block of the chain is an extremely challenging task because it requires changing all of the following blocks. Therefore, the BC ledger becomes more and more immutable as time passes.

To summarize, in Fig. 3, we provide a diagram reporting the opportunities (shown on the left side) and the related challenges (shown on the right side) related to the utilization of the BC technology. We can notice that if on the one hand, the opportunities and advantages of utilizing the BC are enormous, on the other hand obstacles and challenges must be carefully considered and mitigated to fully exploit BC potential especially in dynamic and controllable environments (as for instance in software-defined networks).

In conventional systems, network connections are established via switches and routers, which are also responsible for transmitting data over the network. Such a networking scheme may be subject to lack of confidentiality and then could be prone to third-party attacks. For these reasons, the development of the SDN paradigm is crucial. SDN is a networking strategy that efficiently provides the facility of a centralized environment and aims to decouple data transfer process from the devices designed for it [6]. This paradigm is based on the existence of different planes, each responsible for some specific functions: (i) the data plane is responsible for packet forwarding, (ii) the control plane decides on routing using a flow table containing rules to properly manage incoming packets, and (iii) the application plane encompasses the services made available to the users. It is worth noting that flow rules can be easily changed according to the needs [55] by exploiting the improved programmability and control provided by SDN compared to conventional networking systems [56]. OpenFlow is the most known protocol used for the communication between the switches and the central controller in SDN environments (despite it still has some vulnerabilities [57]). Figure 5 depicts the structure of a common SDN architecture, whose planes and related interconnections are described hereinafter.

Data Plane. The data plane (also known as edge or infrastructure plane as reported in Fig. 5) is the lowest plane of an SDN architecture and comprises the devices used for data forwarding such as switches (physical or virtual), access points, routers, etc. The communication between the data plane and the control plane is established with the OpenFlow protocol through the Southbound application programming interface (API) commonly using encrypted channels. The data plane performs packet forwarding based on the flow rules providing forwarding logic, which are defined according to the OpenFlow specification and installed through the Southbound API by the control plane [58]. Flow rules include MAC and IP destination addresses, transport-layer source and destination ports, and other necessary information for matching the desired packets. Notably, OpenFlow rules can be exploited to implement firewalls and enforce various security policies.

Control Plane. The control plane is the middle (viz. backbone) plane in an SDN architecture. It is considered as the brain of the networking system [55] and is in charge of managing the routing process. In more detail, the control plane encompasses logic and functional controllers applied to manage the control logic at different levels and to provide controlling functionalities, respectively. As shown in Fig. 5, its core can be realized via different OpenFlow-compliant implementations (e.g., NOX, POX, Beacon, Floodlight, etc.) [41]. It is connected with the application plane through the Northbound API and with data plane through the Southbound API. Additionally, two other interfaces are the Eastbound API and the Westbound API used for the communication between multiple distributed controllers [59]. It is worth noticing that the control plane provides several enhanced network services which offer improved management, QoS, and data privacy and security to the network infrastructure.

Application Plane. The application plane is the topmost plane of an SDN architecture. It includes programs to control the networking system and establishes a connection with the control plane using the Northbound API (usually a RESTful API). It also provides higher-level services to the SDN users and applications running on top of existing controller platforms. In detail, from this plane, applications transmit their requirements to the SDN controller where they are processed and then translated into commands and rules for the data plane devices of the SDN architecture. Some of the most common SDN applications are routing, load balancing, and firewalling [38].

In modern networks (e.g., always online smartphones, IoT sensors), the enormous number of interconnected devices produces a considerable amount of data gathered from the actual world. In this scenario, a urgent need to properly manage data arises and SDN is proposed as a solution because it can programmatically handle all the data received from the network environment [60]. Altering the base architecture of a network system is a challenging task; SDN makes it much easier and allows to quickly modify network characteristics. Researchers are prompted to take advantage of the capabilities of the SDN paradigm that can be exploited to performs distinct operations on the data based on the specific layer on which they operate [61].

Unfortunately, the communication among SDN planes is not fully secured and hence its adoption could lead to a corrupted network system due to maliciously wrong information exchanged [62]. To enhance the security and reliability of SDN networks, BC could efficiently help in checking the authenticity of transmissions [63‐65]. Moreover, the addition of smart contracts (SCs) into the BC validation process makes this technology even more trustworthy [66]. Besides, BC keeps the history of transaction in an immutable ledger that can prevent any third party interaction and tampering. However, on the one hand, BC can take the responsibility of the security of data transmission but on the other hand, it can not manage the data from IoT directly. Therefore, the integration of SDN and BC has been pursued to jointly take advantage of the peculiarities of both technologies.

We now discuss the research works that have proposed the joint usage of BC and SDN. Many researchers have suggested different BC–SDN architectures to guarantee latency, network performance, resource usage, security, and other desirable features [67‐73]. In the following, we go into details of such works.

Xie et al. [74] leverage SDN for 5G VANETs and show that their BC-based IoT network can unveil malicious vehicular nodes and messages. Similarly, Zhang et al. [70] also introduce a distributed BC-based software-defined VANET framework for smart cities named Block-SDV. In detail, Block-SDV integrates a novel deep Q-learning approach to solve the optimization problem of finding the optimal features for BC (e.g., trust features of BC nodes, number of consensus nodes, trust features of each vehicle, and computational capability of BC). The effectiveness of Block-SDV and related deep Q-learning is demonstrated in a simulation environment. Gao et al. [75] present a trust-based model to detect malicious activities integrating BC and SDN to improve security in 5G and fog VANET networks. The joint adoption of BC and SDN technologies have been also exploited for the design of IDSs employed in the control framework of industries [72]. El Houda et al. [68] propose a BC-based architecture named Cochain-SC, having two levels of attack mitigation: intra-domain and inter-domain DDoS mitigation in SDN. More specifically, the combination of intra entropy-based, intra Bayes-based, and intra-domain mitigation schemes is used to classify and mitigate the impact of malicious traffic. Furthermore, for inter-domain, the authors introduced an SC-based architecture that considered Ethereum technology to simplify the collaboration among SDN-based autonomous systems against DDoS attacks. Finally, the performance of their proposal is assessed based on efficiency, flexibility, security, and cost effectiveness.

Sharma et al. [67] propose the DistBlockNet architecture that allows the cooperation of SDN and BC in an IoT network. The authors devise a strategy for updating and formalizing the flow rule table applying a BC, and evaluate the performance according to various metrics showing better results compared to previous works. Rahman et al. [61] present DistBlockBuilding, a distributed BC–SDN architecture for smart cities, designing also a cluster-head selection algorithm for collecting sensors data with low energy dissipation. The authors evaluate the performance with different parameters such as throughput, latency, and packet arrival rate. Chaudhary et al. [76] leverage the benefits of BC technologies for the transportation network and use SDN to provide low power consumption and legitimate resources. Secure and reliable energy management is also considered in [77] where the authors design a cyber-secure decentralized framework to ensure reliability, efficiency, and sustainability jointly using SDN and BC.

With a specific focus on fog environments, Muthanna et al. [69] introduce an IoT-based fog system that incorporates BC and SDN. In detail, SDN can attain high privacy, availability, and security for IoT-based applications, while BC assures decentralization in a secure way. Furthermore, they investigate latency, network efficiency, and resource utilization for the experimental evaluation of their architecture. Similarly, Sharma et al. [73] present a novel BC-based distributed cloud architecture with fog nodes acting as SDN controller at the edge of the network, thus proposing an innovative combination of fog computing, SDN, and BC, along with an architecture for supporting availability, real-time data bringing, scalability, security, resilience, and low latency. Using this architecture, they also evaluate throughput, response time, and accuracy in detecting real-time attacks.

IoT networks are considered in [71], where authors present a model for facing present IoT challenges with SDN and BC in the context of 5G networks. They also introduce the elliptic curve digital signature algorithm for security purposes which is evaluated in a simulation environment. The challenges for securing cloud management from network perspective are investigated in [78], whose authors take advantage of SDN and BC to perform secure cloud management. An infrastructure incorporating both these technologies is developed to improve the availability of cloud systems through the automatic provisioning of network bandwidth. Derhab et al. [72] also face security challenges in an IoT-based industrial environment via a control framework leveraging BC–SDN integration. Moreover, Open-Flow based flow rules are installed in this industrial IoT network effectively exploiting the SDN paradigm. The presented SD-WAN model admits two additional elements, namely: (i) an IDS which can defend against attacks using the joint combination of random subspace learning and K-nearest neighbors methods (RSL–KNN), and (ii) a BC-based integrity checking system.

Differently, Qiu et al. [79] deal with the consensus problem in BC for software defined industrial IoT. To address such a problem, the authors use a Q-learning approach showing also its effectiveness via simulations. Shao et al. [80] also present a consensus algorithm named simplified practical Byzantine fault tolerance (SPBFT) to transmit messages in the SDN network securely. Specifically, the authors apply this BC approach in an SDN environment to create a readable, addable, and unmodifiable decentralized database. Also, to enhance the security and reach consensus in the SDN control layer, they leverage the proposed SPBFT algorithm to transfer messages between controllers. Finally, they compare SPBFT with the practical Byzantine fault tolerance algorithm proving that the proposed algorithm can significantly improve performance in terms of security and efficiency. On the same line, Liu et al. [81] define the TrustBlock method to calculate the trust value of SDN network node based on BC. More in detail, the authors leverage SDN to assess the legitimacy of the nodes and BC to ensure the trust value authenticity, immutability, and openness. The weight of each evaluation attribute is determined using an entropy-based method. BC is also considered as a solution to improve the SDN security of IoT-based applications interacting via inter-cloud communication in [82]. Basnet and Shakya [83] propose Blockchain security over SDN (BSS) to protect the privacy and availability of resources against non-trusting members. The authors demonstrate that BSS facilitates files sharing among SDN users in distributed P2P basis using OpenStack as a cloud storage platform. Additionally, Kataoka et al. [84], propose a Trust List that represents the distribution of trust among IoT-related stakeholders and aims to verifying and trusting IoT services and devices avoiding undesirable traffic of IoT devices responsible for attacks on the network system. Firstly, they verify that IoT traffic management is properly achieved using their proposal. Then, they discuss and implement a proper combination of BC and SDN to ensure security, dependability, and trusting for IoT services and devices. Finally, the proof of concept open-source implementation is tested on both public and private BCs.

Steichen et al. [85] propose ChainGuard, which utilizes an SDN module to manage network collisions and implements a firewall based on BC. Furthermore, ChainGuard can offer access control capabilities and can effectively mitigate flooding attacks. Finally, the authors discuss other aspects of the proposed architecture and provide observations on their experiments with the aforementioned model. Similarly, Abou El Houda et al. [86] present framework sharing SDN and BC to mitigate DDoS attacks in a scalable, stable, and cost-effective manner. Another possible application is proposed in [87] whose authors introduce a consolidated BC–SDN system that manages spectrum assets to enable interoperability between mobile network operators over small cells.

As described in Sect. 2.1, BC is widely used in different domains that take advantage of its unique properties. Nevertheless, dangerous attacks can cause several issues in BC-based networks. In the following, we describe some security issues that attackers exploit to undermine the safety and cause damage in BC systems [88].

As shown in Sect. 2.2, SDN is a scalable networking paradigm consisting of three planes: the application, control, and data plane. To secure SDN and lead to adequate protection, the first step is to understand the weaknesses of each of them. Indeed, it is worth noticing that the security of the overall system can be achieved by securing all the above-mentioned planes. However, because such planes are separated [92], the protection of the whole system needs also to be assured. In this sense, to secure the SDN model from attacks and intrusions, an additional plane can be added: it comprises attack and IDSs, and a firewall to defend the network and guarantee its availability [101].

Generally, in an SDN, users access data from various controllers, thus implementing a new architecture where they ask permission from the controller may protect the system from malware. On the other hand, networking devices (e.g., switches, routers, storage systems, and sensors) are involved in packet forwarding and located in the data plane. In addition, specific tools, such as Flow Checker, VeriFlow, and FortNOX can be used to effectively manage the packets by systematically forwarding or deleting packets thus increasing network efficiency [58]. OpenFlow can assist devices in determining the exact match of the packets [102]. While attack detection protects the network from the intruders, data encryption handles users authentication and protects the data from being manipulated by the attackers. In addition, the state of the network can be determined by analyzing the information processed by the control plane. In the last years, different tools have been proposed to support network administrators like Athena [103] that performs anomaly detection via a scalable approach.

As depicted in Fig. 5, in an SDN environment, there can be multiple controllers (communicating via the eastbound/westbound API) or a single centralized controller. Data transmission is performed by the switches following a flow table that contains information about the connections and their properties [104]. These devices take specific decisions for each request coming from different connections. In this context, a malicious user can shake up the normal traffic flows in the network. For example, an intruder may send different request for the same service to damage the network or sends a message that corrupts network devices. These are examples of common situations in which an IDS can help to ensure security [105]. Figure 8 depicts the main components of an IDS with the principal information exchanged among its blocks when applied in an SDN. Based on the information exchanged with the controller(s), the IDS can guide the update of the flow table to avoid malicious threats conducted by an attacker. To attain this goal, some researchers propose to check for the entropy of the IP addresses to discover anomalies regarding the users, and then analyze the flow table to figure out some useful features to build machine learning (ML) models for future predictions on unseen data [106, 107].

The combination of BC and SDN helps to improve the efficiency of smart architectures such as: smart grid, education, healthcare, industry, transportation, etc. Nevertheless, security continues to be a severe concern for these systems, and efforts are needed to solve challenges and issues as described in the following.

BC technologies are used in many areas, not only in financial applications. Figure 9 collects some of the application fields of BC technology covering several industrial sectors. In the following, we describe some of the most common BC applications. For the sake of completeness, other interesting ones are reported in Table 3 where recent works are summarized along with their application fields and related contributions. Unfortunately, almost all of such systems providing smart services (and their actual applicability) are validated and evaluated in simulation environments given the high cost needed to employ them in production.

Bitcoin and Cryptocurrencies. Bitcoin is a cryptocurrency, often described as digital or virtual currency because when using it, there are no bank transactions or any physical medium. Mining is a process originated from bitcoin systems where miners verify transactions and can earn bitcoin when validating a particular number of transactions. Bitcoin is stored in wallets which are referred to as a string of letters and numbers. These can be a piece of paper, a hardware device, or online-based. A physical bitcoin is useless if it doesn’t have any private codes inside. Starting in 2009, the cryptocurrency unit price was only \(0.01\); nowadays 1 bitcoin is worth \(\approx 40k\). Notably, the value of bitcoin has price ups and downs when exchanged with traditional currency due to politics, media hype, and country acknowledgements. Without being exhaustive, other than bitcoin, the most important BC-based cryptocurrencies (based on their market cap) are Ethereum, Litecoin, Tether, Binance Coin, and Cardano.

Supply Chain Management. We now discuss complex supply chains that extend to all parts of the world [146]. All physical products should take a journey from the seller to the buyer, and the process that allows to transfer such products is referred to as supply chain. In this context, transparency is related to the information accessible to firms composing the provider network [147]. The path to the consumer is not straightforward and sometimes there are dozens of intermediaries involved. The BC technology can potentially improve the transparency and traceability within the manufacturing supply chain through the use of the immutable record of data, distributed storage, and controlled user access [146].

BC-based SCs are introduced to facilitate secure analysis and management of medical sensors and to ensure data security and authorization (cf. Sect. 4.1) for patients and medical professionals [97, 137]. Figure 10 depicts a healthcare transaction using the BC and the different stakeholders involved, showing how BC-based systems establish a secured connection between the doctor, patient, and data analyst in healthcare organizations to manage the patient records securely. In such a way, the BC can address a variety of problems (e.g., care coordination, health data security, and interoperability issues) since—as shown in Fig. 10—it can harness the data stream to improve the quality of care by sharing medical records, protecting sensitive data from threat actors, and giving patients more control over their information. The BC can aggregate a patient’s medical and prescription records from multiple sites/providers to generate a single, up-to-date aggregate record that medical professionals can comprehensively refer to when treating patients.

E-voting. E-voting is an election voting system where users cast votes through a digital system with a secure, reliable, and secret balloting over the Internet. Many countries in the world use the e-voting system for its anonymity security, reliability, integrity, and availability. The BC with the SCs emerges as a good candidate to develop a cheaper, more secure, more transparent, and easier-to-use e-voting system [148]. Using BC, the main focus is to make the voting process fair and without any third-party mediation. There are many platforms to deal with the e-voting systems; one of them, Ethereum, is a widespread network for deploying such applications. The main concern in this scenario is to protect the users’ identity and preserve transparency and integrity of data. To face this challenge Ethereum provides different hash values to users in the network through which it is almost impossible to identify the individuals. At the same time, each transaction is visible to everyone in the network [149] and can be validated: this makes it transparent to all the nodes in the network and maintains the integrity of data. Moreover, in distributed databases, data are stored in particular locations, making the data unmodifiable and thus the vote can not be manipulated.

Smart Contract. An SC is a protocol that digitally facilitates the verification, control, or execution of an agreement. It is a compromise between two or more parties in the form of a digital code. On the BC, participants run these codes which are kept in a public database and are unchangeable. In other words, SCs are a set of rules, and the BC manages the transactions that meet them so that they can be delivered automatically without a third-party. With a contract, some conditions needs to meet up; in this case, both rules and data are stored in the BC. Moreover, if any illegal transaction according to the SC occurs, the BC can swiftly rollback the transaction [66]. Summarizing, SC is acknowledged as a contract having as features self-execution, transparency, flexibility, and self-enforcing [150].

Internet of Things. IoT presents a massive variety of devices offering possibilities for remote monitoring in numerous applications of several domains [151, 152]. IoT is widely used in smart industries, smart transportation, healthcare, military/battlefield-things, etc., and it is considered a revolution which is changing our world. Given its impressive dimensions and distributed nature, privacy and security are the main concerns [153, 154]. Many frameworks are proposed to secure IoT environments; among them BC is increasingly used to make IoT platforms secure [155]. In BC-based IoT systems, as shown in Fig. 11, private BC performs tasks efficiently and at low cost in closed environments, whereas public BC can establish connections between multiple IoT environments once at a time. In this case, management of trust is crucial and is maintained centrally without any third-party involvement.

Hyperledger. Hyperledger is an open-source collaborative effort that has been established to advance BC technologies. It is hosted by the Linux Foundation, and it is an all-embracing co-operation platform that supports ledgers in supply chains, banking, manufacturing, IoT, finance, and technology. In simple terms, Hyperledger can be thought of as a software that enables developers all across the globe to develop BC-based solutions for particular businesses [156].

Industry 4.0. Recently, industrial activities are advancing towards automation [2]. Activities that do not strictly require human intervention are performed with the help of several automated technologies, and BC is one of the most important. With its properties and the help of encrypted algorithms, nowadays it has been applied (or proposed to apply) to different industrial sectors [157, 158]. For instance, in the power electronics sector, through this technology, a producer can submit an offer for a certain device, while engineers evaluate and decide whether to accept it. In case of no matching, the producer has the possibility to resubmit the offer to reduce the mismatch with the supply [159]. Flexibility, authorization mechanisms, and protection must be guaranteed when moving to the automation process. BC allows a more sustainable and scalable ecosystem for smooth industrial operations supporting other innovative technologies such as edge computing [160]. Moreover, Industry 4.0 depends on data received from multiple sources which are processed to produce an outcome. The entire framework would fail if data are not properly validated. Also, ensuring their protection is necessary so that a third-party can not compromise the data. In this respect, BC can provide Industry 4.0 framework with unalterable, secure, and privacy-preserving data storage [161].

Others Applications. Apart from the above-discussed applications, BC is also used in finance, business, government, asset management, insurance, personal identification, real estate, and many other fields as summarized in Fig. 9.

The integration of BC and SDN can offer various systems some remarkable features. For example, in [87], the authors introduce a particular deployment approach for multi-operator small cells exploiting the fusion of BC and SDN. In detail, BC is implemented above the SDN platform that qualifies the operations within the network. These two technologies are also used in vehicular networks, especially for security purposes because SDN provides flexibility and BC offers trust to the network.

Generally, to diminish the vulnerability of the huge number of network devices, SDN control plane is not satisfactory: this is why BC takes the place to validate insertions into flow tables [8]. Researchers propose to send the information from network devices via BC agents which act as the mediator plane to verify insertions and are enforced between the SDN switches and SDN controller. This mechanism is responsible for vicious flows.

The monocentric architecture of SDN exposes it to a great range of attacks; for this reason, private BC is used to manage the resources along with the other technologies [162]. In some particular contexts, SDN controllers are used to make a chain of controllers as if each of them constitutes a block of the private BC. Encryption is also used before storing the information and also to establish P2P connections between SDN controllers and other devices [163].

A private BC is used in each domain of an SDN, while each SDN controller is associated with other controllers through a public BC. In this way, security of SDN is attained, while a significant number of works aims to improve the performance of cloud storage combined with BC–SDN. For instance, in [73] a distributed BC cloud architecture based on software-defined fog nodes is presented. In the fog layer, the SDN controllers realize a distributed network forming a BC, while in the cloud layer, another BC is constituted with the cloud storage. When multiple controllers are deployed in an SDN, BC can also harmonize their joint cooperation.

There are many other examples where these two technologies are employed in concert [164]. Indeed, although SDN has extremely valuable benefits, it requires BC support especially into the control plane to guarantee the security [80]. For example, to mitigate DDoS attacks, in [68, 165] is investigated the usage of SCs in the Ethereum platform, whose rules are programmatically defined in the SCs.