Project Summary: In recent years, many cryptocurrencies started being used in various daily-life applications. In particular, Bitcoin has been gaining tremendous popularity which was fueled by the revolutionary blockchain concept. Its market cap is now above 50% among all cryptocurrencies. Nevertheless, Bitcoin’s transaction fees are still high and payment verification times are generally more than 10 minutes, which makes it unfeasible for real-time transactions. To address this issue, different schemes have been proposed. Among these, the most widely adopted one is the Lightning Network (LN). The idea is to utilize smart contracts and avoid writing every transaction to the blockchain. Instead, the transactions are recorded off-chain until the accounts are reconciled. Specifically, once a channel is created between two peers, many off-chain transactions can be performed in both directions as long as there are enough funds. When many nodes come together, the off-chain payment channels turn into a network, referred to as a payment channel network (PCN), such as LN. As of today, LN grew to more than 17K users in three years, making it a popular environment for instant Bitcoin transactions.  

The emergence of LN opened new doors to many potential novel applications that can utilize its infrastructure. Indeed, LN’s underlying network offers a perfectly covert communication medium to enable security and privacy by default. This creates opportunities for the sake of good and bad. This project aims to demonstrate both types of applications that can rely on or exploit LN, which are referred to as third-layer applications assuming that Bitcoin is the first and LN is the second layer. We tackled the challenges of building third-layer LN applications in two practical use cases.  

The first practical application we target is the utilization of LN for enabling micro-payments (i.e., paying with your smartwatch or vehicle) for resource-constrained IoT devices without dealing with credit card payments. For this purpose, we introduce two protocols that enable IoT devices with limited resources to be able to use LN without installing LN or Bitcoin software. The first approach is based on a designated gateway node to act on behalf of an IoT device to open & close LN channels and transact with other users. To guarantee trustless operations, we introduce 3-of-3 multisignature LN channels which secure the IoT device’s funds even when the gateway is malicious. More specifically, the gateway needs the IoT device’s cryptographic signature for every LN operation, when not provided, operations such as channel opening & closing or payment sending cannot be completed. To incentivize the gateway, the IoT device pays fees to the gateway for every transaction it performs. The second protocol aims to improve this protocol by using threshold cryptography instead of 3-of-3 multisig. By using threshold cryptography, the channel structure of LN does not need to be modified. Another advantage of the threshold method is the smaller transaction size which reduces the transaction fees paid by the IoT device and the gateway. We extended the threshold work by analyzing the security of the protocol using game theory and extended the implementation with Bluetooth experiments. 

While LN can enable useful applications such as IoT micro-payments, it can also be exploited for malicious purposes. For this use case, we show how LN can be used to control a botnet through highly anonymous covert communication. We introduce LNBot which is a covert hybrid botnet running on top of LN by utilizing various anonymity features of LN to operate. By encoding messages using LN payments, we show that it is very hard to shut down LNBot because of the strong anonymity features of LN such as its onion-routed payments. We extended this work such that the botnet can form itself distributively removing the need for any manual intervention from the botmaster. 

Our current work is about enabling offline LN payments in a mobile mesh network setting where the nodes do not have Internet connectivity and can move around. We already have proof of concept implementation of the idea using both Bluetooth and WiFi for the communication protocol.  

People: Ahmet Kurt, Dr. Kemal Akkaya, Ricardo Harrilal-Parchment, Hadi Sahin 

Publications:  

  • Ahmet Kurt, Enes Erdin, Mumin Cebe, Kemal Akkaya, A. Selcuk Uluagac, (2020), “LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit” in European Symposium on Research in Computer Security (ESORICS 2020) (pp. 734-755). 
  • Suat Mercan, Ahmet Kurt, Enes Erdin and Kemal Akkaya, (2021), “Cryptocurrency Solutions to Enable Micro-payments in Consumer IoT” in IEEE Consumer Electronics Magazine (vol 11, issue 2, pp. 97- 103). 
  • Ahmet Kurt, Suat Mercan, Enes Erdin, Kemal Akkaya, (2021), “Enabling Micro-payments on IoT Devices using Bitcoin Lightning Network” in 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) (pp. 1-3). 
  • Ahmet Kurt, Suat Mercan, Omer Shlomovits, Enes Erdin, Kemal Akkaya, (2021), “LNGate: Powering IoT with Next Generation Lightning Micro-payments using Threshold Cryptography” in 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 117-128). 
  • Ahmet Kurt, Suat Mercan, Enes Erdin, Kemal Akkaya, (2021), “3-of-3 Multisignature Approach for Enabling Lightning Network Micro-payments on IoT Devices” in ITU Journal on Future and Evolving Technologies (vol 2, issue 5, pp. 53-67).   
  • Ahmet Kurt, Enes Erdin, Kemal Akkaya, A. Selcuk Uluagac, Mumin Cebe, (2021), “D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin’s Lightning Network” in arxiv preprint arXiv:2112.07623 and in review at IEEE TDSC (pp. 1-18). 
  • Ahmet Kurt, Kemal Akkaya, Sabri Yilmaz, Suat Mercan, Omer Shlomovits, Enes Erdin, (2022), “LNGate2: Secure Bidirectional IoT Micro-payments using Bitcoin’s Lightning Network and Threshold Cryptography” in arxiv preprint arXiv:2206.02248 and in review at IEEE TMC (pp. 1-18).