No Arabic abstract
The successful amalgamation of cryptocurrency and consumer Internet of Things (IoT) devices can pave the way for novel applications in machine-to-machine economy. However, the lack of scalability and heavy resource requirements of initial blockchain designs hinders the integration as they prioritized decentralization and security. Numerous solutions have been proposed since the emergence of Bitcoin to achieve this goal. However, none of them seem to dominate and thus it is unclear how consumer devices will be adopting these approaches. Therefore, in this paper, we critically review the existing integration approaches and cryptocurrency designs that strive to enable micro-payments among consumer devices. We identify and discuss solutions under three main categories; direct integration, payment channel network and new cryptocurrency design. The first approach utilizes a full node to interact with the payment system. Offline channel payment is suggested as a second layer solution to solve the scalability issue and enable instant payment with low fee. New designs converge to semi-centralized scheme and focuson lightweight consensus protocol that does not require highcomputation power which might mean loosening the initial designchoices in favor of scalability. We evaluate the pros and cons ofeach of these approaches and then point out future researchchallenges. Our goal is to help researchers and practitioners tobetter focus their efforts to facilitate micro-payment adoptions.
Lightning Network (LN) addresses the scalability problem of Bitcoin by leveraging off-chain transactions. Nevertheless, it is not possible to run LN on resource-constrained IoT devices due to its storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LNs functions through a gateway LN node. The idea is to involve the IoT device in LN operations with its digital signature by replacing original 2-of-2 multisignature channels with 3-of-3 multisignature channels. Our protocol enforces the LN gateway to request the IoT devices cryptographic signature for all operations on the channel. We evaluated the proposed protocol by implementing it on a Raspberry Pi for a toll payment scenario and demonstrated its feasibility and security.
Bitcoin has emerged as a revolutionary payment system with its decentralized ledger concept however it has significant problems such as high transaction fees and long confirmation times. Lightning Network (LN), which was introduced much later, solves most of these problems with an innovative concept called off-chain payments. With this advancement, Bitcoin has become an attractive venue to perform micro-payments which can also be adopted in many IoT applications (e.g. toll payments). Nevertheless, it is not feasible to host LN and Bitcoin on IoT devices due to the storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LN through an untrusted gateway node. The gateway hosts LN and Bitcoin nodes and can open & close LN channels, send LN payments on behalf of the IoT device. This delegation approach is powered by a (2,2)-threshold scheme that requires the IoT device and the LN gateway to jointly perform all LN operations which in turn secures both parties funds. Specifically, we propose to thresholdize LNs Bitcoin public and private keys as well as its commitment points. With these and several other protocol level changes, IoT device is protected against revoked state broadcast, collusion, and ransom attacks. We implemented the proposed protocol by changing LNs source code and thoroughly evaluated its performance using a Raspberry Pi. Our evaluation results show that computational and communication delays associated with the protocol are negligible. To the best of our knowledge, this is the first work that implemented threshold cryptography in LN.
Blockchain-based cryptocurrencies received a lot of attention recently for their applications in many domains. IoT domain is one of such applications, which can utilize cryptocur-rencies for micro payments without compromising their payment privacy. However, long confirmation times of transactions and relatively high fees hinder the adoption of cryptoccurency based micro-payments. The payment channel networks is one of the proposed solutions to address these issue where nodes establish payment channels among themselves without writing on blockchain. IoT devices can benefit from such payment networks as long as they are capable of sustaining their overhead. Payment channel networks pose unique characteristics as far as the routing problem is concerned. Specifically, they should stay balanced to have a sustainable network for maintaining payments for longer times, which is crucial for IoT devices once they are deployed.In this paper, we present a payment channel network design that aims to keep the channels balanced by using a common weight policy across the network. We additionally propose using multi-point connections to nodes for each IoT device for unbalanced payment scenarios. The experiment results show that we can keep the channels in the network more equally balanced compared to the minimal fee approach. In addition, multiple connections from IoT devices to nodes increase the success ratio significantly.
Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life-cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only the device itself, but also the application field in which the IoT device operates. Evidently, identifying and addressing every single vulnerability is an arduous, if not impossible, task. Attack taxonomies can assist in classifying attacks and their corresponding vulnerabilities. Security countermeasures and best practices can then be leveraged to mitigate threats and vulnerabilities before they emerge into catastrophic attacks and ensure overall secure IoT operation. Therefore, in this paper, we provide an attack taxonomy which takes into consideration the different layers of IoT stack, i.e., device, infrastructure, communication, and service, and each layers designated characteristics which can be exploited by adversaries. Furthermore, using nine real-world cybersecurity incidents, that had targeted IoT devices deployed in the consumer, commercial, and industrial sectors, we describe the IoT-related vulnerabilities, exploitation procedures, attacks, impacts, and potential mitigation mechanisms and protection strategies. These (and many other) incidents highlight the underlying security concerns of IoT systems and demonstrate the potential attack impacts of such connected ecosystems, while the proposed taxonomy provides a systematic procedure to categorize attacks based on the affected layer and corresponding impact.
The production of counterfeit money has a long history. It refers to the creation of imitation currency that is produced without the legal sanction of government. With the growth of the cryptocurrency ecosystem, there is expanding evidence that counterfeit cryptocurrency has also appeared. In this paper, we empirically explore the presence of counterfeit cryptocurrencies on Ethereum and measure their impact. By analyzing over 190K ERC-20 tokens (or cryptocurrencies) on Ethereum, we have identified 2, 117 counterfeit tokens that target 94 of the 100 most popular cryptocurrencies. We perform an end-to-end characterization of the counterfeit token ecosystem, including their popularity, creators and holders, fraudulent behaviors and advertising channels. Through this, we have identified two types of scams related to counterfeit tokens and devised techniques to identify such scams. We observe that over 7,104 victims were deceived in these scams, and the overall financial loss sums to a minimum of $ 17 million (74,271.7 ETH). Our findings demonstrate the urgency to identify counterfeit cryptocurrencies and mitigate this threat.