Tayebeh Rajabi, Alvi Ataur Khalil, Mohammad Hossein Manshaei, Mohammad Ashiqur Rahman, Mohammad Dakhilalian, Maurice Ngouen, Murtuza Jadliwala, A. Selcuk Uluagac
Feasibility Analysis for Sybil Attacks in Shard-Based Permissionless Blockchains Journal Article
ACM Distributed Ledger Technologies: Research and Practice Journal, 2023.
Abstract | Links | BibTeX | Tags: Blockchain Security, Network Security, Smart Home Security
@article{Tayabeh2023,
title = {Feasibility Analysis for Sybil Attacks in Shard-Based Permissionless Blockchains},
author = {Tayebeh Rajabi and Alvi Ataur Khalil and Mohammad Hossein Manshaei and Mohammad Ashiqur Rahman and Mohammad Dakhilalian and Maurice Ngouen and Murtuza Jadliwala and A. Selcuk Uluagac},
url = {https://doi.org/10.1145/3618302},
doi = {10.1145/3618302},
year = {2023},
date = {2023-12-01},
urldate = {2023-12-01},
journal = {ACM Distributed Ledger Technologies: Research and Practice Journal},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
abstract = {Committee-based permissionless blockchain approaches overcome single leader consensus protocols’ scalability issues by partitioning the outstanding transaction set into shards and selecting multiple committees to process these transactions in parallel. However, by design, shard-based blockchain solutions are vulnerable to Sybil attacks. An adversary with enough computational/hash power can easily manipulate the consensus protocol by generating multiple valid node identifiers/IDs (i.e., multiple Sybil committee members).Despite the straightforward nature of these attacks, they have not been systematically investigated. This article fills this research gap by analyzing Sybil attacks in shard-based consensus of proof-of-work blockchain systems. Specifically, we provide a detailed analysis for Elastico, one of the prominent shard-based blockchain models. We show that the proof-of-work technique used for ID generation in the initial phase of such protocols is vulnerable to Sybil attacks when an adversary (could be a group of colluding nodes) possesses enough hash power. We analytically derive conditions for two different Sybil attacks and perform numerical simulations to validate our theoretical results under various parameters. Further, we utilize the BlockSim simulator to validate our mathematical computation, and results confirm the correctness of the analysis.},
keywords = {Blockchain Security, Network Security, Smart Home Security},
pubstate = {published},
tppubtype = {article}
}
Alvi Ataur Khalil, Javier Franco, Imtiaz Parvez, Selcuk Uluagac, Hossain Shahriar, Mohammad Ashiqur Rahman
A Literature Review on Blockchain-enabled Security and Operation of Cyber-Physical Systems Conference Paper
In the Proceedings of 46th Annual Computers, Software and Applications Conference (COMPSAC), 2022.
Abstract | Links | BibTeX | Tags: Blockchain Security, CPS Security
@conference{9842711,
title = {A Literature Review on Blockchain-enabled Security and Operation of Cyber-Physical Systems},
author = {Alvi Ataur Khalil and Javier Franco and Imtiaz Parvez and Selcuk Uluagac and Hossain Shahriar and Mohammad Ashiqur Rahman},
url = {https://ui.adsabs.harvard.edu/abs/2021arXiv210707916A/abstract},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
booktitle = {In the Proceedings of 46th Annual Computers, Software and Applications Conference (COMPSAC)},
abstract = {Blockchain has become a key technology in a plethora of application domains owing to its decentralized public nature. The cyber-physical systems (CPS) is one of the prominent application domains that leverage blockchain for myriad operations, where the Internet of Things (IoT) is utilized for data collection. Although some of the CPS problems can be solved by simply adopting blockchain for its secure and distributed nature, others require complex considerations for overcoming blockchain-imposed limitations while maintaining the core aspect of CPS. Even though a number of studies focus on either the utilization of blockchains for different CPS applications or the blockchain-enabled security of CPS, there is no comprehensive survey including both perspectives together. To fill this gap, we present a comprehensive overview of contemporary advancement in using blockchain for enhancing different CPS.},
keywords = {Blockchain Security, CPS Security},
pubstate = {published},
tppubtype = {conference}
}
Ege Tekiner, Abbas Acar, A. Selcuk Uluagac, Engin Kirda, Ali Aydin Selcuk
SoK: Cryptojacking Malware Conference Paper
In the Processings of 6th IEEE European Symposium on Security and Privacy (EuroS&P), Virtual, 2021.
Abstract | Links | BibTeX | Tags: Blockchain Security, Cryptojacking, Malware
@conference{tekiner2021,
title = {SoK: Cryptojacking Malware},
author = {Ege Tekiner and Abbas Acar and A. Selcuk Uluagac and Engin Kirda and Ali Aydin Selcuk},
url = {https://ieeexplore.ieee.org/abstract/document/9581251/},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {In the Processings of 6th IEEE European Symposium on Security and Privacy (EuroS&P)},
address = {Virtual},
abstract = {Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting},
keywords = {Blockchain Security, Cryptojacking, Malware},
pubstate = {published},
tppubtype = {conference}
}
Ahmet Kurt, Enes Erdin, Kemal Akkaya, Selcuk Uluagac, Mumin Cebe
D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network Journal Article
IEEE Transactions on Dependable and Secure Computing Journal, 2021.
Abstract | Links | BibTeX | Tags: Blockchain Security, Network Security
@article{Kurt2021DLNBotAS,
title = {D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network},
author = {Ahmet Kurt and Enes Erdin and Kemal Akkaya and Selcuk Uluagac and Mumin Cebe},
url = {https://api.semanticscholar.org/CorpusID:245131355},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
journal = {IEEE Transactions on Dependable and Secure Computing Journal},
abstract = {While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further},
keywords = {Blockchain Security, Network Security},
pubstate = {published},
tppubtype = {article}
}
Enes Erdin, Mumin Cebe, Kemal Akkaya, Eyuphan Bulut, Selcuk Uluagac
A scalable private Bitcoin payment channel network with privacy guarantees Journal Article
Journal of Network and Computer Applications, 2021.
Abstract | BibTeX | Tags: Blockchain Security
@article{erdin2021scalable,
title = {A scalable private Bitcoin payment channel network with privacy guarantees},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Eyuphan Bulut and Selcuk Uluagac},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
journal = {Journal of Network and Computer Applications},
publisher = {Elsevier},
abstract = {While Bitcoin heavily dominates the cryptocurrency markets, its use in micropayments is still a challenge due to long transaction confirmation times and high fees. Recently, the concept of off-chain transactions is introduced that led to the idea of establishing a payment channel network called Lightning Network (LN), which utilizes multi-hop payments. Off-chain links provide the ability to make instant payments without a need to writing to Blockchain. However, LN's design still favors fees, and it is creating hub nodes or relays that defeat the purpose of Blockchain. In addition, it is still not reliable, as not all transactions are guaranteed to be delivered to their destinations. These issues hinder its wide adoption by retailers. To address this issue, in this paper, we argue that the retailers could create a private payment channel network among them to serve their business needs, just like the concept of private Blockchains.},
keywords = {Blockchain Security},
pubstate = {published},
tppubtype = {article}
}
Suat Mercan, Mumin Cebe, Ege Tekiner, Kemal Akkaya, Melissa Chang, Selcuk Uluagac
A cost-efficient iot forensics framework with blockchain Conference Paper
In the Proceedings of the IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE 2020.
Abstract | Links | BibTeX | Tags: Blockchain Security
@conference{mercan2020cost,
title = {A cost-efficient iot forensics framework with blockchain},
author = {Suat Mercan and Mumin Cebe and Ege Tekiner and Kemal Akkaya and Melissa Chang and Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9169397},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {In the Proceedings of the IEEE International Conference on Blockchain and Cryptocurrency (ICBC)},
organization = {IEEE},
abstract = {IoT devices have been adopted widely in the last decade which enabled collection of various data from different environments. Data storage poses challenges since the data may be compromised during the storage and the integrity might be violated without being noticed. In such cases, integrity and data provenance are required in order to be able to detect the source of any incident and prove it in legal cases. To address these issues, blockchain provides excellent opportunities since it can protect the integrity of the data thanks to its distributed structure. However, it comes with certain costs as storing huge amount of data in a public blockchain will come with significant transaction fees. In this paper, we propose a highly cost effective and reliable digital forensics framework by exploiting multiple inexpensive blockchain networks as a temporary storage before the data is committed to Ethereum. },
keywords = {Blockchain Security},
pubstate = {published},
tppubtype = {conference}
}
Enes Erdin, Mumin Cebe, Kemal Akkaya, Senay Solak, Eyuphan Bulut, Selcuk Uluagac
A Bitcoin payment network with reduced transaction fees and confirmation times Journal Article
Computer Networks Journal, 2020.
Abstract | BibTeX | Tags: Blockchain Security
@article{erdin2020bitcoin,
title = {A Bitcoin payment network with reduced transaction fees and confirmation times},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Senay Solak and Eyuphan Bulut and Selcuk Uluagac},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {Computer Networks Journal},
publisher = {Elsevier},
abstract = {The high transaction fees and confirmation times made Bitcoin unfeasible for many applications when the payments are in small amounts and require instant approval. As a result, many other cryptocurrencies were introduced for addressing these issues, but the Bitcoin network is still the most widely used payment system. Without doubt, to benefit from its network of users, there is a need for novel solutions that can successfully address the problems about high transaction fees and transaction verification times. Recently, payment network ideas have been introduced including the Lightning Network (LN) which exploits off-chain bidirectional payment channels between parties. As off-chain links can be configured to perform aggregated transactions at certain intervals without writing to blockchain, this would not only reduce the transaction fees but also decrease the verification times significantly. },
keywords = {Blockchain Security},
pubstate = {published},
tppubtype = {article}
}
Ahmet Kurt, Enes Erdin, Mumin Cebe, Kemal Akkaya, A. Selcuk Uluagac
LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit Conference Paper
In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS) 2020.
Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security
@conference{10.1007/978-3-030-59013-0_36,
title = {LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit},
author = {Ahmet Kurt and Enes Erdin and Mumin Cebe and Kemal Akkaya and A. Selcuk Uluagac},
editor = {Liqun Chen and Ninghui Li and Kaitai Liang and Steve Schneider},
url = {https://link.springer.com/chapter/10.1007/978-3-030-59013-0_36},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
series = {In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS)},
abstract = {While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.},
keywords = {Bitcoin, Blockchain Security},
pubstate = {published},
tppubtype = {conference}
}
Enes Erdin, Mumin Cebe, Kemal Akkaya, Eyuphan Bulut, A. Selcuk Uluagac
A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links Conference Paper
In the Proceedings of the IEEE International Conference on Blockchain (Blockchain), 2019.
Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security
@conference{Erdin2019Blockchainb,
title = {A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Eyuphan Bulut and A. Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8946276},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {In the Proceedings of the IEEE International Conference on Blockchain (Blockchain)},
abstract = {While Bitcoin dominates the market for cryptocurrencies, its use in micropayments is still a challenge due to its long transaction validation times and high fees. Recently, the concept of off-chain payments is introduced that led to the idea of establishing a payment network called Lightning Network (LN). Off-chain links provide the ability to do transactions without writing to Blockchain. However, LN's design still favors fees and is creating hub nodes that defeat the purpose of Blockchain. In addition, it is still not reliable as not all the transactions are guaranteed to be transmitted to their destinations. If current retailers would like to use it, these problems might hinder its adoption. To address this issue, in this paper, we advocate creating a private payment network among a given set of retailers that will serve their business needs, just like the idea of private Blockchains. The goal is to build a pure peer-to-peer topology that will eliminate the need for relays and increase the robustness of payments. Using off-chain links as edges and retailers as nodes, the problem is formulated as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we propose a heuristic approach that utilizes Dijkstra's shortest path algorithm in a dynamic way by updating the edge weights when new payment paths are to be found. The order of transactions is randomized to provide fairness among the retailers. The evaluations indicate that the proposed heuristic comes close to an optimal solution while providing scalability and user privacy.},
howpublished = {In the proceedings of the International Conference on Blockchain},
keywords = {Bitcoin, Blockchain Security},
pubstate = {published},
tppubtype = {conference}
}
Mumin Cebe, Enes Erdin, Kemal Akkaya, Hidayet Aksu, Selcuk Uluagac
Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles Journal Article
IEEE Communications Magazine, 2018.
Abstract | Links | BibTeX | Tags: Blockchain Security, Forensics, IoT Security
@article{cebe2018block4forensic,
title = {Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles},
author = {Mumin Cebe and Enes Erdin and Kemal Akkaya and Hidayet Aksu and Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/document/8493118},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {IEEE Communications Magazine},
publisher = {IEEE},
abstract = {Today's vehicles are becoming cyber-physical systems that not only communicate with other vehicles but also gather various information from hundreds of sensors within them. These developments help create smart and connected (e.g., self-driving) vehicles that will introduce significant information to drivers, manufacturers, insurance companies, and maintenance service providers for various applications. One such application that is becoming crucial with the introduction of self-driving cars is forensic analysis of traffic accidents. The utilization of vehicle-related data can be instrumental in post-accident scenarios to discover the faulty party, particularly for self-driving vehicles. With the opportunity of being able to access various information in cars, we propose a permissioned blockchain framework among the various elements involved to manage the collected vehicle-related data. Specifically, we first integrate vehicular public key infrastructure (VPKI) to the proposed blockchain to provide membership establishment and privacy. Next, we design a fragmented ledger that will store detailed data related to vehicles such as maintenance information/ history, car diagnosis reports, and so on. The proposed forensic framework enables trustless, traceable, and privacy-aware post-accident analysis with minimal storage and processing overhead.},
keywords = {Blockchain Security, Forensics, IoT Security},
pubstate = {published},
tppubtype = {article}
}
Enes Erdin, Mumin Cebe, Kemal Akkaya, Senay Solak, Eyuphan Bulut, Selcuk Uluagac
Building a Private Bitcoin-Based Payment Network Among Electric Vehicles and Charging Stations Conference Paper
In the Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018.
Abstract | Links | BibTeX | Tags: Blockchain Security, Vehicle security
@conference{Erdin2018PrivBCNetc,
title = {Building a Private Bitcoin-Based Payment Network Among Electric Vehicles and Charging Stations},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Senay Solak and Eyuphan Bulut and Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8726825},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
publisher = {In the Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)},
abstract = {Mass penetration and market dominance of Electric Vehicles (EVs) are expected in the upcoming years. Due to their frequent charging needs, not only public and private charging stations are being built, but also V2V charging options are considered. This forms a charging network with various suppliers and EV customers which can communicate to schedule charging operations. While an app can be designed to develop matching algorithms for charging schedules, the system also needs a convenient payment method that will enable privacy-preserving transactions among the suppliers and EVs. In this paper, we adopt a Bitcoin-based payment system for the EV charging network payments. However, Bitcoin has a transaction fee which would be comparable to the price of the charging service most of the time and thus may not be attractive to users. High transaction fees can be eliminated by building a payment network in parallel to main ledger, with permission and signatures. In this paper, we design and implement such a network among charging stations and mobile EVs with flow, connectivity and fairness constraints, and demonstrate results for the feasibility of the scheme under different circumstances. More specifically, we propose a payment network optimization model for determining payment channels among charging stations. We present numerical results on the characteristics of the network model by using realistic use cases.},
keywords = {Blockchain Security, Vehicle security},
pubstate = {published},
tppubtype = {conference}
}
Citations: 8413
h-index: 44
i10-index: 107