1.
Ahmet Kurt, Enes Erdin, Mumin Cebe, Kemal Akkaya, A. Selcuk Uluagac
LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit Conference Paper
In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS) 2020.
Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security
@conference{10.1007/978-3-030-59013-0_36,
title = {LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit},
author = {Ahmet Kurt and Enes Erdin and Mumin Cebe and Kemal Akkaya and A. Selcuk Uluagac},
editor = {Liqun Chen and Ninghui Li and Kaitai Liang and Steve Schneider},
url = {https://link.springer.com/chapter/10.1007/978-3-030-59013-0_36},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
series = {In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS)},
abstract = {While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.},
keywords = {Bitcoin, Blockchain Security},
pubstate = {published},
tppubtype = {conference}
}
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.
2.
Enes Erdin, Mumin Cebe, Kemal Akkaya, Eyuphan Bulut, A. Selcuk Uluagac
A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links Conference Paper
In the Proceedings of the IEEE International Conference on Blockchain (Blockchain), 2019.
Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security
@conference{Erdin2019Blockchainb,
title = {A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Eyuphan Bulut and A. Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8946276},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {In the Proceedings of the IEEE International Conference on Blockchain (Blockchain)},
abstract = {While Bitcoin dominates the market for cryptocurrencies, its use in micropayments is still a challenge due to its long transaction validation times and high fees. Recently, the concept of off-chain payments is introduced that led to the idea of establishing a payment network called Lightning Network (LN). Off-chain links provide the ability to do transactions without writing to Blockchain. However, LN's design still favors fees and is creating hub nodes that defeat the purpose of Blockchain. In addition, it is still not reliable as not all the transactions are guaranteed to be transmitted to their destinations. If current retailers would like to use it, these problems might hinder its adoption. To address this issue, in this paper, we advocate creating a private payment network among a given set of retailers that will serve their business needs, just like the idea of private Blockchains. The goal is to build a pure peer-to-peer topology that will eliminate the need for relays and increase the robustness of payments. Using off-chain links as edges and retailers as nodes, the problem is formulated as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we propose a heuristic approach that utilizes Dijkstra's shortest path algorithm in a dynamic way by updating the edge weights when new payment paths are to be found. The order of transactions is randomized to provide fairness among the retailers. The evaluations indicate that the proposed heuristic comes close to an optimal solution while providing scalability and user privacy.},
howpublished = {In the proceedings of the International Conference on Blockchain},
keywords = {Bitcoin, Blockchain Security},
pubstate = {published},
tppubtype = {conference}
}
While Bitcoin dominates the market for cryptocurrencies, its use in micropayments is still a challenge due to its long transaction validation times and high fees. Recently, the concept of off-chain payments is introduced that led to the idea of establishing a payment network called Lightning Network (LN). Off-chain links provide the ability to do transactions without writing to Blockchain. However, LN's design still favors fees and is creating hub nodes that defeat the purpose of Blockchain. In addition, it is still not reliable as not all the transactions are guaranteed to be transmitted to their destinations. If current retailers would like to use it, these problems might hinder its adoption. To address this issue, in this paper, we advocate creating a private payment network among a given set of retailers that will serve their business needs, just like the idea of private Blockchains. The goal is to build a pure peer-to-peer topology that will eliminate the need for relays and increase the robustness of payments. Using off-chain links as edges and retailers as nodes, the problem is formulated as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we propose a heuristic approach that utilizes Dijkstra's shortest path algorithm in a dynamic way by updating the edge weights when new payment paths are to be found. The order of transactions is randomized to provide fairness among the retailers. The evaluations indicate that the proposed heuristic comes close to an optimal solution while providing scalability and user privacy.
Citations: 8413
h-index: 44
i10-index: 107
