BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Kemal Akkaya

Kemal Akkaya contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityNetworking and Internet ArchitectureMachine Learning

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
9works
0followers
3topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

9 published item(s)

preprint2021arXiv

An Evaluation of Cryptocurrency Payment Channel Networks and Their Privacy Implications

Cryptocurrencies redefined how money can be stored and transferred among users. However, independent of the amount being sent, public blockchain-based cryptocurrencies suffer from high transaction waiting times and fees. These drawbacks hinder the wide use of cryptocurrencies by masses. To address these challenges, payment channel network concept is touted as the most viable solution to be used for micro-payments. The idea is exchanging the ownership of money by keeping the state of the accounts locally. The users inform the blockchain rarely, which decreases the load on the blockchain. Specifically, payment channel networks can provide transaction approvals in seconds by charging a nominal fee proportional to the payment amount. Such attraction on payment channel networks inspired many recent studies which focus on how to design them and allocate channels such that the transactions will be secure and efficient. However, as payment channel networks are emerging and reaching large number of users, privacy issues are becoming more relevant that raise concerns about exposing not only individual habits but also businesses' revenues. In this paper, we first propose a categorization of the existing payment networks formed on top of blockchain-backed cryptocurrencies. After discussing several emerging attacks on user/business privacy in these payment channel networks, we qualitatively evaluate them based on a number of privacy metrics that relate to our case. Based on the discussions on the strengths and weaknesses of the approaches, we offer possible directions for research for the future of privacy based payment channel networks.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Cryptocurrency Solutions to Enable Micro-payments in Consumer IoT

The successful amalgamation of cryptocurrency and consumer Internet of Things (IoT) devices can pave the way for novel applications in machine-to-machine economy. However, the lack of scalability and heavy resource requirements of initial blockchain designs hinders the integration as they prioritized decentralization and security. Numerous solutions have been proposed since the emergence of Bitcoin to achieve this goal. However, none of them seem to dominate and thus it is unclear how consumer devices will be adopting these approaches. Therefore, in this paper, we critically review the existing integration approaches and cryptocurrency designs that strive to enable micro-payments among consumer devices. We identify and discuss solutions under three main categories; direct integration, payment channel network and new cryptocurrency design. The first approach utilizes a full node to interact with the payment system. Offline channel payment is suggested as a second layer solution to solve the scalability issue and enable instant payment with low fee. New designs converge to semi-centralized scheme and focuson lightweight consensus protocol that does not require highcomputation power which might mean loosening the initial designchoices in favor of scalability. We evaluate the pros and cons ofeach of these approaches and then point out future researchchallenges. Our goal is to help researchers and practitioners tobetter focus their efforts to facilitate micro-payment adoptions.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Privacy-Preserving Smart Parking System Using Blockchain and Private Information Retrieval

Searching for available parking spaces is a major problem for drivers especially in big crowded cities, causing traffic congestion and air pollution, and wasting drivers' time. Smart parking systems are a novel solution to enable drivers to have real-time parking information for pre-booking. However, current smart parking requires drivers to disclose their private information, such as desired destinations. Moreover, the existing schemes are centralized and vulnerable to the bottleneck of the single point of failure and data breaches. In this paper, we propose a distributed privacy-preserving smart parking system using blockchain. A consortium blockchain created by different parking lot owners to ensure security, transparency, and availability is proposed to store their parking offers on the blockchain. To preserve drivers' location privacy, we adopt a private information retrieval (PIR) technique to enable drivers to retrieve parking offers from blockchain nodes privately, without revealing which parking offers are retrieved. Furthermore, a short randomizable signature is used to enable drivers to reserve available parking slots in an anonymous manner. Besides, we introduce an anonymous payment system that cannot link drivers' to specific parking locations. Finally, our performance evaluations demonstrate that the proposed scheme can preserve drivers' privacy with low communication and computation overhead.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective

As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these "plug-and-play" systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Communication-efficient Certificate Revocation Management for Advanced Metering Infrastructure and IoT

Advanced Metering Infrastructure forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication between smart meters could be secured utilizing public-key cryptography, however, public-key cryptography still has certain challenges in terms of certificate revocation and management particularly related distribution and storage overhead of revoked certificates. To address this challenge, in this paper, we propose a novel revocation management approach by utilizing cryptographic accumulators which reduces the space requirements for revocation information significantly and thus enables efficient distribution of such information to all smart meters. We implemented the proposed approach on both ns-3 network simulator and a testbed. We demonstrated its superior performance with respect to traditional methods for revocation management.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit

While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Security, Privacy and Ethical Concerns of IoT Implementations in Hospitality Domain

The Internet of Things (IoT) has been on the rise in the last decade as it finds applications in various domains. Hospitality is one of the pioneer sectors that has adopted this technology to create novel services such as smart hotel rooms, personalized services etc. Hotels, restaurants, theme parks, and cruise ships are some specific application areas to improve customer satisfaction by creating an intense interactive environment and data collection with the use of appropriate sensors and actuators. However, applying IoT solutions in the hospitality environment has some unique challenges such as easy physical access to devices. In addition, due to the very nature of these domains, the customers are at the epicenter of these IoT technologies that result in a massive amount of data collection from them. Such data and its management along with business purposes also raises new concerns regarding privacy and ethical considerations. Therefore, this paper surveys and analyzes security, privacy and ethical issues regarding the utilization of IoT devices by focusing on the hospitality industry specifically. We explore some exemplary uses, cases, potential problems and solutions in order to contribute to better understanding and guiding the business operators in this sector.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Server-side Fingerprint-Based Indoor Localization Using Encrypted Sorting

GPS signals, the main origin of navigation, are not functional in indoor environments. Therefore, Wi-Fi access points have started to be increasingly used for localization and tracking inside the buildings by relying on a fingerprint-based approach. However, with these types of approaches, several concerns regarding the privacy of the users have arisen. Malicious individuals can determine a client's daily habits and activities by simply analyzing their wireless signals. While there are already efforts to incorporate privacy into the existing fingerprint-based approaches, they are limited to the characteristics of the homomorphic cryptographic schemes they employed. In this paper, we propose to enhance the performance of these approaches by exploiting another homomorphic algorithm, namely DGK, with its unique encrypted sorting capability and thus pushing most of the computations to the server side. We developed an Android app and tested our system within a Columbia University dormitory. Compared to existing systems, the results indicated that more power savings can be achieved at the client side and DGK can be a viable option with more powerful server computation capabilities.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

Heuristic Approach for Jointly Optimizing FeICIC and UAV Locations in Multi-Tier LTE-Advanced Public Safety HetNet

UAV enabled communications and networking can enhance wireless connectivity and support emerging services. However, this would require system-level understanding to modify and extend the existing terrestrial network infrastructure. In this paper, we integrate UAVs both as user equipment and base stations into existing LTE-Advanced heterogeneous network (HetNet) and provide system-level insights of this three-tier LTE-Advanced air-ground HetNet (AG-HetNet). This AG-HetNet leverages cell range expansion (CRE), ICIC, 3D beamforming, and enhanced support for UAVs. Using system-level understanding and through brute-force technique and heuristics algorithms, we evaluate the performance of AG-HetNet in terms of fifth percentile spectral efficiency (5pSE) and coverage probability. We compare 5pSE and coverage probability, when aerial base-stations (UABS) are deployed on a fixed hexagonal grid and when their locations are optimized using genetic algorithm (GA) and elitist harmony search algorithm based on genetic algorithm (eHSGA). Our simulation results show the heuristic algorithms outperform the brute-force technique and achieve better peak values of coverage probability and 5pSE. Simulation results also show that trade-off exists between peak values and computation time when using heuristic algorithms. Furthermore, the three-tier hierarchical structuring of FeICIC provides considerably better 5pSE and coverage probability than eICIC.

0 citations0 reviewsNo code linkedOpen access