Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

An Architecture Using Payment Channel Networks for Blockchain-based Wi-Fi Sharing

An Architecture Using Payment Channel Networks for Blockchain-based Wi-Fi Sharing An Architecture Using Payment Channel Networks for Blockchain-based Wi-Fi Sharing An Architecture for Blockchain-based Wi-Fi Sharing CHRISTIAN JANIESCH TU Dortmund University, Dortmund, Germany, christian.janiesch@tu-dortmund.de MARCUS FISCHER InnoBrain GmbH, Würzburg, Germany, marcus.fischer@inno-brain.de FLORIAN IMGRUND InnoBrain GmbH, Würzburg, Germany, florian.imgrund@inno-brain.de ADRIAN HOFMANN University of Würzburg, Würzburg, Germany, adrian.hofmann@uni-wuerzburg.de AXEL WINKELMANN University of Würzburg, Würzburg, Germany, axel.winkelmann@uni-wuerzburg.de Enabling Internet access while taking load of mobile networks, the concept of Wi-Fi sharing holds many potentials. While trust- based concepts require a trusted intermediary and cannot prevent malicious behavior for example conducted through fake profil es, security-based approaches lack adequate accounting mechanisms and coverage. Against this backdrop, we develop a Wi-Fi sharing architecture based on blockchain technology and payment channel networks. Our contribution is twofold : First, we present a comprehensive collection of design principles for workable Wi -Fi sharing networks. Second, we propose and evaluate a reference architecture that augments current approaches with adequate accounting mechanisms and facilitates performance, scalability, security, and participant satisfaction. CCS CONCEPTS • Applied computing → Enterprise computing • Information systems → World Wide Web → Web applications → Electronic commerce → Secure online transactions • Networks → Network types → Wireless access networks → Wireless local area networks Additional Key Words and Phrases: Wi-Fi Sharing, Blockchain, Payment Channel Networks, Architecture 1 INTRODUCTION Wi-Fi sharing has become a topic of interest in research and practice [1-3]. It yields various benefits, including ubiquitous Internet access, lower utilization of mobile network capacities, and reduced need for maintenance due to decentralization and self-regulation. For instance, despite 5G availability and free Wi-Fi initiatives in some major cities, still the intrepid traveler often faces steep fees for data access once he or she leaves free roaming coverage. A global decentralized Wi-Fi sharing network with low entry barriers for both users and operators can be a remedy. For operators, such solutions can improve the perceived network and service quality by extending their services’ coverage and capacity [4]. To date, several initiatives have established public Wi-Fi infrastructures, so-called hotspots, thereby, providing individuals with the opportunity to share their private broadband connection with public guests. For example, Fon is an international company that offers a Wi-Fi community network with over 21 million hotspots around the world (see fon.com). However, current Wi-Fi sharing concepts have several constraints, such as user authentication or illegal behavior, and lack coverage, participation, and scalability [3, 5]. This is partly due to a one-sided dependence on network Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co -authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only. © 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM. 2158-656X/2022/1-ART1 $15.00 http://dx.doi.org/10.1145/3529097 ACM Trans. Manage. Inf. Syst. operators, who not only control price structures and terms of use, but also determine the network’s availability through their own customer reach and area coverage [6]. While most users are concerned about security issues and potential decreases in their private network performance, current solutions lack adequate incentives or benefits to compensate for these risks and, thus, to facilitate their participation in Wi-Fi sharing networks [6, 7]. Addressing these shortcomings, we propose a fast, reliable, and scalable reference architecture for Wi-Fi sharing based on blockchain technology and payment channel networks. The concept fundamentally builds upon two complementary components. First, a blockchain provides a distributed database for saving and securing transactions and building mutual trust among users within a network. Second, payment channel networks provide users with the means to conduct transactions without committing each of them to the blockchain, thus, enabling high network performance at low costs. Consequently, Wi-Fi sharing becomes uncoupled from traditional network operators and users face more incentives to participate in the network. With our research, we contribute to research on the effects of blockchain on networked business models in particular considering trusted third parties. We summarize our research questions as follows:  What are the requirements for secure and reliable Wi-Fi sharing networks and how are they addressed by current approaches and concepts?  Based on these requirements, what are design principles for the design of a reference architecture that facilitates the development of scalable, efficient, and secure Wi-Fi sharing networks? We employ a design science research (DSR) approach to develop our contribution. Consequently, this research centers on designing and developing an artifact in the form of a reference architecture for blockchain -based Wi-Fi sharing networks. We organize this paper as follows: In Section 2, we introduce the theoretical foundation on the concepts of blockchain and payment channel networks. Subsequently, we explicate our research method in Section 3. After collecting and analyzing the requirements for workable Wi-Fi sharing networks by detailing related work in Section 4, we develop and present 14 design principles for workable Wi-Fi sharing networks in Section 5. We instantiate them in a multi-layer reference architecture for Wi-Fi sharing networks in Section 6 and detail our evaluation efforts in Section 7. Section 8 concludes this research with a summary of findings, limitations, and future research potentials. 2 THEORETICAL FOUNDATIONS 2.1 Blockchain The blockchain describes a distributed transaction ledger that is duplicated across all participants in a network [8]. Transactions made on the blockchain are verified, grouped, and chronologically stored as a chain of data blocks. Blockchains can process different types of data and, unlike traditional networks, do not require trusted intermediaries due to the use of cryptography and game theory [9]. Initially viewed as an alternative for the bank- centered financial system, research and practice have recently introduced various blockchain application scenarios, which span across different sectors and industries including electronic markets [10]. From a technical perspective, blockchain-based systems build upon a decentralized database, cryptographic security measures, and consensus mechanisms, which provide the means for decentralized time stamping and agreement among multiple distributed participants [11]. Based on so-called smart contracts, blockchains can evaluate transactions against a set of programmable rules and, thus, enable parties, who do not fully trust each other, to interact [12]. In general, a blockchain represents an immutable distributed ledger in which transactions are recorded publicity as blocks chained in a chronologic order [13]. Each block is assigned with a unique identifier in the form of a hash, which is produced by running contents of a block through a cryptographic hash function [14]. To ensure ACM Trans. Manage. Inf. Syst. immutability, changes to the original data incur extensive and seemingly uncorrelated changes to the hash and require altering all data entries subsequently recorded on the blockchain [15]. As the blockchain is mirrored across all peers of a network, it provides full transparency regarding transactions and facilitates mutual trust and security [16]. Besides resolving conflicts among interacting agents in a network, the technology is capable of reducing information asymmetries without establishing a central instance [17, 18]. In practice, consensus mechanisms vary regarding their application scenarios. For example, public and anonymous blockchains require that mining new blocks is linked to a sufficient amount of cost to prevent the distribution of malicious content [17, 19, 20]. Proof-of- work (PoW) and proof-of-stake (PoS) are the most widespread and most researched consensus mechanisms today. These mechanisms demand high computational resources or high monetary resources, respectively, and can yield centralization and high costs [21]. To append a new block to the blockchain in PoW-based networks, the participants must find a specific value (referred to as nonce) that is combined with the transaction data of the block and the hash of the previous block. The value must be chosen such that the hash of the combined data starts with a string of zeros. The number of zeros is determined by the current difficulty of the protocol. Due to the use of cryptographic hash functions, the nonce cannot be calculated, but must be found through brute-force search, which is a massive computational effort and consumes large amounts of energy. This makes PoW-blockchain transactions expensive but very secure. If two different blocks are broadcasted simultaneously to the network, each node must choose which should be appended, by using this blocks hash for the calculation of the next block. After a few blocks, one version of the chain will be longer than the other, since more nodes agreed on this version and the other chain will be orphaned. Consensus here means, that the nodes agree on the longest chain, that is the chain with the most computational effort. PoS can be seen as a virtualized form of PoW. Here, the resources are not denoted by computational power, but monetary resources in the form of tokens on the blockchain. For each block, a validator is selected, based on the number of tokens they possess. PoS is generally considered less secure than PoW, since it has one major flaw: when two blocks are broadcasted simultaneously, nodes do not have to choose which one to keep. They can use their stake to produce blocks for each of the blocks to maximize their reward, resulting in a constantly forked blockchain. This is referred to as the nothing-at-stake problem. In a controlled environment, such as a private or permissioned blockchain network that consists of unique and known participants, computational load can be significantly reduced based on identity-based authentication schemes such as practical byzantine fault tolerance (PBFT) [22, 23]. Here, each participant votes for the next valid block. Since each participant has a unique identity, the system cannot be flooded with votes from fake identities. Furthermore, the voting process is conducted over multiple rounds to account for network errors and ensure correctness. Furthermore, several hybrid mechanisms exist for niche applications. However, all mechanisms rely on the appropriateness of predefined rules. Hence, it is important to ensure their correctness, reliability, and accuracy [24]. Although the number of mostly disruptive visions has grown tremendously in recent years, Avital, et al. [25] argue that neither research nor practice has fully grasped the technology’s true potential. In fact, most solutions remain premature, and implementations are limited to a preliminary proof of concepts. By conducting a comprehensive literature review, Risius and Spohrer [16] reveal that the current body of research has mostly focused on technological questions of design and features, while neglecting aspects associated with the application, value creation, and governance of blockchain solutions. 2.2 Payment Channels Networks Payment channels describe a class of techniques that enable users to conduct multiple transactions without committing single transactions to the blockchain [26]. In the case of purely bidirectional transactions, payment ACM Trans. Manage. Inf. Syst. channels constitute bilateral agreements between two parties. To establish a new connection, unconnected parties must constantly negotiate and agree over multiple aspects, thus, yielding high transaction costs and reducing performance and scalability. Against this backdrop, multiple users can build payment channel networks, which allow unconnected users to conduct transactions by routing payments over intermediaries [27]. These networks typically draw upon Hashed Timelock Contracts (HTLC), as a special class of smart contracts that is established between parties of a transaction and transferred to the blockchain for execution [28, 29]. While research and practice have introduced a variety of payment channel network concepts, this paper builds upon Poon-Dryja payment channels, which are implemented to conduct Bitcoin transactions in the Lightning Network [29]. Joining a payment channel network requires users to create a new channel that is connected to a network participant as well as to make a funding payment, which equals the overall transaction’s value [30]. Both parties must then agree to a set of rights and obligations to conduct a transaction. Initially, the network blocks the sender’s funding transaction until the receiver secures an equivalent refund transaction, which equals the outstanding amount [30]. This mechanism constitutes a money-back guarantee and ensures secure transactions, even if one partner is non-cooperative or seeks to conduct fraudulent behavior [29]. The blocking time also determines the closing of the corresponding payment channel [29]. We summarize and illustrate the functioning of payment channel networks with the example in Figure 1. 5 4 Sends secret inp ut R and Sends secret inp ut R and Bob receives 0.1 Bitcoin receives 0.1 Bitcoin Generates hashed time-lock contract Generates hashed time-locked contract (nTimeLock=3 day ; Amount= 0.1 Bitcoin) (nTimeLock=2 day ; Amount= 0.1 Bitcoin) Alice Carol Sends hash H to Alice, which was generated based on the secret inp ut R Has h H Random R Figure 1: Transactions in Payment Channel Networks. In this scenario, Alice sends 0.1 Bitcoin to Carol, while both are connected to each other through the intermediary Bob. Thereby, Carol creates hash H based on the secret random number R and sends it to Alice (1), who establishes an HTLC with Bob (2). The contract allows Alice to send 0.1 Bitcoin to Bob and requires both partners to agree on the following aspects: I. If Bob can create the known hash H from the random number R and send it to Alice within 3 days, Alice will compensate Bob with the amount of 0.1 Bitcoin. II. After three days, the contract is voided, and payments can neither be send nor requested. III. Subject to approval of Bob and Alice, the established contract can be closed prior to this time limit and withdrawals of any amount can be made. IV. If Bob or Alice breach any of these obligations, the full transaction amount is transferred to the counterparty. Subsequently, Bob and Carol must establish an equivalent HTLC that enables Carol to receive 0.1 Bitcoin from Bob (3). The contract requests Carol to create another hash H from the random number R and to transfer it to Bob ACM Trans. Manage. Inf. Syst. within two days (4). For a transaction between Carol and Alice, Bob transfers to Alice the random number R and demands 0.1 Bitcoin as a compensation (5). 3 RESEARCH DESIGN In this study, we apply a problem-centered DSR approach as suggested by Peffers, et al. [31]. Typical outcomes of DSR activities are artifacts, which include constructs, models, methods, and instantiations [32]. Being experts in the domain of practice-oriented applications of blockchain technology, we have noticed a lack of concepts for the efficient and secure sharing of private broadband capacity based on Wi-Fi sharing. We address this important unsolved problem in a unique and innovative way by developing two novel artifacts. First, we collect various requirements for Wi-Fi sharing and derive a set of design principles for solutions that resolve the weaknesses of current approaches and concepts. Second, we design an integrated reference architecture for Wi-Fi sharing networks, which fosters efficiency and security by combining the blockchain technology with payment channel networks. We demonstrate its applicability by describing how its main components interplay to enable fast and secure transactions between multiple users in shared Wi-Fi networks. With blockchain and payment channel networks, we use and integrate two concepts whose research and application are still at an early stage. We therefore rely on descriptive methods to evaluate the applicability and usefulness of the resulting artifact [33, 34]. Consequently, we consider this research as conceptual by nature, yielding far-reaching implications for future research and practice. We summarize the applied DSR approach as well as complementary methods in Figure 2. Problem Objectives of a Design and Evaluation Demonstration Conclusion Identification Solution Development • Current concepts • Collect require- • Develop design • Design a graphical • Discuss and • Summarize key for WiFi sharing ments for a principles for a representation as evaluate the findings lack efficiency workable workable solution well as flow chart reference archi- and scalability solution for for broadband to demonstrate the tecture based on • Identify broadband capacity sharing functionality and the scenario limitations as the • Core require- capacity sharing relationships of technique and an need to eventually ments are yet • Integrate the the reference expert workshop contextualize unknown and • Provide guidance proposed system architecture before application hamper the to foster future modules into a • Propose testable development of research and reference propositions and • Identify future suitable systems practical im- architecture for key performance research plementations of Wi-Fi sharing indicators for opportunities Wi-Fi sharing networks further measure- networks ments Figure 2: Overview of the DSR Approach based on Peffers, et al. [31]. In following a staged process, which allows for multiple iterations of the design principles to evolve, we aim at developing design principles, which describe a class of systems as a means for implementing Wi-Fi sharing networks. In an initial iteration, we identified and carved out the problem to be solved in discussions with an expert for business process management and an enterprise architect from a large German Internet service provider. During conceptual development, we formulated initial design principles and refined them in an iterative process of discussion and reflection with researchers as well as said business professionals, which resulted in further challenges and perspectives to consider in the next iterations. Our research built upon and benefited from this exchange with industry. We formulated our design principles according to Chandra, et al. [35]’s proposal for effective formulation, including materiality, action, and boundary conditions. We have provided the consolidated results of our research to academic as well as professional experts. We have incorporated the recommendations from academia and have not received any negative feedback from practice. For clarity reasons, in this paper we only describe the outcome of the final iteration and not prior configurations of artifacts. When those are referred to (e.g. in Section 7.2), we explicitly detail the differences to the final artifact. ACM Trans. Manage. Inf. Syst. 4 DESIGN REQUIREMENTS FOR Wi-Fi SHARING AND CURRENT APPROACHES 4.1 Potential Risks and Threats in Wi-Fi sharing Networks Due to a growing demand for mobile Internet applications, telecommunication infrastructures are at their capacity limit and cannot always deliver high performance during peak hours [36, 37]. Simultaneously, network operators must cope with a growing competition as well as with declining revenues and constantly increasing requirements for network performance and quality [38, 39]. Addressing these challenges requires them to invest into expanding current infrastructure or to identify and implement mechanisms to increase effectiveness. Thereby, both research and practice point to the vast potentials of accessing private landline broadband capacities in Wi-Fi sharing networks, which can reduce the overall usage of mobile network infrastructures [1-3]. To facilitate user participation and cost-effective operations, Wi-Fi sharing networks require an adequate system architecture that ensures security, efficient accounting, and service quality. In this research, we draw upon Leroy, et al. [5], who reduce the wide range of requirements to the three categories of security, administration, and accounting. We provide an overview of these requirements and specify corresponding risks and threats in Figure 3. Administrative challenges & Security threats Accounting risks usability problems Application Legal risks and Infrastructure User profiling and confinement tarnished reputation attacks (S#IA) traceability (S#UPT) (AU#AC) (AU#LT) Resource Fraudulent access Access to subscribed Risk of overcharge Risk of repudiation exhaustion points (S#FA) services (AU#AS) (AR#RO) (AR#RR) (S#RE) Blacklisting (S#B) Figure 3: Risks and Threats in Current Wi-Fi sharing Networks [5]. Regarding the dimension of security threats, a Wi-Fi sharing network must facilitate cooperative user behavior and sanction fraudulent actions respectively [3, 5, 40]. This entails preventing network infrastructure attacks (S#IA) as well as discouraging users from conducting malicious actions using resource exhaustion (S#RE), which can result in access points becoming blacklisted (S#B) by external service providers [5]. To further avoid phishing of sensible user data, the architecture must account for the various risks imposed by fraudulent access points through the emulation of fake Service Set Identifier (SSID) (S#FA), which can be used to intercept connections between users and access points [40]. Ultimately, Leroy, et al. [5] note that data processing must comply with presently enacted data protection laws, which prohibit various techniques for data analysis and interpretation, such as user profiling and activity tracing (S#UPT). Administration challenges and usability problems refer to a network’s capabilities to support users in achieving quantified objectives with effectiveness, efficiency, and satisfaction. Besides facilitating the solution’s perceived ease of use and intuitiveness, the category includes all functionalities, rules, and restrictions that point to application confinement and potentially hamper user adoption (AU#AC) [5]. It also regulates the accessibility of subscribed services (AU#AS), which are made available unintentionally through the Internet Protocol of the access point. Ultimately, the category addresses risks imposed by illegal actions of network users, which can yield losses in reputation or even legal implications (AU#LT) [5]. The category of accounting risks incorporates risks that emerge from service downtimes, that is the risk of user repudiation (AR#RR) or failure of service invoicing, in particular the risk of overcharging (AR#RO). In addition to the lack of non-corruptible invoicing mechanisms, Leroy, et al. [5] describe the absence of a trusted intermediary for a secure and liable payment handling as a major weakness of current Wi-Fi sharing networks. Considerably hampering user participation, this leads to a reduced network coverage and, thus, to decreases in the ACM Trans. Manage. Inf. Syst. perceived usefulness of the service. While all categories are important for building functioning Wi-Fi sharing networks, we consider adequate accounting mechanisms as their most essential component, as they facilitate mutual trust and provide users with incentives for participation. The threats and risks constitute our design requirements. 4.2 Shortcomings of Current Wi-Fi sharing Networks In general, we can distinguish between trust-based and security-based approaches. Trust-based approaches are mainly framed by the work of Cao, et al. [3], Seufert, et al. [39], and Lafuente, et al. [41]. Besides using intermediaries to facilitate trust among network participants, these approaches typically build upon authentication mechanisms from online social networks (OSN). Having logged in over an OSN, users can use a host’s broadband connection by either accessing his or her private network or a designated user network, which has been established for this specific purpose and is regulated by strict policy guidelines [42]. We summarize the main properties of trust-based Wi-Fi sharing networks in Figure 4. Core Host grants network full access either or Authentication via trusted intermediary (e.g. via OSN) Shared User Host grants network restricted access (VPN) 0 1 1 0 1 0 1 0 0 1 1 0 1 0 1 0 Access point 0 1 1 0 1 0 1 0 Connection established Figure 4: Trust-based Approach for Wi-Fi Sharing Networks. Cao, et al. [3] develop a Wi-Fi sharing network, which enables users to automatically discover and authenticate nearby networks that are operated by befriended people from social networks. Thereby, users can gain unrestricted access to a host’s private broadband connection by proving his or her identity over a relationship that has been established in an OSN. Disclosing a user’s identity can not only reduce the risk of malicious actions, but also provide incentives for participating in Wi-Fi sharing communities. Intended to be non-commercial, the service is not subject to risks associated with service invoicing. Based on the findings of Daraghmi and Yuan [43], we argue that implementing the approach is only feasible and beneficial if access points are also made available to friends of friends and, thus, beyond the scope of direct connections. As sharing private connections with further degrees of friends can reduce the network’s degree of trust, the approach suffers from a trade-off between security and reach. Seufert, et al. [39] introduce a similar approach. They use OSN primarily as socially aware traffic management systems to authenticate user identities. Users can provide additional information, which is used as meta-data to manage localization and access within the network. The approach supports rewarding or sanctioning user behavior with a trust score, which provides hosts with the opportunity to prevent user groups from accessing their shared network. In general, users can only access a network upon request and hosts manually decide whether to share an access point or not. Nevertheless, the approach allows authorized users to gain access over a separately managed virtual private network (VPN), which is established and ran independent from the private network’s infrastructure. Controlled by strict policy guidelines and separated from the network, non-authorized users can access the network over virtual access points. This discourages users from the unauthorized use of the host’s subscribed services and supports hosts in preventing infrastructure attacks, resource overloads, and service backlisting. The approach is a non-commercial service and fosters user participation. ACM Trans. Manage. Inf. Syst. Lafuente, et al. [41] propose a service for Wi-Fi password sharing, which enables authorized users to access a shared network directly. To ensure data security, it requires hosts to approve all incoming connection requests manually. Communication and data transfer between user and host are further secured by encryption mechanisms, which prevent attacks that seek to obtain sensible user information [41]. The authors further draw upon the concept of computational trust management [44] to ensure that passwords are only shared among trusted users. Although the proposed approach cannot fully prevent malicious actions, it facilitates cooperative user behavior. In summary, most trust-based approaches lack mechanisms to prevent malicious actions of non-cooperative users. By failing to address the requirements from Figure 3, however, these approaches pose manifold risks for hosts and users. This applies especially for the case of unsecured connections, which provide users with unrestricted access to private networks and all subscribed services. All concepts use authentication mechanisms from OSN to verify user identities. While this ensures trustable connections in many cases, it is not applicable when dealing with fake profiles that have been created to bypass such security barriers. Although Seufert, et al. [39] seek to address this issue by computing a user-specific trust score, their approach only yields adequate results if all users in a network have been identified by a trusted intermediary. Consequently, the feasibility of trust-based approaches relies strongly on the availability of intermediaries. By contrast, security-based approaches use a host’s infrastructure as an access point, over which a user establishes a VPN connection to its own private network. Secured by cryptography, these connections resolve host-sided security concerns and provide user with a full Internet access that is not restricted by external policy guidelines. We summarize the main properties of security-based Wi-Fi sharing networks in Figure 5. Host provides infrastructure User‘s home network Authentication via service application User VPN User’s mobile device Figure 5: Security-based Approach for Wi-Fi Sharing Networks. Sastry, et al. [40] introduce a Wi-Fi sharing network that builds upon VPNs to establish Internet connections for trusted users within a network. This entails that users can use a host’s access point to connect to their own private network, which then processes the session’s entire Internet traffic. Besides yielding increased network latencies as well as broadband restrictions of ~200 kbps in the case of asymmetric connections [45], the proposed concept can fully resolve latent trust dependencies between involved parties. As users gain access to the Internet over their own network, it can further overcome common security issues and usability restrictions. By using cryptography to encode communication and data transfer, users also benefit from higher security and trust. However, Sastry, et al. [40] neglect the risks imposed by fraudulent access points and build upon the assumption of generally cooperative network participants. Furthermore, the authors primarily sketch out the approach’s applicability for scenarios that entail a linear increasing resource consumption for communication encoding, which is due to network latencies in long distance connections. Leroy, et al. [5] augment the approach of Sastry, et al. [40] by using VPNs to establish encoded connections between a host’s and a user’s access point. The authors implement Roaming Authentication and Key Exchange (RAKE) for identity authentication. Furthermore, RAKE accounts for establishing and organizing the connection and determines explicit parameters necessary for authentication and encryption. By employing a lightweight accounting ACM Trans. Manage. Inf. Syst. protocol similar to the Transmission Control Protocol (TCP) slow-start approaches, the network can dynamically manage shared bandwidths and close connections in the case of fraudulent behavior to reduce financial impacts. While security-based approaches provide the means to address requirements related to security and administration, they lack adequate solutions for accounting. Although the approach of Leroy, et al. [5] supports hosts in minimizing monetary impacts, which can result from the early closure of a connection due to a user’s fraudulent behavior, it builds upon TCP and, thus, entails significant performance reductions in fast scaling networks. Furthermore, it requires the protocol’s implementation on all communicating routers to ensure the reliability and security of transferred data. Against the users’ preferences for high mobility and flexibility, the protocol lacks efficiency and responsiveness especially in the case of high round-trip times. As the round-trip times and, thus, the transfer of data between a host and a user’s private network can take up to several seconds, moving users that rapidly establish and close connections to hotspots are quickly out of the network’s reach. Although these mechanisms are considered typically to provide suitable means for establishing and securing bilateral communication channels between hosts and users, they hardly conform to the requirements of Wi-Fi sharing networks, which require multi-channel-based communication opportunities. To date, research has only paid limited attention to using the capabilities of blockchain technology for Wi-Fi sharing. Shi, et al. [6] suggest implementing smart contracts to establish a system capable of processing micro- transactions as payments for used capacities in Wi-Fi sharing networks. The authors motivate their approach by noticing that most data-sharing services lack user participation due to insufficient incentives. By drawing upon Leroy, et al. [5], they develop an accounting mechanism that uses a protocol that rewards cooperative users with a linearly growing bandwidth. The concept further enables hosts to terminate connections with non-cooperative transaction partners, which results in a complete loss of the transaction’s content. Implementing the approach requires small adaptations to the hosts’ access points as well as the installation of java-based application on the user’s device. Thereby, the protocol establishes a connection to a blockchain network (e.g., the Bitcoin network) and uses the corresponding infrastructure to conduct micro-transactions. Consequently, Shi, et al. [6] demonstrate the potentials of using blockchain technology for conducting micro-transactions in Wi-Fi sharing networks. Significant benefits arise from the implementation of payment channels to clear fine-grained data services incrementally, as corresponding accounting protocols neither require the existence of a trusted intermediary, nor demand the use of complex consensus mechanisms for transaction approval. In order to use smart contracts to conduct micro- transactions instantaneously, the Wi-Fi sharing network must register each contract stored within the blockchain. Thus, the entire payment logic is stored within the smart contract itself and executed on a local connection between users and hosts. Table 1 summarizes these approaches and links them to the respective risks and threats of Figure 3. Furthermore, it clarifies that trust-based approaches are excellently suited to minimize or address security-relevant and administrative problems. Due to their low flexibility toward scalability, however, respective approaches do not meet the demands of a highly available and widely accessible solution, which is a prerequisite for the viability of Wi-Fi sharing networks in practice. Security-based approaches, on the other hand, do not have the usual limitations of scalability that result from the lack of reliable authentication mechanisms. Due to their single-channel-based communication semantics, however, hopping to and from another router, as is required in Wi-Fi sharing to not being bent to the local range of a particular terminal, is not efficient. Consequently, users encounter interruptions or extended waiting times when physically moving forward. As shown in Table 1, the current state-of-the-art addresses most requirements linked to the first two categories. In fact, the use of VPNs can increase security and facilitate cooperative user behavior. Despite constraints regarding their resource consumption and limited performance, corresponding approaches yield multiple benefits, as users connect to their own private network and, thus, do not face accessibility restrictions or risks imposed by data ACM Trans. Manage. Inf. Syst. security. Thus, users cannot only hide their browsing habits but also eliminate the possibility of being tracked or profiled by third-party providers. Table 1: Summary of Design Requirement Coverage in Current Solutions for Wi-Fi Sharing Networks. S# S# S S# S#UP AU# AU# AU# AR#R AR#R Reference Approach IA RE #B FA T AC AS LT O R Cao, et al. [3] O O O O / / / O / / Trust-based Seufert, et al. [39] O X X O / / X X / / Trust-based Lafuente, et al. [41] O O O / / / / / / / Trust-based Sastry, et al. [40] X X X / X X X X / / Security- based Leroy, et al. [5] X X X / X X X X X X Security- based Shi, et al. [6] / / / / / / / / X X Blockchain- enhanced Our Approach X X X O X X X X X X Blockchain- enhanced X: addressed directly by the approach used; O: addressed indirectly by the approach used; /: Not addressed by the approach us ed. 5 DESIGN PRINCIPLES FOR SECURE AND RELIABLE Wi-Fi SHARING NETWORKS Addressing the abovementioned design requirements, our approach inheres the benefits of Leroy, et al. [5]’s work by implementing a security-based approach, while bypassing its scalability issues by transferring communication and session management to a blockchain-enabled authentication mechanism as initially proposed by Shi, et al. [6]. We further increase the flexibility of payment processing, which Shi, et al. [6] have identified as still problematic, by implementing payment channel networks for micro-payments. As there is already robust research on how to set up and implement security-based Wi-Fi sharing networks, our referenced solution focuses on providing a scalable mechanism that enables intermediary-free payment processing. Based on relying on the effectiveness of blockchain- enabled payment channel networks, we claim our approach to superior to current implementations. We derive five central design principles for secure and reliable Wi-Fi sharing networks based on the requirements derived from our survey of risks, threats, and related work:  DP1: Provide the system with a module for hosts to manage and organize the provided bandwidth in order for the system to provide access to the Internet.  DP2: Provide the system with a module for users to initiate and maintain a private network without sharing secret keys in order for the system to prevent decoding the connection.  DP3: Provide the system with a module to provide only bandwidth to the user while users are routed to their private network even if the user’s identity is known or has been approved by identity authentication mechanisms in order for the system to prevent users from conducting fraudulent actions.  DP4: Provide the system with a module to restrict user access to the host’s private network infrastructure even if the user’s identity is known or has been approved by identity authentication mechanisms in order for the system to prevent users from conducting fraudulent actions.  DP5: Provide the system with a module to identify access points clearly in order for the system to prevent security-related threats, such as eavesdropping users’ traffic or DNS server phishing. However, purely security-based concepts lack the means to cope with the requirements of the accounting category sufficiently. Due to their inability to implement immutable and non-corruptible payment protocols, ACM Trans. Manage. Inf. Syst. corresponding concepts lack feasibility and user participation, as services provided by participants cannot be accurately billed or compensated [5, 6]. This can sustainably reduce the usefulness of the entire Wi-Fi sharing network. Leroy, et al. [5] further notice that asymmetric communication channels cannot guarantee fairness regarding the billing of services without including a trustable intermediary or implementing expensive hardware for using complex consensus mechanisms. In addition to the three core elements of working Wi-Fi sharing networks, we can derive nine further design principles for the implementation of adequate accounting mechanisms:  DP6: Provide the system with a mutually trusted intermediary requiring a transaction history, which facilitates transparency by recording a user’s behavior in terms of data traffic, resource consumption, and incurred costs, in order for the system to ensure that connection data cannot be manipulated or corrupted.  DP7: Provide the system with a module to keep transaction costs to a minimum in order for the system to prevent large numbers of micro-payments.  DP8: Provide the system with a module to forgo transaction costs for the execution of instant payments in order for the system to regulate the duration of the connection.  DP9: Provide the system with a module to set up the transaction in order for the system to enable host and user to mutually agree on the usage cost.  DP10: Provide the system with a module for pre-payment in order for the system to increase the quality of service and to prevent both risks imposed by overcharging and repudiation.  DP11: Provide the system with accounting mechanisms using a dynamic trust-score in order for the system to facilitate cooperative host behavior and ensure high service levels in terms of infrastructure accessibility by rewarding hosts for cooperative behavior or high availability.  DP12: Provide the system with a protocol that is platform-independent in order for the system to avoid potential lock-in effects and facilitate user adoption and scalability.  DP13: Provide the system with a protocol, which incrementally increases the provided bandwidth, and with instant payment functionalities, which ensure that outstanding payments are transferred immediately to unlock further resources in order for the system to prevent fraudulent behavior.  DP14: Provide the system with a protocol for users to initiate any number of connections and for hosts to simultaneously bill users with multiple connections in order for the system to ensure connections without the risk of overcharging or repudiation. The collective boundary condition for all 14 design principles is g iven that it shall be used to design secure and reliable Wi-Fi sharing networks. Drawing upon the results of Shi, et al. [6], current payment mechanisms can benefit by using the capabilities of the blockchain technology for invoicing in Wi-Fi sharing networks. Among others, the main advantages of such solutions include a decentral and non-corruptible database, which supports identity authentication, distributed transactions, and the generation of user protocols without the existence of a trusted intermediary. However, as their approach does not provide adequate accounting mechanisms, they lack the means to address the design principles DP1, DP2, DP5, DP7, and DP12. In the following, we introduce a reference architecture, which builds upon our 14 design principles and improves current Wi-Fi sharing concepts, by addressing the requirements of security, administrability, and usability with adequate accounting capabilities. 6 A REFERENCE ARCHITECTURE FRAMEWORK FOR Wi-Fi SHARING NETWORKS USING BLOCKCHAIN TECHNOLOGY AND PAYMENT CHANNEL NETWORKS 6.1 Multi-layer System Architecture Subsequently, we design and develop the main artifact of this research: a multi-layer reference architecture for Wi-Fi sharing networks. For architecture development, we draw upon the work of Notheisen, et al. [46], who have introduced a market engineering framework for blockchain solutions. The system architecture comprises the four layers of agent, application, infrastructure, and environment. The agent layer includes hosts and users participating in the network. Due to the large amount of different user devices and Wi-Fi hotspot hardware, the platform should be independent from specific systems or providers. While ACM Trans. Manage. Inf. Syst. this is feasible for mobile devices, wireless routers often use proprietary technology, which is not accessible to third- party providers. This requires developing a generally accepted and compatible software solution. The application layer manages all connections within a network and addresses many of the previously defined design principles. Hence, it complies with the various security requirements by implementing a so-called demilitarized zone to communicate with user devices, which protects the host’s private network from malicious attacks. Furthermore, users establish VPNs to connect to their own private network, which increases data security and facilitates service accessibility. Blockchain technology provides a secure, trustable, and immutable solution for conducting transactions without the need for a mutually trusted intermediary. Additionally, payment channels ensure instant transactions at neglectable transaction costs. By prepaying for only a small timeslot, sunk cost as a results of unforeseen channel terminations or malicious user behavior can be kept to a minimum [5]. Monetary incentives further facilitate the provision of broadband capacities and very low expected payoffs prevent fraudulent behavior. Due to the implementation of payment channel networks, corresponding Wi-Fi sharing networks are highly scalable and allow a large number of participants to join and interact. The additional network overhead for the payment channel transactions is negligible. Since the size of a transaction is only a few kilobytes, payments can be sent every few seconds without noticeable impact on network performance, ensuring near real-time payments. The infrastructure layer comprises a protocol layer and a hardware layer. Requirements on these layers are neglectable from a conceptual perspective and mostly addressed by the implementation of payment channel networks. Corresponding protocols must be capable of accessing and interpreting smart contracts to conduct transactions on the blockchain. This is independent from underlying consensus mechanisms or cryptography concepts as long as the network allows for the secure processing of opening and closing operations. However, the transaction cost for opening and closing the channels can be dependent on the chosen blockchain architecture and consensus mechanism. While a smaller network structure such as a consortium blockchain can allow for more efficient consensus mechanisms such as PBFT [47], larger, public blockchains provide a larger user base that can participate in the payment channel network [48]. We argue that ensuring a successful routing of payments through the network outweighs the need for low transaction costs for funding transactions. Additionally, some types of payment channel networks, such as the Poon-Dryja payment channels, can be implemented only on public blockchains [49]. For public blockchains, we argue that the network size is more deciding than the underlying consensus mechanism, therefore, the choice between PoS and PoW is solely dependent on the choice of public blockchain. If a choice has to be made between two equivalent PoW and PoS networks, it can be argued, that the higher security that PoW provides is not significant for the comparatively small transaction values, therefore, a PoS network should be preferred. Reinforcing this recommendation, there is a trend towards integrating PoS in the major public blockchains such as Ethereum partly fueled by environmental concerns. Although the network’s context cannot be controlled, we account for its requirements with an environment layer, as data security laws or regulations determine the boundaries within in which a Wi-Fi sharing network can operate. We summarize the resulting framework in Figure 6. ACM Trans. Manage. Inf. Syst. agent layer mobile wireless user facing application hotspot application layer transactions & channel transaction payment channel HTLCs management routing network protocol distributed consensus cryptographic layer ledger mechanisms protocol infrastructure layer hardware mining hardware, network nodes layer environment socio-economic and legal environment layer Figure 6: Reference Architecture Framework. 6.2 Demonstration of Transactions on the Architecture We demonstrate the reference framework’s structure as well as its functionality using the sequence diagram in Figure 7. ACM Trans. Manage. Inf. Syst. payment channel user hotspot blockchain network create channels send funding transacti on save transaction to new block transaction confirmed transaction confirmed create channels send funding transacti on save transaction to new block transaction confirmed transaction confirmed Connect add ress in PCN + usage terms accept terms loop (every t) create transacti on if user stays routing connected + create HTLCs unsigned transaction unsigned transaction signe d transaction signe d transaction payment notification enable internet for al l app lications for t. close channels send closing transaction save transaction to new block transaction confirmed transaction confirmed close channels send closing transaction save transaction to new block transaction confirmed transaction confirmed Figure 7: Overview of Architecture Functionality. To connect with a network, users must send a request for approval and transfer the required funding transaction to the payment channel network (create channels). Prior to saving the transaction on the blockchain, the network creates an identical refund transaction, which guarantees that users are reimbursed if they are affected by non- cooperative behavior conducted over the connected channel. The channel has been successfully established as soon as the funding transaction is recorded and approved by the network (send funding transaction). However, this requires saving the transaction data on the blockchain, which typically goes along with considerable latencies and processing times (save transaction to new block). Hence, the funding transaction should be conducted with enough ACM Trans. Manage. Inf. Syst. 1. channel 3. close 2. payment creation channel time before a user intends to use a hotspot. To support a smooth processing of registration and approval requests, corresponding software solutions should directly connect with a service that provides users with the opportunity to buy or sell blockchain-based tokens with regular fiat money. Furthermore, hotspots must be assigned with a unique identifier that enables users to find them in a payment channel network. However, as hosts only receive but do not send payments, they are not required to conduct a funding transaction. In general, a network’s stability, coverage, and performance correlates strongly to the amount of access points it comprises. Because it is often necessary that hosts act as intermediaries between two participants that are not directly connected, they should also be incentivized to conduct a small funding transaction to route payments through the network. To access a host’s private network, a user must ensure an active Wi-Fi connection. An access portal initially blocks most Web services and thus, only authorizes connections to the respective payment channel node provided by the router. Thereby, the user’s mobile device and the host’s router automatically negotiate terms of use, including minute-based fees for accessing a hotspot, the address of the payment channel, and the bandwidth provided by the network (address in PCN + usage terms accept terms). After their mutual agreement, the mobile device must approve the transaction’s content and send the usage fee to the router (cf. loop). Thus, the node running on the Wi-Fi access point manages the routing of the transferred tokens and activates all services for access by the user. To use the payment channel, the user conducts an additional micro-transaction before the connection interrupts. This process repeats until no more micro-transactions are registered by the host’s access points, which leads to the automated termination of the payment channel. Thereby, the user carries the risk of not receiving a compensation for the last completed transaction. As the value of these micro-transactions is neglectable, it is neither feasible nor economical to set up malicious hotspots with the purpose of taking advantage of these on-sided revenues. However, this may not apply to situations, in which malicious hotspots are used for profit generation by locating them at highly frequented places, such as for large events or at city sights. Consequently, the network must continuously collect and analyze data on the behavior of access points and sanction fraudulent actions, for example by blacklisting corresponding hosts. By contrast, if users conduct illegal actions or show fraudulent behavior, the host can terminate the connection at any time. If a payment channel expires or both participants agree upon closing it (close channels), the last transaction is submitted to and saved on the blockchain (send closing transaction). Subsequently, hosts should immediately create new payment channels with either no funding or a small funding to contribute to the network’s stability by routing transactions between unconnected participants. Tokens rewarded for sharing a private broadband connection should be periodically paid out as fiat money to minimize the risks imposed by fluctuating exchange rates. Further, to account for fluctuating exchange rates of cryptocurrencies, the reward could use a pegged exchange rate to one or multiple major currencies. 7 EVALUATION 7.1 Scenario-based Evaluation Evaluation is a central and essential activity in conducting rigorous DSR. Venable, et al. [34] note that without evaluation, DSR yields only unsubstantiated design theories or hypotheses. Peffers, et al. [31] divide the evaluation task into the activities of demonstration and evaluation. Thereby, demonstration proves that an artifact feasibly works to solve one or more instances of a problem. An evaluation then presents how well an artifact supports a solution in a formal and extensive way. Thereby, one can generally choose from multiple techniques, including observational methods (e.g. case studies or field studies), analytical methods (e.g. static analysis or optimization), experimental methods (e.g. controlled experiments or simulations), testing methods (e.g. functional testing and structural testing), and descriptive methods (e.g. informed argument and scenarios) [32, 33]. ACM Trans. Manage. Inf. Syst. We have already demonstrated the capabilities of our reference architecture for conducting transactions in blockchain-based Wi-Fi sharing networks by describing its main components as well as their relationships in the sequence diagram in Figure 7. In the following, we evaluate the developed architecture by drawing upon Venable, et al. [34]. We do so to clarify its usefulness, to control for undesirable consequences, and to identify existing improvement potentials. Due to the novelty of blockchain technology as well as of Wi-Fi sharing networks, we decided to evaluate our architecture based on a realistic scenario, not on a workable implementation. Thereby, we evaluate the proposed architecture with a buyer-sided focus (i.e., the user or guest of networks). We define our evaluation scenario in the context of smart tourism [50], in particular the travel abroad for the purposes of vacation or business. While the demand for Internet availability is generally growing [40], travelers face excessive costs for data access within foreign mobile communication networks. Besides yielding several benefits, including cost reductions, performance increases, and unrestricted data usage, shared-Wi-Fi networks also enable travelers to access important Web services, such as instant messaging or Web-based navigation. Hence, they can contribute to more convenient traveling by providing the means to access necessary information for various purposes. Similar requirements arise from scenarios in a traveler’s home country, for example, when he or she visits an indoor location with poor mobile network coverage or an event location network congestion. Despite advances such as 5G networks, it is often more cost effective to set up Wi-Fi hotspots, which could be made available to the traveler using our architecture. The architecture proposed in this study is fully capable of addressing the requirements of the introduced scenarios. Travelers typically require an ad-hoc information flow to find shortest routes, plan activities, and react to unforeseen events or to pass time while waiting. By using payment channel networks, only opening and closing a transaction is committed to and saved on the blockchain. After establishing the connection, this facilitates travelers to gain Internet access quickly and to find necessary information without delays. Furthermore, transaction costs only incur when opening or closing a payment channel. Hence, travelers face neglectable costs for most transactions, which fosters their willingness to participate and use network infrastructures. Because hotspots can not only establish bilateral connections with single travelers but also serve as intermediaries for participants that are not directly connected, the architecture ensures high connectivity, stability, and coverage. Consequently, the architecture enables travelers to connect to the Wi-Fi sharing network, even if they frequently change locations. Ultimately, travelers are typically cautious when using services in foreign countries or unknown locations. Besides transaction and data security, they demand trust-building mechanisms that curtail fraudulent behavior. Our artifact addresses these requirements twofold. First, it draws upon security-based approaches and enables users to establish connections to their own private network. This ensures that communication and data traffic is routed over their own infrastructure and that sensitive data cannot be captured. Second, as the architecture provides mechanisms for incremental and simultaneous invoicing, fraudulent behavior leads to the instant termination of payment channels and travelers face little risks imposed by prepaying considerable amounts without receiving services as a compensation. Cf. also Table 2 for a summary of our argument. ACM Trans. Manage. Inf. Syst. Table 2: Summary of Design Requirement Fulfilment. Risk or Threat Wi-Fi Sharing Network Using Blockchain and Payment Channel Networks S#IA Infrastructure attacks harm the user him- or herself, as he or she is forwarded directly to his or her own private network via VPN. There is no access to the host’s network at any time . Addressed by DP3 and DP4. S#RE The host provides only a limited range of its bandwidth over which the user connects directly to his own network. Any exploitation of resources would thereforeb e at the user’s own expense. An open technology stack can assist further in providing a scalable environment. Addressed by DP1, DP2, DP3, DP12, and DP13. S#B Similar to S#RE, blacklisting would be at the user’s disadvanag t e, as he or she accesses the Internet via his or her own private connection and, thus, the user’s (pulbic) IP assigned by his or her Internet service provider. Addressed by DP1, DP2, DP3, and DP4. S#FA Since our reference architecture benefits from the immutability of blockchain networks, each access point has a unique, non-falsifiable ID associated with a dynamic trust score that ensures that the user only connects with trusted access points. We acknowledge that a further layer for trusted ID to prevent fraudulent actors from generating new IDs may be necessary to fully implement this solution. However, since first solutions for this problem such as, blockchain-based know-your-customer are getting implemented [51], we have marked it as partially addressed in Table 1 . Addressed by DP5,DP6, and DP11. S#UPT As with S#IA, S#RE, and S#B, user profiling and traceability (S#UPT) also benefits from the strict separation of the host’s private network and the users’ accessed private network. This way, neither the host can intercept the connected user’s data or connection portocols, nor vice versa. Additionally, the usage of payment channel networks allows for better transaction privacy compared to on-chain transactions [26, 49]. Addressed by DP1, DP2, DP3, and DP4. AU#AC The only application confinement the user might experience can occur due to limitations of local resources. Exemplarily, the user’s hardware might run outo f power, or the host might power off the only connected access point resulting in connection failures. Further, the user is likely to not have full bandwidth of his or her private Internet access, as he or she ise s rtricted to the host’s (shared) bandwidth. However, assuming high participation, at least in urban areas, the latter two limitations will fad e as the Wi-Fi sharing networks are capable to establish multiple simultaneous connections. Addressed by DP3, DP7, DP11, and DP12. AU#AS The user will not experience any restrictions to his or her privately subscribed services. This is since the user connects via VPN to his private network and, thus, each resource the user accesses – including websites, infrastructure, or services – will treat the user as he were accessing from his home network. Addressed by DP3. AU#LT Hosts sharing his or her Internet access do not have to fear any risks in regard of legal infringements or tarnished reputation due to the user’s misbehavior. Again, u de to the VPN, any violation is committed directly by the user’s network . Addressed by DP1, DP2, DP3, and DP4. AR#RO The user carries the risk of not receiving compensation for the last completed transaction. However, due to the instant initiation of payment channels as well as the low value of each micro -transaction, this cost is neglectable. Consequently, malicious hotspots will not get economic benefits by misbehaving or trying to take advantage of on-sided revenues. Finally, we include a trust score that penalizes any detected misbehavior and, thus, clears the network from fraudulent access points. Addressed by DP6, DP7, DP8, DP9, DP11, and DP13. ACM Trans. Manage. Inf. Syst. AR#RR Users and hosts do not have any risk of repudiation as we outsource any payment processing to payment channel networks operating on an immutable blockchain. Thus, there is no risk for users and hosts alike of paying too much or receiving less, respectively. Addressed by DP5, DP9, DP10, DP13, and DP14. Despite these benefits, evaluating the scenario also revealed shortcomings, which should be addressed by future research. First, opening payment channels requires submitting a transaction to the blockchain. As this can not only take up considerable time but also requires an active Internet connection, it seems problematic for travelers abroad. However, there are ways to mitigate these shortcomings: While on older blockchains such as Bitcoin, opening a payment channel and, therefore, joining a payment channel network takes around 20 minutes [29], newer blockchain protocols offer much faster transaction times that only take a few seconds to be finalized. Additionally, the host network could provide a gateway to the blockchain network for every user that only serves the purpose to open and close payment channels. This would still mean that the user’s blockchain wallet should always have sufficient funds to open a payment channel. The process of buying the needed cryptocurrency for fiat money in advance is, therefore, still an open issue, that must be solved until cryptocurrencies experience widespread adoption. Furthermore, many scattered mobile devices that simultaneously use network infrastructures can produce a significant overhead due to the creation of VPNs and, thus, reduce network performance as well as available bandwidth. While the increase in package size due to VPN overhead is only about two percent, the overhead does not affect the host network. However, the computational overhead for encrypting and decrypting traffic can negatively affect the performance for the end user, especially if he or she has multiple devices connected to the home network via VPN [52]. Ultimately, network usage depends strongly on available payment methods. As the number of available currencies is constantly growing, determining a single payment method can hamper user adoption as well as their participation willingness. This is mostly due to the need of maintaining multiple wallets on different platforms, which would increase management and transaction cost. 7.2 Assessment of Design Principle Expressiveness Due to the nascent nature of our research and the absence of an instantiation, we employed the evaluation of our design principles [34] summative by conducting a workshop with experts in blockchain applications. In the workshop, we evaluated our design principles by employing Janiesch et al.’s assessment of design principle expressiveness [53] based on Recker et al.’s test of ontological expressiveness [54]. That is, we discussed with the participants whether our design principles are free of principle deficit, principle redundancy, principle overload, and principle excess. In doing so, we tested whether we do not miss principles to describe real-world phenomena, we do not provide more principles than required for a single phenomenon, we do not provide principles that can be used to describe more than one phenomenon, and we do not provide principles that are not relevant to describe phenomena [53]. The workshop was held online with four participants from three organizations and lasted for more than an hour. We explained the assessment of design principle expressiveness and presented an iteration prior to the final design principles that we described in Section 4. Further, we detailed the architecture framework, before we discussed the design principles’ expressiveness in light of the architecture framework. In this prior iteration, DP1 and DP2 were only recorded as DP1 and DP9 did not yet exist. All other DP remained the same except for minor wording changes. Table 3 summarizes the participants of the workshop. ACM Trans. Manage. Inf. Syst. Table 3: Workshop Participants. # Role Company Sector Company Size Senior Consultant R&D Software Development Small and medium-sized enterprise Product Manager Software Development Small and medium-sized enterprise Junior Software Developer Software Development Small and medium-sized enterprise Researcher Education & Research Public research university All participants are experts in the field of blockchain-based applications and are knowledgeable in software engineering. They were given a handout prior to the workshop with an excerpt of the paper. In the workshop, we explained the concept of design principles and design principle expressiveness before we detailed the actual design principles and discussed the architecture framework. All participants confirmed to have understood the concept of design principles and evaluating design principle expressiveness in terms of principle deficit, principle redundancy, principle overload, and principle excess. Overall, the participants confirmed the design principles’ expressiveness. In the discussion a few aspects emerged that required clarification. Most of those were related to the inner workings of payment channel networks and blockchains and, thus, unrelated to our design principles. These issues could be clarified by providing further information about a suitable instantiation of the principles as proposed in Section 6. Some comments related to the clarity of design principles. In particular, the participants agreed that the first design principle suffered from mild overload as a user and a host perspective was combined into one design principle. To improve clarity, we have split this design principle into DP1 and DP2 to reflect both perspectives even though the phenomenon for both design principles could be argued to be secure system access. Additionally, we used more precise wording for some design principles. Further, participant #1 noted that a dynamic trust score is not necessary for every role (DP11). We acknowledged the impreciseness and now refer to hosts rather than users. We checked the remaining design principles for inconsistent or ambiguous wording. In addition, participant #4 pointed out that a user and a host need to explicitly agree on a cost structure to avoid overcharging . While this is implicitly available through payment channel networks, it may not be for other instantiations. Hence, we have included this as DP9. Lastly, participant #1 pointed out that DP12 could be considered excess or at least optional from a pure technical perspective. After careful consideration and discussion with the participants, we decided to retain the design principle due to its socio-technical importance for user adoption and acceptance. 7.3 Testable Propositions and Key Performance Indicators Since our evaluation using the scenario technique and a workshop was descriptive and thus of artificial summative nature, in the following we propose testable propositions to evaluate our artifact using either observational or experimental methods for a socio-technical evaluation and analytical or test methods for the technical evaluation [32, 33]. This will enable a naturalistic evaluation of human risk and effectiveness [34]. Concerning the socio-technical aspects, we propose to perform a lab experiment and possibly at a later stage a field experiment to evaluate user satisfaction with our artifact as we expect that an instantiation of our artifact (i.e. the reference architecture) will result in better satisfaction of both consumers and providers of the Wi-Fi sharing network. We expect the results to be more significant when using mobile Internet services abroad. That is, the independent variable is the software support of the building process of a service platform. Thus, for further evaluation, we propose the following testable propositions: ACM Trans. Manage. Inf. Syst.  P1. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using an IT artifact that only supports adequate accounting mechanisms. Analogously:  P2. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using an IT artifact that only supports adequate security and performance. As a baseline, we deem it necessary to test the following propositions as regards comparisons with approaches without any IT support as well:  P3. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using no Wi-Fi sharing. One way to design an experiment for testing these propositions is to use a 2x2 factorial design along the dimensions of accounting and security with four groups of subjects, which will be in the following four treatments: (a) no Wi-Fi sharing, (b) an IT artifact that supports adequate accounting mechanisms, (c) an IT artifact that supports better security and performance, and (d) an IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance. Concerning technical evaluation aspects, we propose to use analytical methods and test cases to measure the performance of our artifact to substantiate that its speed and security is at least on par with the state-of-the-art. Therefore, we propose a set of two primary indicators that can be measured: the transaction cost and the connection throughput. There are previous studies that examine both indicators. However, they are restricted to subsets of the proposed functionality. For example, there are studies on network and computational overhead for VPN connections [52], and studies for network and computational overhead for payment channel networks [55]. To technically evaluate our architecture, we propose a cost model that combines these two costs. For the payment channel cost, we include the overhead for routing the payment through the network, which increases for the number of users in the network. However, the probability to route a payment successfully through the network increases for a larger number of users. If there is no way to route payments directly from the user of the Wi-Fi sharing network, an additional channel has to be created, which is associated with transaction cost. See Table 4 and equation (1) for the operationalization. ACM Trans. Manage. Inf. Syst. Table 4: Cost Indicators for Evaluation. Symbol Description Number of users of the payment channel network Cost of calculating the route through the payment channel network Probability of finding a route between client and network operator Cost of creating a new channel Cost associated with VPN overhead Total cost of using the network (1) Calculating the cost per throughput and comparing it with existing systems provides another means to judge the efficacy of the system. However, it must be put in relation with the testable proposition above as the security gains and user satisfaction factor in the overall assessment as well. Users may be content with a slightly lower performance if the security gains and accounting risks are improving substantially over existing solutions. Hence, at this point it is not only a technical issue but rather a socio-technical tradeoff of technology use and acceptance. 8 CONCLUSION AND OUTLOOK Due to its capabilities to ensure ubiquitous Internet access and to reduce the utilization of mobile network capacities, the concept of Wi-Fi sharing holds many potentials. While numerous approaches have been introduced in the past, most of them cannot sufficiently address the diverse requirements of workable Wi-Fi sharing networks. While trust- based approaches require a trusted intermediary and cannot prevent malicious behavior conducted through fake profiles, security-based concepts lack adequate accounting mechanisms. Recent blockchain-based approaches provide the means to eliminate intermediaries and to build trust among users through immutability and transparency. However, they are hardly capable of realizing the technology’s full potentials, as they lack performance and scalability and primarily support bilateral connections between participants. Against this backdrop, we developed a reference architecture for fast, scalable, and reliable Wi-Fi sharing networks based on the combined use of the blockchain technology and payment channel networks. We collected requirements for workable Wi-Fi sharing networks and answered the first research question. To answer the second research question, we employed a DSR approach to develop design principles and an integrated architecture that comprises the layers of agent, application, infrastructure, and environment. We demonstrated and evaluated its applicability and usefulness by illustrating all phases of a payment channel lifecycle. Our results suggest that the proposed reference architecture can address the most significant shortcomings of established approaches and provides innovative means to conduct and route transaction without the need for a trusted intermediary. The applicability of the reference architecture is not limited to the case of Wi-Fi sharing networks, but can improve other network solutions, especially those involving micro-transactions between multiple independent participants. Still, this research is not without limitations. Although our literature search procedure was designed to identify the most relevant and actual contributions, research on blockchain technology, payment channel networks, and Wi- Fi sharing is still at an immature level and scattered across multiple platforms and outlets. Furthermore, each research stream constitutes a growing and dynamic field. Hence, we cannot eliminate the possibility that we missed single contributions that might have offered additional insights for our study. Furthermore, a more detailed and ACM Trans. Manage. Inf. Syst. practice-oriented evaluation is necessary to provide more definite evidence into practical aspects, such as user adoption, network performance, and resistance to network and data security threats. Further, our research does not explicitly cover the organizational implementation of the reference architecture making available Wi-Fi sharing networks to users. Open questions remaining to be answered are naturally centered on the governance of the system. That is, who is going to build it and operate it? Will utility or governance tokens assist ensuring a completely decentralized governance? Due to the focus of our research on the development of design principles and a reference architecture for an IT system, we have not covered these organizational aspects. Nevertheless, before making available Wi-Fi sharing networks based on our research, these questions must be asked and answered. ACKNOWLEDGEMENT This work has been developed in the project PIMKoWe. PIMKoWe (reference number: 02P17D160) is partly funded by the German ministry of education and research (BMBF) within the research program I ndustrie 4.0 Kollaborationen in dynamischen Wertschöpfungsnetzwerken (InKoWe) and managed by the Project Management Agency Karlsruhe (PTKA). The authors are responsible for the content of this publication. REFERENCES [1] G. Camponovo and D. Cerutti: WLAN Communities and Internet Access Sharing: A Regulatory Overview. In International Conference on Mobile Business (ICMB), pages 281-287, 2005. [2] P. A. Frangoudis, G. C. Polyzos, and V. P. Kemerlis. Wireless community networks: an alternative approach for nomadic broadba nd network access. IEEE Communications Magazine, 49(5):206-213, 2011. [3] Z. Cao, J. Fitschen, and P. Papadimitriou: Social Wi-Fi: Hotspot sharing with online friends. In 2015 IEEE 26th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), pages 2132-2137, Hong Kong, 2015. [4] S. Dimatteo, P. Hui, B. Han, and V. O. K. Li: Cellular Traffic Offloading through WiFi Networks. In Eighth International Conference on Mobile Ad- Hoc and Sensor Systems, pages 192-201, Valencia, 2011. [5] D. Leroy, G. Detal, J. Cathalo, M. Manulis, F. Koeune, and O. Bonaventure. SWISH: Secure WiFi Sharing. Computer Networks, 55(7):1614-1630, [6] F. Shi, Z. Qin, and J. A. McCann: OPPay: Design and Implementation of a Payment System for Opportunistic Data Services. In 37th International Conference on Distributed Computing Systems (ICDCS), pages 1618-1628, Atlanta, GA, 2017. [7] L. Mamatas, I. Psaras, and G. Pavlou. Incentives and Algorithms for Broadband Access Sharing. ACM SIGCOMM Workshop on Home networks, pages. 19-24, New Delhi, ACM, 2010. [8] R. Beck, J. S. Czepluch, N. Lollike, and S. Malone: Blockchain: The Gateway to Trust -Free Cryptographic Transactions. In 30th European Conference on Information Systems, pages 1-14, Istanbul, 2016. [9] S. Nakamoto. Bitcoin: A Peer-to-peer Electronic Cash System. 2008, https://bitcoin.org/bitcoin.pdf. [10] R. Alt. Electronic Markets and current general research. Electronic Markets, 28(2):123-128, 2018. [11] B. Gipp, N. Meuschke, and A. Gernandt: Trusted Timestamping using the Crypto Currency Bitcoin. In iConference, pages 1-6, Newpoart Beach, CA, 2015. [12] F. Tschorsch and B. Scheuermann. Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies. IEEE Communications Surveys & Tutorials, 18(3):2084-2123, 2016. [13] K. Fanning and D. P. Centers. Blockchain and its Coming Impact on Financial Services. Journal of Corporate Accounting & Finance, 27(5):53-57, [14] J. J. Sikorski, J. Haughton, and M. Kraft. Blockchain Technology in the Chemical Industry: Machine -to-machine Electricity Market. Applied Energy, 195:234-246, 2017. [15] P. Rogaway and T. Shrimpton. Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second - Preimage Resistance, and Collision Resistance. International Workshop on Fast Software Encryption, pages. 371-388, Delhi, 2004. [16] M. Risius and K. Spohrer. A Blockchain Research Framework. Business & Information Systems Engineering, 59(6):385-409, 2017. [17] R. Beck and C. Müller-Bloch. Blockchain as Radical Innovation: A Framework for Engaging with Distributed Ledgers as Incumbent Organization . 50th Hawaii International Conference on System Sciences, Hawaii, HI, 2017. [18] J. Yli-Huumo, D. Ko, S. Choi, S. Park, and K. Smolander. Where Is Current Research on Blockch ain Technology? A Systematic Review. PLOS ONE, 11(10):1-27, 2016. [19] M. Swan. Blockchain: Blueprint for a New Economy. O'Reilly Media, Inc., Beijing, 2015. [20] J. Derks, J. Gordijn, and A. Siegmann. From chaining blocks to breaking even: A study on the profitability of bitcoin mining from 2012 to 2016. Electronic Markets, 28(3):321-338, 2018. [21] A. Beikverdi and J. Song: Trend of Centralization in Bitcoin's Distributed Network. In 16th International Conference on Softw are Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pages 1-6, Takamatsu, 2015. [22] C.-T. Li, C.-Y. Weng, C.-C. Lee, and C.-C. Wang. A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System. Journal of Medical Systems, 39(11):144, 2015. ACM Trans. Manage. Inf. Syst. [23] M. Bellare, C. Namprempre, and G. Neven. Security Proofs for Identity-Based Identification and Signature Schemes. Journal of Cryptology, 22(1):1-61, 2009. [24] S. Ahangama and D. C. C. Poo: Credibility of Algorithm Based Decentralized Computer Networks Governing Personal Finances: The Case of Cryptocurrency. In International Conference on HCI in Business, Government and Organizations, pages 165-176. Springer, Cham, 2016. [25] M. Avital, R. Beck, J. King, M. Rossi, and R. Teigland. Jumping on the Blockchain Bandwagon: Lessons of the Past and Outlook to the Future. International Conference on Information Systems, pages. 1-6, Dublin, 2016. [26] G. Malavolta, P. Moreno-Sanchez, A. Kate, M. Maffei, and S. Ravi. Concurrency and Privacy with Payment-Channel Networks. ACM SIGSAC Conference on Computer and Communications Security, pages. 455-471, Dallas, TX, ACM, 2017. [27] E. Rohrer, J.-F. Laß, and F. Tschorsch: Towards a Concurrent and Distributed Route Selection for Payment Channel Networks. In European Symposium on Research in Computer Security, pages 411-419. Springer, Cham, 2017. [28] C. Decker and R. Wattenhofer: A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels. In Symposium on Self- Stabilizing Systems, pages 3-18. Springer International Publishing, Cham, 2015. [29] J. Poon and T. Dryja. The Bitcoin Lightning Network: Scalable Off-chain Instant Payments. Draft Version 0.592. 2016, https://lightning.network/lightning-network-paper.pdf. [30] P. McCorry, M. Möser, S. F. Shahandasti, and F. Hao: Towards Bitcoin Payment Networks. In Australasian Conference on Information Security and Privacy, pages 57-76. Springer, Bisbane, 2016. [31] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee. A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems, 24(3):45-77, 2007. [32] A. R. Hevner, S. T. March, J. Park, and S. Ram. Design Science in Information Systems Research. MIS Quarterly, 28(1):75-105, 2004. [33] J. Venable, J. Pries-Heje, and R. Baskerville: A Comprehensive Framework for Evaluation in Design Science Research. In International Conference on Design Science Research in Information Systems, pages 423-438. Springer, Berlin, 2012. [34] J. Venable, J. Pries-Heje, and R. Baskerville. FEDS: a Framework for Evaluation in Design Science Research. European Journal of Information Systems, 25(1):77-89, 2016. [35] L. Chandra, S. Seidel, and S. Gregor: Prescriptive Knowledge in IS Research: Conceptualizing Design Principles in Terms of Ma teriality, Action, and Boundary Conditions. In 48th Hawaii International Conference on System Sciences, pages 4039-4048, Kauai, HI, 2015. [36] R. N. Clarke. Expanding Mobile Wireless Capacity: The Challenges Presented by Technology and Economics. Telecommunications Policy, 38(8):693-708, 2014. [37] Cisco. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016–2021 White Paper. 2017, https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.pdf. [38] A. Khan, W. Kellerer, K. Kozu, and M. Yabusaki. Network Sharing in the Next Mobile Network: TCO Reduction, Management Flexibility, and Operational Independence. IEEE Communications Magazine, 49(10):134-142, 2011. [39] M. Seufert, V. Burger, and T. Hoßfeld: HORST - Home Router Sharing Based on Trust. In 9th International Conference on Network and Service Management (CNSM 2013), pages 402-405, Zurich, 2013. [40] N. Sastry, J. Crowcroft, and K. R. Sollins: Architecting Citywide Ubiquitous Wi-Fi Access. In ACM Workshops on HotNets-VI, pages 1-7, 2007. [41] C. B. Lafuente, X. Titi, and J. M. Seigneur: Flexible Communication: A Secure and Trust-Based Free Wi-Fi Password Sharing Service. In 10th International Conference on Trust, Security and Privacy in Computing and Communications, pages 706-713, Changsha, 2011. [42] P. Vidales, A. Manecke, and M. Solarski: Metropolitan Public WiFi Access Based on Broadband Sharing. In Mexican International Conference on Computer Science, pages 146-151. IEEE, Mexico City, 2009. [43] E. Y. Daraghmi and S.-M. Yuan. We are so Close, less than 4 Degrees Separating You and Me! Computers in Human Behavior, 30:273-285, 2014. [44] D. Trček. Computational Trust and Reputation Management. Trust and Reputation Management Systems: An e-Business Perspective, pages 21-54. Springer, Cham, 2018. [45] K. Lakshminarayanan and V. N. Padmanabhan. Some Findings on the Network Performance of Broadband Hosts. 3rd ACM SIGCOMM Conference on Internet Measurement, pages. 45-50, Miami Beach, FL, ACM, 2003. [46] B. Notheisen, F. Hawlitschek, and C. Weinhardt. Breaking Down the Blockchain Hype: Towards a Blockchain Market Engineering Approach. 25th European Conference on Information Systems, pages. 1062-1080, Guimarães, 2017. [47] A. Hofmann: Building Scalable Blockchain Applications: A Decision Process. In 15th International Conference on Design Science Research in Information Systems and Technology. Lecture Notes in Computer Science vol. 12388, pages 309-320 Springer, Kristiansand, 2020. [48] S. Mercan, E. Erdin, and K. Akkaya. Improving transaction success rate in cryptocurrency payme nt channel networks. Computer Communications, 166:196-207, 2021. [49] E. Erdin, S. Mercan, and K. Akkaya. An Evaluation of Cryptocurrency Payment Channel Networks and their Privacy Implications. ITU Journal on Future and Evolving Technologies, 2(1):1-10, 2021. [50] U. Gretzel, M. Sigala, Z. Xiang, and C. Koo. Smart tourism: foundations and developments. Electronic Markets, 25(3):179-188, 2015. [51] N. Singhal, M. K. Sharma, S. S. Samant, P. Goswami, and Y. A. Reddy. Smart KYC Using Blockchain and IPFS. In V . K. Gunjan, S. Senatore, A. Kumar, X.-Z. Gao, and S. Merugu (eds.) Advances in Cybernetics, Cognition, and Machine Learning for Communication Technologies. Lecture Notes in Electrical Engineering, vol. 643, pages 77-84. Springer, Berlin, 2020. [52] T. Berger. Analysis of Current VPN Technologies. 1st International Conference on Availability, Reliability and Security (ARES), pages. 108-115, Vienna, IEEE, 2006. [53] C. Janiesch, C. Rosenkranz, and U. Scholten. An Information Systems Design Theory for Service Network Effects. Journal of the Association for Information Systems, 21(6):1402-1460, 2020. [54] J. Recker, M. Rosemann, P. Green, and M. Indulska. Do Ontological Deficiencies in Modeling Grammars Matter? MIS Quarterly, 35(1):57-79, 2011. [55] V. Sivaraman, S. B. Venkatakrishnan, K. Ruan, P. Negi, L. Yang, R. Mittal, G. Fanti, and M. Alizadeh. High Throughput Cryptocurrency Routing in Payment Channel Networks. 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages. 77 7-796, Santa Clara, CA, 2020. ACM Trans. Manage. Inf. Syst. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Management Information Systems (TMIS) Association for Computing Machinery

An Architecture Using Payment Channel Networks for Blockchain-based Wi-Fi Sharing

Download PDF
24 pages

Loading next page...
 
/lp/association-for-computing-machinery/an-architecture-using-payment-channel-networks-for-blockchain-based-wi-BVRJbRmwoq
Publisher
Association for Computing Machinery
Copyright
Copyright © 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ISSN
2158-656X
eISSN
2158-6578
DOI
10.1145/3529097
Publisher site
See Article on Publisher Site

Abstract

An Architecture Using Payment Channel Networks for Blockchain-based Wi-Fi Sharing An Architecture for Blockchain-based Wi-Fi Sharing CHRISTIAN JANIESCH TU Dortmund University, Dortmund, Germany, christian.janiesch@tu-dortmund.de MARCUS FISCHER InnoBrain GmbH, Würzburg, Germany, marcus.fischer@inno-brain.de FLORIAN IMGRUND InnoBrain GmbH, Würzburg, Germany, florian.imgrund@inno-brain.de ADRIAN HOFMANN University of Würzburg, Würzburg, Germany, adrian.hofmann@uni-wuerzburg.de AXEL WINKELMANN University of Würzburg, Würzburg, Germany, axel.winkelmann@uni-wuerzburg.de Enabling Internet access while taking load of mobile networks, the concept of Wi-Fi sharing holds many potentials. While trust- based concepts require a trusted intermediary and cannot prevent malicious behavior for example conducted through fake profil es, security-based approaches lack adequate accounting mechanisms and coverage. Against this backdrop, we develop a Wi-Fi sharing architecture based on blockchain technology and payment channel networks. Our contribution is twofold : First, we present a comprehensive collection of design principles for workable Wi -Fi sharing networks. Second, we propose and evaluate a reference architecture that augments current approaches with adequate accounting mechanisms and facilitates performance, scalability, security, and participant satisfaction. CCS CONCEPTS • Applied computing → Enterprise computing • Information systems → World Wide Web → Web applications → Electronic commerce → Secure online transactions • Networks → Network types → Wireless access networks → Wireless local area networks Additional Key Words and Phrases: Wi-Fi Sharing, Blockchain, Payment Channel Networks, Architecture 1 INTRODUCTION Wi-Fi sharing has become a topic of interest in research and practice [1-3]. It yields various benefits, including ubiquitous Internet access, lower utilization of mobile network capacities, and reduced need for maintenance due to decentralization and self-regulation. For instance, despite 5G availability and free Wi-Fi initiatives in some major cities, still the intrepid traveler often faces steep fees for data access once he or she leaves free roaming coverage. A global decentralized Wi-Fi sharing network with low entry barriers for both users and operators can be a remedy. For operators, such solutions can improve the perceived network and service quality by extending their services’ coverage and capacity [4]. To date, several initiatives have established public Wi-Fi infrastructures, so-called hotspots, thereby, providing individuals with the opportunity to share their private broadband connection with public guests. For example, Fon is an international company that offers a Wi-Fi community network with over 21 million hotspots around the world (see fon.com). However, current Wi-Fi sharing concepts have several constraints, such as user authentication or illegal behavior, and lack coverage, participation, and scalability [3, 5]. This is partly due to a one-sided dependence on network Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co -authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only. © 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM. 2158-656X/2022/1-ART1 $15.00 http://dx.doi.org/10.1145/3529097 ACM Trans. Manage. Inf. Syst. operators, who not only control price structures and terms of use, but also determine the network’s availability through their own customer reach and area coverage [6]. While most users are concerned about security issues and potential decreases in their private network performance, current solutions lack adequate incentives or benefits to compensate for these risks and, thus, to facilitate their participation in Wi-Fi sharing networks [6, 7]. Addressing these shortcomings, we propose a fast, reliable, and scalable reference architecture for Wi-Fi sharing based on blockchain technology and payment channel networks. The concept fundamentally builds upon two complementary components. First, a blockchain provides a distributed database for saving and securing transactions and building mutual trust among users within a network. Second, payment channel networks provide users with the means to conduct transactions without committing each of them to the blockchain, thus, enabling high network performance at low costs. Consequently, Wi-Fi sharing becomes uncoupled from traditional network operators and users face more incentives to participate in the network. With our research, we contribute to research on the effects of blockchain on networked business models in particular considering trusted third parties. We summarize our research questions as follows:  What are the requirements for secure and reliable Wi-Fi sharing networks and how are they addressed by current approaches and concepts?  Based on these requirements, what are design principles for the design of a reference architecture that facilitates the development of scalable, efficient, and secure Wi-Fi sharing networks? We employ a design science research (DSR) approach to develop our contribution. Consequently, this research centers on designing and developing an artifact in the form of a reference architecture for blockchain -based Wi-Fi sharing networks. We organize this paper as follows: In Section 2, we introduce the theoretical foundation on the concepts of blockchain and payment channel networks. Subsequently, we explicate our research method in Section 3. After collecting and analyzing the requirements for workable Wi-Fi sharing networks by detailing related work in Section 4, we develop and present 14 design principles for workable Wi-Fi sharing networks in Section 5. We instantiate them in a multi-layer reference architecture for Wi-Fi sharing networks in Section 6 and detail our evaluation efforts in Section 7. Section 8 concludes this research with a summary of findings, limitations, and future research potentials. 2 THEORETICAL FOUNDATIONS 2.1 Blockchain The blockchain describes a distributed transaction ledger that is duplicated across all participants in a network [8]. Transactions made on the blockchain are verified, grouped, and chronologically stored as a chain of data blocks. Blockchains can process different types of data and, unlike traditional networks, do not require trusted intermediaries due to the use of cryptography and game theory [9]. Initially viewed as an alternative for the bank- centered financial system, research and practice have recently introduced various blockchain application scenarios, which span across different sectors and industries including electronic markets [10]. From a technical perspective, blockchain-based systems build upon a decentralized database, cryptographic security measures, and consensus mechanisms, which provide the means for decentralized time stamping and agreement among multiple distributed participants [11]. Based on so-called smart contracts, blockchains can evaluate transactions against a set of programmable rules and, thus, enable parties, who do not fully trust each other, to interact [12]. In general, a blockchain represents an immutable distributed ledger in which transactions are recorded publicity as blocks chained in a chronologic order [13]. Each block is assigned with a unique identifier in the form of a hash, which is produced by running contents of a block through a cryptographic hash function [14]. To ensure ACM Trans. Manage. Inf. Syst. immutability, changes to the original data incur extensive and seemingly uncorrelated changes to the hash and require altering all data entries subsequently recorded on the blockchain [15]. As the blockchain is mirrored across all peers of a network, it provides full transparency regarding transactions and facilitates mutual trust and security [16]. Besides resolving conflicts among interacting agents in a network, the technology is capable of reducing information asymmetries without establishing a central instance [17, 18]. In practice, consensus mechanisms vary regarding their application scenarios. For example, public and anonymous blockchains require that mining new blocks is linked to a sufficient amount of cost to prevent the distribution of malicious content [17, 19, 20]. Proof-of- work (PoW) and proof-of-stake (PoS) are the most widespread and most researched consensus mechanisms today. These mechanisms demand high computational resources or high monetary resources, respectively, and can yield centralization and high costs [21]. To append a new block to the blockchain in PoW-based networks, the participants must find a specific value (referred to as nonce) that is combined with the transaction data of the block and the hash of the previous block. The value must be chosen such that the hash of the combined data starts with a string of zeros. The number of zeros is determined by the current difficulty of the protocol. Due to the use of cryptographic hash functions, the nonce cannot be calculated, but must be found through brute-force search, which is a massive computational effort and consumes large amounts of energy. This makes PoW-blockchain transactions expensive but very secure. If two different blocks are broadcasted simultaneously to the network, each node must choose which should be appended, by using this blocks hash for the calculation of the next block. After a few blocks, one version of the chain will be longer than the other, since more nodes agreed on this version and the other chain will be orphaned. Consensus here means, that the nodes agree on the longest chain, that is the chain with the most computational effort. PoS can be seen as a virtualized form of PoW. Here, the resources are not denoted by computational power, but monetary resources in the form of tokens on the blockchain. For each block, a validator is selected, based on the number of tokens they possess. PoS is generally considered less secure than PoW, since it has one major flaw: when two blocks are broadcasted simultaneously, nodes do not have to choose which one to keep. They can use their stake to produce blocks for each of the blocks to maximize their reward, resulting in a constantly forked blockchain. This is referred to as the nothing-at-stake problem. In a controlled environment, such as a private or permissioned blockchain network that consists of unique and known participants, computational load can be significantly reduced based on identity-based authentication schemes such as practical byzantine fault tolerance (PBFT) [22, 23]. Here, each participant votes for the next valid block. Since each participant has a unique identity, the system cannot be flooded with votes from fake identities. Furthermore, the voting process is conducted over multiple rounds to account for network errors and ensure correctness. Furthermore, several hybrid mechanisms exist for niche applications. However, all mechanisms rely on the appropriateness of predefined rules. Hence, it is important to ensure their correctness, reliability, and accuracy [24]. Although the number of mostly disruptive visions has grown tremendously in recent years, Avital, et al. [25] argue that neither research nor practice has fully grasped the technology’s true potential. In fact, most solutions remain premature, and implementations are limited to a preliminary proof of concepts. By conducting a comprehensive literature review, Risius and Spohrer [16] reveal that the current body of research has mostly focused on technological questions of design and features, while neglecting aspects associated with the application, value creation, and governance of blockchain solutions. 2.2 Payment Channels Networks Payment channels describe a class of techniques that enable users to conduct multiple transactions without committing single transactions to the blockchain [26]. In the case of purely bidirectional transactions, payment ACM Trans. Manage. Inf. Syst. channels constitute bilateral agreements between two parties. To establish a new connection, unconnected parties must constantly negotiate and agree over multiple aspects, thus, yielding high transaction costs and reducing performance and scalability. Against this backdrop, multiple users can build payment channel networks, which allow unconnected users to conduct transactions by routing payments over intermediaries [27]. These networks typically draw upon Hashed Timelock Contracts (HTLC), as a special class of smart contracts that is established between parties of a transaction and transferred to the blockchain for execution [28, 29]. While research and practice have introduced a variety of payment channel network concepts, this paper builds upon Poon-Dryja payment channels, which are implemented to conduct Bitcoin transactions in the Lightning Network [29]. Joining a payment channel network requires users to create a new channel that is connected to a network participant as well as to make a funding payment, which equals the overall transaction’s value [30]. Both parties must then agree to a set of rights and obligations to conduct a transaction. Initially, the network blocks the sender’s funding transaction until the receiver secures an equivalent refund transaction, which equals the outstanding amount [30]. This mechanism constitutes a money-back guarantee and ensures secure transactions, even if one partner is non-cooperative or seeks to conduct fraudulent behavior [29]. The blocking time also determines the closing of the corresponding payment channel [29]. We summarize and illustrate the functioning of payment channel networks with the example in Figure 1. 5 4 Sends secret inp ut R and Sends secret inp ut R and Bob receives 0.1 Bitcoin receives 0.1 Bitcoin Generates hashed time-lock contract Generates hashed time-locked contract (nTimeLock=3 day ; Amount= 0.1 Bitcoin) (nTimeLock=2 day ; Amount= 0.1 Bitcoin) Alice Carol Sends hash H to Alice, which was generated based on the secret inp ut R Has h H Random R Figure 1: Transactions in Payment Channel Networks. In this scenario, Alice sends 0.1 Bitcoin to Carol, while both are connected to each other through the intermediary Bob. Thereby, Carol creates hash H based on the secret random number R and sends it to Alice (1), who establishes an HTLC with Bob (2). The contract allows Alice to send 0.1 Bitcoin to Bob and requires both partners to agree on the following aspects: I. If Bob can create the known hash H from the random number R and send it to Alice within 3 days, Alice will compensate Bob with the amount of 0.1 Bitcoin. II. After three days, the contract is voided, and payments can neither be send nor requested. III. Subject to approval of Bob and Alice, the established contract can be closed prior to this time limit and withdrawals of any amount can be made. IV. If Bob or Alice breach any of these obligations, the full transaction amount is transferred to the counterparty. Subsequently, Bob and Carol must establish an equivalent HTLC that enables Carol to receive 0.1 Bitcoin from Bob (3). The contract requests Carol to create another hash H from the random number R and to transfer it to Bob ACM Trans. Manage. Inf. Syst. within two days (4). For a transaction between Carol and Alice, Bob transfers to Alice the random number R and demands 0.1 Bitcoin as a compensation (5). 3 RESEARCH DESIGN In this study, we apply a problem-centered DSR approach as suggested by Peffers, et al. [31]. Typical outcomes of DSR activities are artifacts, which include constructs, models, methods, and instantiations [32]. Being experts in the domain of practice-oriented applications of blockchain technology, we have noticed a lack of concepts for the efficient and secure sharing of private broadband capacity based on Wi-Fi sharing. We address this important unsolved problem in a unique and innovative way by developing two novel artifacts. First, we collect various requirements for Wi-Fi sharing and derive a set of design principles for solutions that resolve the weaknesses of current approaches and concepts. Second, we design an integrated reference architecture for Wi-Fi sharing networks, which fosters efficiency and security by combining the blockchain technology with payment channel networks. We demonstrate its applicability by describing how its main components interplay to enable fast and secure transactions between multiple users in shared Wi-Fi networks. With blockchain and payment channel networks, we use and integrate two concepts whose research and application are still at an early stage. We therefore rely on descriptive methods to evaluate the applicability and usefulness of the resulting artifact [33, 34]. Consequently, we consider this research as conceptual by nature, yielding far-reaching implications for future research and practice. We summarize the applied DSR approach as well as complementary methods in Figure 2. Problem Objectives of a Design and Evaluation Demonstration Conclusion Identification Solution Development • Current concepts • Collect require- • Develop design • Design a graphical • Discuss and • Summarize key for WiFi sharing ments for a principles for a representation as evaluate the findings lack efficiency workable workable solution well as flow chart reference archi- and scalability solution for for broadband to demonstrate the tecture based on • Identify broadband capacity sharing functionality and the scenario limitations as the • Core require- capacity sharing relationships of technique and an need to eventually ments are yet • Integrate the the reference expert workshop contextualize unknown and • Provide guidance proposed system architecture before application hamper the to foster future modules into a • Propose testable development of research and reference propositions and • Identify future suitable systems practical im- architecture for key performance research plementations of Wi-Fi sharing indicators for opportunities Wi-Fi sharing networks further measure- networks ments Figure 2: Overview of the DSR Approach based on Peffers, et al. [31]. In following a staged process, which allows for multiple iterations of the design principles to evolve, we aim at developing design principles, which describe a class of systems as a means for implementing Wi-Fi sharing networks. In an initial iteration, we identified and carved out the problem to be solved in discussions with an expert for business process management and an enterprise architect from a large German Internet service provider. During conceptual development, we formulated initial design principles and refined them in an iterative process of discussion and reflection with researchers as well as said business professionals, which resulted in further challenges and perspectives to consider in the next iterations. Our research built upon and benefited from this exchange with industry. We formulated our design principles according to Chandra, et al. [35]’s proposal for effective formulation, including materiality, action, and boundary conditions. We have provided the consolidated results of our research to academic as well as professional experts. We have incorporated the recommendations from academia and have not received any negative feedback from practice. For clarity reasons, in this paper we only describe the outcome of the final iteration and not prior configurations of artifacts. When those are referred to (e.g. in Section 7.2), we explicitly detail the differences to the final artifact. ACM Trans. Manage. Inf. Syst. 4 DESIGN REQUIREMENTS FOR Wi-Fi SHARING AND CURRENT APPROACHES 4.1 Potential Risks and Threats in Wi-Fi sharing Networks Due to a growing demand for mobile Internet applications, telecommunication infrastructures are at their capacity limit and cannot always deliver high performance during peak hours [36, 37]. Simultaneously, network operators must cope with a growing competition as well as with declining revenues and constantly increasing requirements for network performance and quality [38, 39]. Addressing these challenges requires them to invest into expanding current infrastructure or to identify and implement mechanisms to increase effectiveness. Thereby, both research and practice point to the vast potentials of accessing private landline broadband capacities in Wi-Fi sharing networks, which can reduce the overall usage of mobile network infrastructures [1-3]. To facilitate user participation and cost-effective operations, Wi-Fi sharing networks require an adequate system architecture that ensures security, efficient accounting, and service quality. In this research, we draw upon Leroy, et al. [5], who reduce the wide range of requirements to the three categories of security, administration, and accounting. We provide an overview of these requirements and specify corresponding risks and threats in Figure 3. Administrative challenges & Security threats Accounting risks usability problems Application Legal risks and Infrastructure User profiling and confinement tarnished reputation attacks (S#IA) traceability (S#UPT) (AU#AC) (AU#LT) Resource Fraudulent access Access to subscribed Risk of overcharge Risk of repudiation exhaustion points (S#FA) services (AU#AS) (AR#RO) (AR#RR) (S#RE) Blacklisting (S#B) Figure 3: Risks and Threats in Current Wi-Fi sharing Networks [5]. Regarding the dimension of security threats, a Wi-Fi sharing network must facilitate cooperative user behavior and sanction fraudulent actions respectively [3, 5, 40]. This entails preventing network infrastructure attacks (S#IA) as well as discouraging users from conducting malicious actions using resource exhaustion (S#RE), which can result in access points becoming blacklisted (S#B) by external service providers [5]. To further avoid phishing of sensible user data, the architecture must account for the various risks imposed by fraudulent access points through the emulation of fake Service Set Identifier (SSID) (S#FA), which can be used to intercept connections between users and access points [40]. Ultimately, Leroy, et al. [5] note that data processing must comply with presently enacted data protection laws, which prohibit various techniques for data analysis and interpretation, such as user profiling and activity tracing (S#UPT). Administration challenges and usability problems refer to a network’s capabilities to support users in achieving quantified objectives with effectiveness, efficiency, and satisfaction. Besides facilitating the solution’s perceived ease of use and intuitiveness, the category includes all functionalities, rules, and restrictions that point to application confinement and potentially hamper user adoption (AU#AC) [5]. It also regulates the accessibility of subscribed services (AU#AS), which are made available unintentionally through the Internet Protocol of the access point. Ultimately, the category addresses risks imposed by illegal actions of network users, which can yield losses in reputation or even legal implications (AU#LT) [5]. The category of accounting risks incorporates risks that emerge from service downtimes, that is the risk of user repudiation (AR#RR) or failure of service invoicing, in particular the risk of overcharging (AR#RO). In addition to the lack of non-corruptible invoicing mechanisms, Leroy, et al. [5] describe the absence of a trusted intermediary for a secure and liable payment handling as a major weakness of current Wi-Fi sharing networks. Considerably hampering user participation, this leads to a reduced network coverage and, thus, to decreases in the ACM Trans. Manage. Inf. Syst. perceived usefulness of the service. While all categories are important for building functioning Wi-Fi sharing networks, we consider adequate accounting mechanisms as their most essential component, as they facilitate mutual trust and provide users with incentives for participation. The threats and risks constitute our design requirements. 4.2 Shortcomings of Current Wi-Fi sharing Networks In general, we can distinguish between trust-based and security-based approaches. Trust-based approaches are mainly framed by the work of Cao, et al. [3], Seufert, et al. [39], and Lafuente, et al. [41]. Besides using intermediaries to facilitate trust among network participants, these approaches typically build upon authentication mechanisms from online social networks (OSN). Having logged in over an OSN, users can use a host’s broadband connection by either accessing his or her private network or a designated user network, which has been established for this specific purpose and is regulated by strict policy guidelines [42]. We summarize the main properties of trust-based Wi-Fi sharing networks in Figure 4. Core Host grants network full access either or Authentication via trusted intermediary (e.g. via OSN) Shared User Host grants network restricted access (VPN) 0 1 1 0 1 0 1 0 0 1 1 0 1 0 1 0 Access point 0 1 1 0 1 0 1 0 Connection established Figure 4: Trust-based Approach for Wi-Fi Sharing Networks. Cao, et al. [3] develop a Wi-Fi sharing network, which enables users to automatically discover and authenticate nearby networks that are operated by befriended people from social networks. Thereby, users can gain unrestricted access to a host’s private broadband connection by proving his or her identity over a relationship that has been established in an OSN. Disclosing a user’s identity can not only reduce the risk of malicious actions, but also provide incentives for participating in Wi-Fi sharing communities. Intended to be non-commercial, the service is not subject to risks associated with service invoicing. Based on the findings of Daraghmi and Yuan [43], we argue that implementing the approach is only feasible and beneficial if access points are also made available to friends of friends and, thus, beyond the scope of direct connections. As sharing private connections with further degrees of friends can reduce the network’s degree of trust, the approach suffers from a trade-off between security and reach. Seufert, et al. [39] introduce a similar approach. They use OSN primarily as socially aware traffic management systems to authenticate user identities. Users can provide additional information, which is used as meta-data to manage localization and access within the network. The approach supports rewarding or sanctioning user behavior with a trust score, which provides hosts with the opportunity to prevent user groups from accessing their shared network. In general, users can only access a network upon request and hosts manually decide whether to share an access point or not. Nevertheless, the approach allows authorized users to gain access over a separately managed virtual private network (VPN), which is established and ran independent from the private network’s infrastructure. Controlled by strict policy guidelines and separated from the network, non-authorized users can access the network over virtual access points. This discourages users from the unauthorized use of the host’s subscribed services and supports hosts in preventing infrastructure attacks, resource overloads, and service backlisting. The approach is a non-commercial service and fosters user participation. ACM Trans. Manage. Inf. Syst. Lafuente, et al. [41] propose a service for Wi-Fi password sharing, which enables authorized users to access a shared network directly. To ensure data security, it requires hosts to approve all incoming connection requests manually. Communication and data transfer between user and host are further secured by encryption mechanisms, which prevent attacks that seek to obtain sensible user information [41]. The authors further draw upon the concept of computational trust management [44] to ensure that passwords are only shared among trusted users. Although the proposed approach cannot fully prevent malicious actions, it facilitates cooperative user behavior. In summary, most trust-based approaches lack mechanisms to prevent malicious actions of non-cooperative users. By failing to address the requirements from Figure 3, however, these approaches pose manifold risks for hosts and users. This applies especially for the case of unsecured connections, which provide users with unrestricted access to private networks and all subscribed services. All concepts use authentication mechanisms from OSN to verify user identities. While this ensures trustable connections in many cases, it is not applicable when dealing with fake profiles that have been created to bypass such security barriers. Although Seufert, et al. [39] seek to address this issue by computing a user-specific trust score, their approach only yields adequate results if all users in a network have been identified by a trusted intermediary. Consequently, the feasibility of trust-based approaches relies strongly on the availability of intermediaries. By contrast, security-based approaches use a host’s infrastructure as an access point, over which a user establishes a VPN connection to its own private network. Secured by cryptography, these connections resolve host-sided security concerns and provide user with a full Internet access that is not restricted by external policy guidelines. We summarize the main properties of security-based Wi-Fi sharing networks in Figure 5. Host provides infrastructure User‘s home network Authentication via service application User VPN User’s mobile device Figure 5: Security-based Approach for Wi-Fi Sharing Networks. Sastry, et al. [40] introduce a Wi-Fi sharing network that builds upon VPNs to establish Internet connections for trusted users within a network. This entails that users can use a host’s access point to connect to their own private network, which then processes the session’s entire Internet traffic. Besides yielding increased network latencies as well as broadband restrictions of ~200 kbps in the case of asymmetric connections [45], the proposed concept can fully resolve latent trust dependencies between involved parties. As users gain access to the Internet over their own network, it can further overcome common security issues and usability restrictions. By using cryptography to encode communication and data transfer, users also benefit from higher security and trust. However, Sastry, et al. [40] neglect the risks imposed by fraudulent access points and build upon the assumption of generally cooperative network participants. Furthermore, the authors primarily sketch out the approach’s applicability for scenarios that entail a linear increasing resource consumption for communication encoding, which is due to network latencies in long distance connections. Leroy, et al. [5] augment the approach of Sastry, et al. [40] by using VPNs to establish encoded connections between a host’s and a user’s access point. The authors implement Roaming Authentication and Key Exchange (RAKE) for identity authentication. Furthermore, RAKE accounts for establishing and organizing the connection and determines explicit parameters necessary for authentication and encryption. By employing a lightweight accounting ACM Trans. Manage. Inf. Syst. protocol similar to the Transmission Control Protocol (TCP) slow-start approaches, the network can dynamically manage shared bandwidths and close connections in the case of fraudulent behavior to reduce financial impacts. While security-based approaches provide the means to address requirements related to security and administration, they lack adequate solutions for accounting. Although the approach of Leroy, et al. [5] supports hosts in minimizing monetary impacts, which can result from the early closure of a connection due to a user’s fraudulent behavior, it builds upon TCP and, thus, entails significant performance reductions in fast scaling networks. Furthermore, it requires the protocol’s implementation on all communicating routers to ensure the reliability and security of transferred data. Against the users’ preferences for high mobility and flexibility, the protocol lacks efficiency and responsiveness especially in the case of high round-trip times. As the round-trip times and, thus, the transfer of data between a host and a user’s private network can take up to several seconds, moving users that rapidly establish and close connections to hotspots are quickly out of the network’s reach. Although these mechanisms are considered typically to provide suitable means for establishing and securing bilateral communication channels between hosts and users, they hardly conform to the requirements of Wi-Fi sharing networks, which require multi-channel-based communication opportunities. To date, research has only paid limited attention to using the capabilities of blockchain technology for Wi-Fi sharing. Shi, et al. [6] suggest implementing smart contracts to establish a system capable of processing micro- transactions as payments for used capacities in Wi-Fi sharing networks. The authors motivate their approach by noticing that most data-sharing services lack user participation due to insufficient incentives. By drawing upon Leroy, et al. [5], they develop an accounting mechanism that uses a protocol that rewards cooperative users with a linearly growing bandwidth. The concept further enables hosts to terminate connections with non-cooperative transaction partners, which results in a complete loss of the transaction’s content. Implementing the approach requires small adaptations to the hosts’ access points as well as the installation of java-based application on the user’s device. Thereby, the protocol establishes a connection to a blockchain network (e.g., the Bitcoin network) and uses the corresponding infrastructure to conduct micro-transactions. Consequently, Shi, et al. [6] demonstrate the potentials of using blockchain technology for conducting micro-transactions in Wi-Fi sharing networks. Significant benefits arise from the implementation of payment channels to clear fine-grained data services incrementally, as corresponding accounting protocols neither require the existence of a trusted intermediary, nor demand the use of complex consensus mechanisms for transaction approval. In order to use smart contracts to conduct micro- transactions instantaneously, the Wi-Fi sharing network must register each contract stored within the blockchain. Thus, the entire payment logic is stored within the smart contract itself and executed on a local connection between users and hosts. Table 1 summarizes these approaches and links them to the respective risks and threats of Figure 3. Furthermore, it clarifies that trust-based approaches are excellently suited to minimize or address security-relevant and administrative problems. Due to their low flexibility toward scalability, however, respective approaches do not meet the demands of a highly available and widely accessible solution, which is a prerequisite for the viability of Wi-Fi sharing networks in practice. Security-based approaches, on the other hand, do not have the usual limitations of scalability that result from the lack of reliable authentication mechanisms. Due to their single-channel-based communication semantics, however, hopping to and from another router, as is required in Wi-Fi sharing to not being bent to the local range of a particular terminal, is not efficient. Consequently, users encounter interruptions or extended waiting times when physically moving forward. As shown in Table 1, the current state-of-the-art addresses most requirements linked to the first two categories. In fact, the use of VPNs can increase security and facilitate cooperative user behavior. Despite constraints regarding their resource consumption and limited performance, corresponding approaches yield multiple benefits, as users connect to their own private network and, thus, do not face accessibility restrictions or risks imposed by data ACM Trans. Manage. Inf. Syst. security. Thus, users cannot only hide their browsing habits but also eliminate the possibility of being tracked or profiled by third-party providers. Table 1: Summary of Design Requirement Coverage in Current Solutions for Wi-Fi Sharing Networks. S# S# S S# S#UP AU# AU# AU# AR#R AR#R Reference Approach IA RE #B FA T AC AS LT O R Cao, et al. [3] O O O O / / / O / / Trust-based Seufert, et al. [39] O X X O / / X X / / Trust-based Lafuente, et al. [41] O O O / / / / / / / Trust-based Sastry, et al. [40] X X X / X X X X / / Security- based Leroy, et al. [5] X X X / X X X X X X Security- based Shi, et al. [6] / / / / / / / / X X Blockchain- enhanced Our Approach X X X O X X X X X X Blockchain- enhanced X: addressed directly by the approach used; O: addressed indirectly by the approach used; /: Not addressed by the approach us ed. 5 DESIGN PRINCIPLES FOR SECURE AND RELIABLE Wi-Fi SHARING NETWORKS Addressing the abovementioned design requirements, our approach inheres the benefits of Leroy, et al. [5]’s work by implementing a security-based approach, while bypassing its scalability issues by transferring communication and session management to a blockchain-enabled authentication mechanism as initially proposed by Shi, et al. [6]. We further increase the flexibility of payment processing, which Shi, et al. [6] have identified as still problematic, by implementing payment channel networks for micro-payments. As there is already robust research on how to set up and implement security-based Wi-Fi sharing networks, our referenced solution focuses on providing a scalable mechanism that enables intermediary-free payment processing. Based on relying on the effectiveness of blockchain- enabled payment channel networks, we claim our approach to superior to current implementations. We derive five central design principles for secure and reliable Wi-Fi sharing networks based on the requirements derived from our survey of risks, threats, and related work:  DP1: Provide the system with a module for hosts to manage and organize the provided bandwidth in order for the system to provide access to the Internet.  DP2: Provide the system with a module for users to initiate and maintain a private network without sharing secret keys in order for the system to prevent decoding the connection.  DP3: Provide the system with a module to provide only bandwidth to the user while users are routed to their private network even if the user’s identity is known or has been approved by identity authentication mechanisms in order for the system to prevent users from conducting fraudulent actions.  DP4: Provide the system with a module to restrict user access to the host’s private network infrastructure even if the user’s identity is known or has been approved by identity authentication mechanisms in order for the system to prevent users from conducting fraudulent actions.  DP5: Provide the system with a module to identify access points clearly in order for the system to prevent security-related threats, such as eavesdropping users’ traffic or DNS server phishing. However, purely security-based concepts lack the means to cope with the requirements of the accounting category sufficiently. Due to their inability to implement immutable and non-corruptible payment protocols, ACM Trans. Manage. Inf. Syst. corresponding concepts lack feasibility and user participation, as services provided by participants cannot be accurately billed or compensated [5, 6]. This can sustainably reduce the usefulness of the entire Wi-Fi sharing network. Leroy, et al. [5] further notice that asymmetric communication channels cannot guarantee fairness regarding the billing of services without including a trustable intermediary or implementing expensive hardware for using complex consensus mechanisms. In addition to the three core elements of working Wi-Fi sharing networks, we can derive nine further design principles for the implementation of adequate accounting mechanisms:  DP6: Provide the system with a mutually trusted intermediary requiring a transaction history, which facilitates transparency by recording a user’s behavior in terms of data traffic, resource consumption, and incurred costs, in order for the system to ensure that connection data cannot be manipulated or corrupted.  DP7: Provide the system with a module to keep transaction costs to a minimum in order for the system to prevent large numbers of micro-payments.  DP8: Provide the system with a module to forgo transaction costs for the execution of instant payments in order for the system to regulate the duration of the connection.  DP9: Provide the system with a module to set up the transaction in order for the system to enable host and user to mutually agree on the usage cost.  DP10: Provide the system with a module for pre-payment in order for the system to increase the quality of service and to prevent both risks imposed by overcharging and repudiation.  DP11: Provide the system with accounting mechanisms using a dynamic trust-score in order for the system to facilitate cooperative host behavior and ensure high service levels in terms of infrastructure accessibility by rewarding hosts for cooperative behavior or high availability.  DP12: Provide the system with a protocol that is platform-independent in order for the system to avoid potential lock-in effects and facilitate user adoption and scalability.  DP13: Provide the system with a protocol, which incrementally increases the provided bandwidth, and with instant payment functionalities, which ensure that outstanding payments are transferred immediately to unlock further resources in order for the system to prevent fraudulent behavior.  DP14: Provide the system with a protocol for users to initiate any number of connections and for hosts to simultaneously bill users with multiple connections in order for the system to ensure connections without the risk of overcharging or repudiation. The collective boundary condition for all 14 design principles is g iven that it shall be used to design secure and reliable Wi-Fi sharing networks. Drawing upon the results of Shi, et al. [6], current payment mechanisms can benefit by using the capabilities of the blockchain technology for invoicing in Wi-Fi sharing networks. Among others, the main advantages of such solutions include a decentral and non-corruptible database, which supports identity authentication, distributed transactions, and the generation of user protocols without the existence of a trusted intermediary. However, as their approach does not provide adequate accounting mechanisms, they lack the means to address the design principles DP1, DP2, DP5, DP7, and DP12. In the following, we introduce a reference architecture, which builds upon our 14 design principles and improves current Wi-Fi sharing concepts, by addressing the requirements of security, administrability, and usability with adequate accounting capabilities. 6 A REFERENCE ARCHITECTURE FRAMEWORK FOR Wi-Fi SHARING NETWORKS USING BLOCKCHAIN TECHNOLOGY AND PAYMENT CHANNEL NETWORKS 6.1 Multi-layer System Architecture Subsequently, we design and develop the main artifact of this research: a multi-layer reference architecture for Wi-Fi sharing networks. For architecture development, we draw upon the work of Notheisen, et al. [46], who have introduced a market engineering framework for blockchain solutions. The system architecture comprises the four layers of agent, application, infrastructure, and environment. The agent layer includes hosts and users participating in the network. Due to the large amount of different user devices and Wi-Fi hotspot hardware, the platform should be independent from specific systems or providers. While ACM Trans. Manage. Inf. Syst. this is feasible for mobile devices, wireless routers often use proprietary technology, which is not accessible to third- party providers. This requires developing a generally accepted and compatible software solution. The application layer manages all connections within a network and addresses many of the previously defined design principles. Hence, it complies with the various security requirements by implementing a so-called demilitarized zone to communicate with user devices, which protects the host’s private network from malicious attacks. Furthermore, users establish VPNs to connect to their own private network, which increases data security and facilitates service accessibility. Blockchain technology provides a secure, trustable, and immutable solution for conducting transactions without the need for a mutually trusted intermediary. Additionally, payment channels ensure instant transactions at neglectable transaction costs. By prepaying for only a small timeslot, sunk cost as a results of unforeseen channel terminations or malicious user behavior can be kept to a minimum [5]. Monetary incentives further facilitate the provision of broadband capacities and very low expected payoffs prevent fraudulent behavior. Due to the implementation of payment channel networks, corresponding Wi-Fi sharing networks are highly scalable and allow a large number of participants to join and interact. The additional network overhead for the payment channel transactions is negligible. Since the size of a transaction is only a few kilobytes, payments can be sent every few seconds without noticeable impact on network performance, ensuring near real-time payments. The infrastructure layer comprises a protocol layer and a hardware layer. Requirements on these layers are neglectable from a conceptual perspective and mostly addressed by the implementation of payment channel networks. Corresponding protocols must be capable of accessing and interpreting smart contracts to conduct transactions on the blockchain. This is independent from underlying consensus mechanisms or cryptography concepts as long as the network allows for the secure processing of opening and closing operations. However, the transaction cost for opening and closing the channels can be dependent on the chosen blockchain architecture and consensus mechanism. While a smaller network structure such as a consortium blockchain can allow for more efficient consensus mechanisms such as PBFT [47], larger, public blockchains provide a larger user base that can participate in the payment channel network [48]. We argue that ensuring a successful routing of payments through the network outweighs the need for low transaction costs for funding transactions. Additionally, some types of payment channel networks, such as the Poon-Dryja payment channels, can be implemented only on public blockchains [49]. For public blockchains, we argue that the network size is more deciding than the underlying consensus mechanism, therefore, the choice between PoS and PoW is solely dependent on the choice of public blockchain. If a choice has to be made between two equivalent PoW and PoS networks, it can be argued, that the higher security that PoW provides is not significant for the comparatively small transaction values, therefore, a PoS network should be preferred. Reinforcing this recommendation, there is a trend towards integrating PoS in the major public blockchains such as Ethereum partly fueled by environmental concerns. Although the network’s context cannot be controlled, we account for its requirements with an environment layer, as data security laws or regulations determine the boundaries within in which a Wi-Fi sharing network can operate. We summarize the resulting framework in Figure 6. ACM Trans. Manage. Inf. Syst. agent layer mobile wireless user facing application hotspot application layer transactions & channel transaction payment channel HTLCs management routing network protocol distributed consensus cryptographic layer ledger mechanisms protocol infrastructure layer hardware mining hardware, network nodes layer environment socio-economic and legal environment layer Figure 6: Reference Architecture Framework. 6.2 Demonstration of Transactions on the Architecture We demonstrate the reference framework’s structure as well as its functionality using the sequence diagram in Figure 7. ACM Trans. Manage. Inf. Syst. payment channel user hotspot blockchain network create channels send funding transacti on save transaction to new block transaction confirmed transaction confirmed create channels send funding transacti on save transaction to new block transaction confirmed transaction confirmed Connect add ress in PCN + usage terms accept terms loop (every t) create transacti on if user stays routing connected + create HTLCs unsigned transaction unsigned transaction signe d transaction signe d transaction payment notification enable internet for al l app lications for t. close channels send closing transaction save transaction to new block transaction confirmed transaction confirmed close channels send closing transaction save transaction to new block transaction confirmed transaction confirmed Figure 7: Overview of Architecture Functionality. To connect with a network, users must send a request for approval and transfer the required funding transaction to the payment channel network (create channels). Prior to saving the transaction on the blockchain, the network creates an identical refund transaction, which guarantees that users are reimbursed if they are affected by non- cooperative behavior conducted over the connected channel. The channel has been successfully established as soon as the funding transaction is recorded and approved by the network (send funding transaction). However, this requires saving the transaction data on the blockchain, which typically goes along with considerable latencies and processing times (save transaction to new block). Hence, the funding transaction should be conducted with enough ACM Trans. Manage. Inf. Syst. 1. channel 3. close 2. payment creation channel time before a user intends to use a hotspot. To support a smooth processing of registration and approval requests, corresponding software solutions should directly connect with a service that provides users with the opportunity to buy or sell blockchain-based tokens with regular fiat money. Furthermore, hotspots must be assigned with a unique identifier that enables users to find them in a payment channel network. However, as hosts only receive but do not send payments, they are not required to conduct a funding transaction. In general, a network’s stability, coverage, and performance correlates strongly to the amount of access points it comprises. Because it is often necessary that hosts act as intermediaries between two participants that are not directly connected, they should also be incentivized to conduct a small funding transaction to route payments through the network. To access a host’s private network, a user must ensure an active Wi-Fi connection. An access portal initially blocks most Web services and thus, only authorizes connections to the respective payment channel node provided by the router. Thereby, the user’s mobile device and the host’s router automatically negotiate terms of use, including minute-based fees for accessing a hotspot, the address of the payment channel, and the bandwidth provided by the network (address in PCN + usage terms accept terms). After their mutual agreement, the mobile device must approve the transaction’s content and send the usage fee to the router (cf. loop). Thus, the node running on the Wi-Fi access point manages the routing of the transferred tokens and activates all services for access by the user. To use the payment channel, the user conducts an additional micro-transaction before the connection interrupts. This process repeats until no more micro-transactions are registered by the host’s access points, which leads to the automated termination of the payment channel. Thereby, the user carries the risk of not receiving a compensation for the last completed transaction. As the value of these micro-transactions is neglectable, it is neither feasible nor economical to set up malicious hotspots with the purpose of taking advantage of these on-sided revenues. However, this may not apply to situations, in which malicious hotspots are used for profit generation by locating them at highly frequented places, such as for large events or at city sights. Consequently, the network must continuously collect and analyze data on the behavior of access points and sanction fraudulent actions, for example by blacklisting corresponding hosts. By contrast, if users conduct illegal actions or show fraudulent behavior, the host can terminate the connection at any time. If a payment channel expires or both participants agree upon closing it (close channels), the last transaction is submitted to and saved on the blockchain (send closing transaction). Subsequently, hosts should immediately create new payment channels with either no funding or a small funding to contribute to the network’s stability by routing transactions between unconnected participants. Tokens rewarded for sharing a private broadband connection should be periodically paid out as fiat money to minimize the risks imposed by fluctuating exchange rates. Further, to account for fluctuating exchange rates of cryptocurrencies, the reward could use a pegged exchange rate to one or multiple major currencies. 7 EVALUATION 7.1 Scenario-based Evaluation Evaluation is a central and essential activity in conducting rigorous DSR. Venable, et al. [34] note that without evaluation, DSR yields only unsubstantiated design theories or hypotheses. Peffers, et al. [31] divide the evaluation task into the activities of demonstration and evaluation. Thereby, demonstration proves that an artifact feasibly works to solve one or more instances of a problem. An evaluation then presents how well an artifact supports a solution in a formal and extensive way. Thereby, one can generally choose from multiple techniques, including observational methods (e.g. case studies or field studies), analytical methods (e.g. static analysis or optimization), experimental methods (e.g. controlled experiments or simulations), testing methods (e.g. functional testing and structural testing), and descriptive methods (e.g. informed argument and scenarios) [32, 33]. ACM Trans. Manage. Inf. Syst. We have already demonstrated the capabilities of our reference architecture for conducting transactions in blockchain-based Wi-Fi sharing networks by describing its main components as well as their relationships in the sequence diagram in Figure 7. In the following, we evaluate the developed architecture by drawing upon Venable, et al. [34]. We do so to clarify its usefulness, to control for undesirable consequences, and to identify existing improvement potentials. Due to the novelty of blockchain technology as well as of Wi-Fi sharing networks, we decided to evaluate our architecture based on a realistic scenario, not on a workable implementation. Thereby, we evaluate the proposed architecture with a buyer-sided focus (i.e., the user or guest of networks). We define our evaluation scenario in the context of smart tourism [50], in particular the travel abroad for the purposes of vacation or business. While the demand for Internet availability is generally growing [40], travelers face excessive costs for data access within foreign mobile communication networks. Besides yielding several benefits, including cost reductions, performance increases, and unrestricted data usage, shared-Wi-Fi networks also enable travelers to access important Web services, such as instant messaging or Web-based navigation. Hence, they can contribute to more convenient traveling by providing the means to access necessary information for various purposes. Similar requirements arise from scenarios in a traveler’s home country, for example, when he or she visits an indoor location with poor mobile network coverage or an event location network congestion. Despite advances such as 5G networks, it is often more cost effective to set up Wi-Fi hotspots, which could be made available to the traveler using our architecture. The architecture proposed in this study is fully capable of addressing the requirements of the introduced scenarios. Travelers typically require an ad-hoc information flow to find shortest routes, plan activities, and react to unforeseen events or to pass time while waiting. By using payment channel networks, only opening and closing a transaction is committed to and saved on the blockchain. After establishing the connection, this facilitates travelers to gain Internet access quickly and to find necessary information without delays. Furthermore, transaction costs only incur when opening or closing a payment channel. Hence, travelers face neglectable costs for most transactions, which fosters their willingness to participate and use network infrastructures. Because hotspots can not only establish bilateral connections with single travelers but also serve as intermediaries for participants that are not directly connected, the architecture ensures high connectivity, stability, and coverage. Consequently, the architecture enables travelers to connect to the Wi-Fi sharing network, even if they frequently change locations. Ultimately, travelers are typically cautious when using services in foreign countries or unknown locations. Besides transaction and data security, they demand trust-building mechanisms that curtail fraudulent behavior. Our artifact addresses these requirements twofold. First, it draws upon security-based approaches and enables users to establish connections to their own private network. This ensures that communication and data traffic is routed over their own infrastructure and that sensitive data cannot be captured. Second, as the architecture provides mechanisms for incremental and simultaneous invoicing, fraudulent behavior leads to the instant termination of payment channels and travelers face little risks imposed by prepaying considerable amounts without receiving services as a compensation. Cf. also Table 2 for a summary of our argument. ACM Trans. Manage. Inf. Syst. Table 2: Summary of Design Requirement Fulfilment. Risk or Threat Wi-Fi Sharing Network Using Blockchain and Payment Channel Networks S#IA Infrastructure attacks harm the user him- or herself, as he or she is forwarded directly to his or her own private network via VPN. There is no access to the host’s network at any time . Addressed by DP3 and DP4. S#RE The host provides only a limited range of its bandwidth over which the user connects directly to his own network. Any exploitation of resources would thereforeb e at the user’s own expense. An open technology stack can assist further in providing a scalable environment. Addressed by DP1, DP2, DP3, DP12, and DP13. S#B Similar to S#RE, blacklisting would be at the user’s disadvanag t e, as he or she accesses the Internet via his or her own private connection and, thus, the user’s (pulbic) IP assigned by his or her Internet service provider. Addressed by DP1, DP2, DP3, and DP4. S#FA Since our reference architecture benefits from the immutability of blockchain networks, each access point has a unique, non-falsifiable ID associated with a dynamic trust score that ensures that the user only connects with trusted access points. We acknowledge that a further layer for trusted ID to prevent fraudulent actors from generating new IDs may be necessary to fully implement this solution. However, since first solutions for this problem such as, blockchain-based know-your-customer are getting implemented [51], we have marked it as partially addressed in Table 1 . Addressed by DP5,DP6, and DP11. S#UPT As with S#IA, S#RE, and S#B, user profiling and traceability (S#UPT) also benefits from the strict separation of the host’s private network and the users’ accessed private network. This way, neither the host can intercept the connected user’s data or connection portocols, nor vice versa. Additionally, the usage of payment channel networks allows for better transaction privacy compared to on-chain transactions [26, 49]. Addressed by DP1, DP2, DP3, and DP4. AU#AC The only application confinement the user might experience can occur due to limitations of local resources. Exemplarily, the user’s hardware might run outo f power, or the host might power off the only connected access point resulting in connection failures. Further, the user is likely to not have full bandwidth of his or her private Internet access, as he or she ise s rtricted to the host’s (shared) bandwidth. However, assuming high participation, at least in urban areas, the latter two limitations will fad e as the Wi-Fi sharing networks are capable to establish multiple simultaneous connections. Addressed by DP3, DP7, DP11, and DP12. AU#AS The user will not experience any restrictions to his or her privately subscribed services. This is since the user connects via VPN to his private network and, thus, each resource the user accesses – including websites, infrastructure, or services – will treat the user as he were accessing from his home network. Addressed by DP3. AU#LT Hosts sharing his or her Internet access do not have to fear any risks in regard of legal infringements or tarnished reputation due to the user’s misbehavior. Again, u de to the VPN, any violation is committed directly by the user’s network . Addressed by DP1, DP2, DP3, and DP4. AR#RO The user carries the risk of not receiving compensation for the last completed transaction. However, due to the instant initiation of payment channels as well as the low value of each micro -transaction, this cost is neglectable. Consequently, malicious hotspots will not get economic benefits by misbehaving or trying to take advantage of on-sided revenues. Finally, we include a trust score that penalizes any detected misbehavior and, thus, clears the network from fraudulent access points. Addressed by DP6, DP7, DP8, DP9, DP11, and DP13. ACM Trans. Manage. Inf. Syst. AR#RR Users and hosts do not have any risk of repudiation as we outsource any payment processing to payment channel networks operating on an immutable blockchain. Thus, there is no risk for users and hosts alike of paying too much or receiving less, respectively. Addressed by DP5, DP9, DP10, DP13, and DP14. Despite these benefits, evaluating the scenario also revealed shortcomings, which should be addressed by future research. First, opening payment channels requires submitting a transaction to the blockchain. As this can not only take up considerable time but also requires an active Internet connection, it seems problematic for travelers abroad. However, there are ways to mitigate these shortcomings: While on older blockchains such as Bitcoin, opening a payment channel and, therefore, joining a payment channel network takes around 20 minutes [29], newer blockchain protocols offer much faster transaction times that only take a few seconds to be finalized. Additionally, the host network could provide a gateway to the blockchain network for every user that only serves the purpose to open and close payment channels. This would still mean that the user’s blockchain wallet should always have sufficient funds to open a payment channel. The process of buying the needed cryptocurrency for fiat money in advance is, therefore, still an open issue, that must be solved until cryptocurrencies experience widespread adoption. Furthermore, many scattered mobile devices that simultaneously use network infrastructures can produce a significant overhead due to the creation of VPNs and, thus, reduce network performance as well as available bandwidth. While the increase in package size due to VPN overhead is only about two percent, the overhead does not affect the host network. However, the computational overhead for encrypting and decrypting traffic can negatively affect the performance for the end user, especially if he or she has multiple devices connected to the home network via VPN [52]. Ultimately, network usage depends strongly on available payment methods. As the number of available currencies is constantly growing, determining a single payment method can hamper user adoption as well as their participation willingness. This is mostly due to the need of maintaining multiple wallets on different platforms, which would increase management and transaction cost. 7.2 Assessment of Design Principle Expressiveness Due to the nascent nature of our research and the absence of an instantiation, we employed the evaluation of our design principles [34] summative by conducting a workshop with experts in blockchain applications. In the workshop, we evaluated our design principles by employing Janiesch et al.’s assessment of design principle expressiveness [53] based on Recker et al.’s test of ontological expressiveness [54]. That is, we discussed with the participants whether our design principles are free of principle deficit, principle redundancy, principle overload, and principle excess. In doing so, we tested whether we do not miss principles to describe real-world phenomena, we do not provide more principles than required for a single phenomenon, we do not provide principles that can be used to describe more than one phenomenon, and we do not provide principles that are not relevant to describe phenomena [53]. The workshop was held online with four participants from three organizations and lasted for more than an hour. We explained the assessment of design principle expressiveness and presented an iteration prior to the final design principles that we described in Section 4. Further, we detailed the architecture framework, before we discussed the design principles’ expressiveness in light of the architecture framework. In this prior iteration, DP1 and DP2 were only recorded as DP1 and DP9 did not yet exist. All other DP remained the same except for minor wording changes. Table 3 summarizes the participants of the workshop. ACM Trans. Manage. Inf. Syst. Table 3: Workshop Participants. # Role Company Sector Company Size Senior Consultant R&D Software Development Small and medium-sized enterprise Product Manager Software Development Small and medium-sized enterprise Junior Software Developer Software Development Small and medium-sized enterprise Researcher Education & Research Public research university All participants are experts in the field of blockchain-based applications and are knowledgeable in software engineering. They were given a handout prior to the workshop with an excerpt of the paper. In the workshop, we explained the concept of design principles and design principle expressiveness before we detailed the actual design principles and discussed the architecture framework. All participants confirmed to have understood the concept of design principles and evaluating design principle expressiveness in terms of principle deficit, principle redundancy, principle overload, and principle excess. Overall, the participants confirmed the design principles’ expressiveness. In the discussion a few aspects emerged that required clarification. Most of those were related to the inner workings of payment channel networks and blockchains and, thus, unrelated to our design principles. These issues could be clarified by providing further information about a suitable instantiation of the principles as proposed in Section 6. Some comments related to the clarity of design principles. In particular, the participants agreed that the first design principle suffered from mild overload as a user and a host perspective was combined into one design principle. To improve clarity, we have split this design principle into DP1 and DP2 to reflect both perspectives even though the phenomenon for both design principles could be argued to be secure system access. Additionally, we used more precise wording for some design principles. Further, participant #1 noted that a dynamic trust score is not necessary for every role (DP11). We acknowledged the impreciseness and now refer to hosts rather than users. We checked the remaining design principles for inconsistent or ambiguous wording. In addition, participant #4 pointed out that a user and a host need to explicitly agree on a cost structure to avoid overcharging . While this is implicitly available through payment channel networks, it may not be for other instantiations. Hence, we have included this as DP9. Lastly, participant #1 pointed out that DP12 could be considered excess or at least optional from a pure technical perspective. After careful consideration and discussion with the participants, we decided to retain the design principle due to its socio-technical importance for user adoption and acceptance. 7.3 Testable Propositions and Key Performance Indicators Since our evaluation using the scenario technique and a workshop was descriptive and thus of artificial summative nature, in the following we propose testable propositions to evaluate our artifact using either observational or experimental methods for a socio-technical evaluation and analytical or test methods for the technical evaluation [32, 33]. This will enable a naturalistic evaluation of human risk and effectiveness [34]. Concerning the socio-technical aspects, we propose to perform a lab experiment and possibly at a later stage a field experiment to evaluate user satisfaction with our artifact as we expect that an instantiation of our artifact (i.e. the reference architecture) will result in better satisfaction of both consumers and providers of the Wi-Fi sharing network. We expect the results to be more significant when using mobile Internet services abroad. That is, the independent variable is the software support of the building process of a service platform. Thus, for further evaluation, we propose the following testable propositions: ACM Trans. Manage. Inf. Syst.  P1. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using an IT artifact that only supports adequate accounting mechanisms. Analogously:  P2. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using an IT artifact that only supports adequate security and performance. As a baseline, we deem it necessary to test the following propositions as regards comparisons with approaches without any IT support as well:  P3. The use of the IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance, will result (a) in an improved user satisfaction of consumers using mobile broadband services and, thus, (b) in better user satisfaction of Wi-Fi sharing providers than using no Wi-Fi sharing. One way to design an experiment for testing these propositions is to use a 2x2 factorial design along the dimensions of accounting and security with four groups of subjects, which will be in the following four treatments: (a) no Wi-Fi sharing, (b) an IT artifact that supports adequate accounting mechanisms, (c) an IT artifact that supports better security and performance, and (d) an IT artifact that supports both, adequate accounting mechanisms as well as adequate security and performance. Concerning technical evaluation aspects, we propose to use analytical methods and test cases to measure the performance of our artifact to substantiate that its speed and security is at least on par with the state-of-the-art. Therefore, we propose a set of two primary indicators that can be measured: the transaction cost and the connection throughput. There are previous studies that examine both indicators. However, they are restricted to subsets of the proposed functionality. For example, there are studies on network and computational overhead for VPN connections [52], and studies for network and computational overhead for payment channel networks [55]. To technically evaluate our architecture, we propose a cost model that combines these two costs. For the payment channel cost, we include the overhead for routing the payment through the network, which increases for the number of users in the network. However, the probability to route a payment successfully through the network increases for a larger number of users. If there is no way to route payments directly from the user of the Wi-Fi sharing network, an additional channel has to be created, which is associated with transaction cost. See Table 4 and equation (1) for the operationalization. ACM Trans. Manage. Inf. Syst. Table 4: Cost Indicators for Evaluation. Symbol Description Number of users of the payment channel network Cost of calculating the route through the payment channel network Probability of finding a route between client and network operator Cost of creating a new channel Cost associated with VPN overhead Total cost of using the network (1) Calculating the cost per throughput and comparing it with existing systems provides another means to judge the efficacy of the system. However, it must be put in relation with the testable proposition above as the security gains and user satisfaction factor in the overall assessment as well. Users may be content with a slightly lower performance if the security gains and accounting risks are improving substantially over existing solutions. Hence, at this point it is not only a technical issue but rather a socio-technical tradeoff of technology use and acceptance. 8 CONCLUSION AND OUTLOOK Due to its capabilities to ensure ubiquitous Internet access and to reduce the utilization of mobile network capacities, the concept of Wi-Fi sharing holds many potentials. While numerous approaches have been introduced in the past, most of them cannot sufficiently address the diverse requirements of workable Wi-Fi sharing networks. While trust- based approaches require a trusted intermediary and cannot prevent malicious behavior conducted through fake profiles, security-based concepts lack adequate accounting mechanisms. Recent blockchain-based approaches provide the means to eliminate intermediaries and to build trust among users through immutability and transparency. However, they are hardly capable of realizing the technology’s full potentials, as they lack performance and scalability and primarily support bilateral connections between participants. Against this backdrop, we developed a reference architecture for fast, scalable, and reliable Wi-Fi sharing networks based on the combined use of the blockchain technology and payment channel networks. We collected requirements for workable Wi-Fi sharing networks and answered the first research question. To answer the second research question, we employed a DSR approach to develop design principles and an integrated architecture that comprises the layers of agent, application, infrastructure, and environment. We demonstrated and evaluated its applicability and usefulness by illustrating all phases of a payment channel lifecycle. Our results suggest that the proposed reference architecture can address the most significant shortcomings of established approaches and provides innovative means to conduct and route transaction without the need for a trusted intermediary. The applicability of the reference architecture is not limited to the case of Wi-Fi sharing networks, but can improve other network solutions, especially those involving micro-transactions between multiple independent participants. Still, this research is not without limitations. Although our literature search procedure was designed to identify the most relevant and actual contributions, research on blockchain technology, payment channel networks, and Wi- Fi sharing is still at an immature level and scattered across multiple platforms and outlets. Furthermore, each research stream constitutes a growing and dynamic field. Hence, we cannot eliminate the possibility that we missed single contributions that might have offered additional insights for our study. Furthermore, a more detailed and ACM Trans. Manage. Inf. Syst. practice-oriented evaluation is necessary to provide more definite evidence into practical aspects, such as user adoption, network performance, and resistance to network and data security threats. Further, our research does not explicitly cover the organizational implementation of the reference architecture making available Wi-Fi sharing networks to users. Open questions remaining to be answered are naturally centered on the governance of the system. That is, who is going to build it and operate it? Will utility or governance tokens assist ensuring a completely decentralized governance? Due to the focus of our research on the development of design principles and a reference architecture for an IT system, we have not covered these organizational aspects. Nevertheless, before making available Wi-Fi sharing networks based on our research, these questions must be asked and answered. ACKNOWLEDGEMENT This work has been developed in the project PIMKoWe. PIMKoWe (reference number: 02P17D160) is partly funded by the German ministry of education and research (BMBF) within the research program I ndustrie 4.0 Kollaborationen in dynamischen Wertschöpfungsnetzwerken (InKoWe) and managed by the Project Management Agency Karlsruhe (PTKA). The authors are responsible for the content of this publication. REFERENCES [1] G. Camponovo and D. Cerutti: WLAN Communities and Internet Access Sharing: A Regulatory Overview. In International Conference on Mobile Business (ICMB), pages 281-287, 2005. [2] P. A. Frangoudis, G. C. Polyzos, and V. P. Kemerlis. Wireless community networks: an alternative approach for nomadic broadba nd network access. IEEE Communications Magazine, 49(5):206-213, 2011. [3] Z. Cao, J. Fitschen, and P. Papadimitriou: Social Wi-Fi: Hotspot sharing with online friends. In 2015 IEEE 26th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), pages 2132-2137, Hong Kong, 2015. [4] S. Dimatteo, P. Hui, B. Han, and V. O. K. Li: Cellular Traffic Offloading through WiFi Networks. In Eighth International Conference on Mobile Ad- Hoc and Sensor Systems, pages 192-201, Valencia, 2011. [5] D. Leroy, G. Detal, J. Cathalo, M. Manulis, F. Koeune, and O. Bonaventure. SWISH: Secure WiFi Sharing. Computer Networks, 55(7):1614-1630, [6] F. Shi, Z. Qin, and J. A. McCann: OPPay: Design and Implementation of a Payment System for Opportunistic Data Services. In 37th International Conference on Distributed Computing Systems (ICDCS), pages 1618-1628, Atlanta, GA, 2017. [7] L. Mamatas, I. Psaras, and G. Pavlou. Incentives and Algorithms for Broadband Access Sharing. ACM SIGCOMM Workshop on Home networks, pages. 19-24, New Delhi, ACM, 2010. [8] R. Beck, J. S. Czepluch, N. Lollike, and S. Malone: Blockchain: The Gateway to Trust -Free Cryptographic Transactions. In 30th European Conference on Information Systems, pages 1-14, Istanbul, 2016. [9] S. Nakamoto. Bitcoin: A Peer-to-peer Electronic Cash System. 2008, https://bitcoin.org/bitcoin.pdf. [10] R. Alt. Electronic Markets and current general research. Electronic Markets, 28(2):123-128, 2018. [11] B. Gipp, N. Meuschke, and A. Gernandt: Trusted Timestamping using the Crypto Currency Bitcoin. In iConference, pages 1-6, Newpoart Beach, CA, 2015. [12] F. Tschorsch and B. Scheuermann. Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies. IEEE Communications Surveys & Tutorials, 18(3):2084-2123, 2016. [13] K. Fanning and D. P. Centers. Blockchain and its Coming Impact on Financial Services. Journal of Corporate Accounting & Finance, 27(5):53-57, [14] J. J. Sikorski, J. Haughton, and M. Kraft. Blockchain Technology in the Chemical Industry: Machine -to-machine Electricity Market. Applied Energy, 195:234-246, 2017. [15] P. Rogaway and T. Shrimpton. Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second - Preimage Resistance, and Collision Resistance. International Workshop on Fast Software Encryption, pages. 371-388, Delhi, 2004. [16] M. Risius and K. Spohrer. A Blockchain Research Framework. Business & Information Systems Engineering, 59(6):385-409, 2017. [17] R. Beck and C. Müller-Bloch. Blockchain as Radical Innovation: A Framework for Engaging with Distributed Ledgers as Incumbent Organization . 50th Hawaii International Conference on System Sciences, Hawaii, HI, 2017. [18] J. Yli-Huumo, D. Ko, S. Choi, S. Park, and K. Smolander. Where Is Current Research on Blockch ain Technology? A Systematic Review. PLOS ONE, 11(10):1-27, 2016. [19] M. Swan. Blockchain: Blueprint for a New Economy. O'Reilly Media, Inc., Beijing, 2015. [20] J. Derks, J. Gordijn, and A. Siegmann. From chaining blocks to breaking even: A study on the profitability of bitcoin mining from 2012 to 2016. Electronic Markets, 28(3):321-338, 2018. [21] A. Beikverdi and J. Song: Trend of Centralization in Bitcoin's Distributed Network. In 16th International Conference on Softw are Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pages 1-6, Takamatsu, 2015. [22] C.-T. Li, C.-Y. Weng, C.-C. Lee, and C.-C. Wang. A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System. Journal of Medical Systems, 39(11):144, 2015. ACM Trans. Manage. Inf. Syst. [23] M. Bellare, C. Namprempre, and G. Neven. Security Proofs for Identity-Based Identification and Signature Schemes. Journal of Cryptology, 22(1):1-61, 2009. [24] S. Ahangama and D. C. C. Poo: Credibility of Algorithm Based Decentralized Computer Networks Governing Personal Finances: The Case of Cryptocurrency. In International Conference on HCI in Business, Government and Organizations, pages 165-176. Springer, Cham, 2016. [25] M. Avital, R. Beck, J. King, M. Rossi, and R. Teigland. Jumping on the Blockchain Bandwagon: Lessons of the Past and Outlook to the Future. International Conference on Information Systems, pages. 1-6, Dublin, 2016. [26] G. Malavolta, P. Moreno-Sanchez, A. Kate, M. Maffei, and S. Ravi. Concurrency and Privacy with Payment-Channel Networks. ACM SIGSAC Conference on Computer and Communications Security, pages. 455-471, Dallas, TX, ACM, 2017. [27] E. Rohrer, J.-F. Laß, and F. Tschorsch: Towards a Concurrent and Distributed Route Selection for Payment Channel Networks. In European Symposium on Research in Computer Security, pages 411-419. Springer, Cham, 2017. [28] C. Decker and R. Wattenhofer: A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels. In Symposium on Self- Stabilizing Systems, pages 3-18. Springer International Publishing, Cham, 2015. [29] J. Poon and T. Dryja. The Bitcoin Lightning Network: Scalable Off-chain Instant Payments. Draft Version 0.592. 2016, https://lightning.network/lightning-network-paper.pdf. [30] P. McCorry, M. Möser, S. F. Shahandasti, and F. Hao: Towards Bitcoin Payment Networks. In Australasian Conference on Information Security and Privacy, pages 57-76. Springer, Bisbane, 2016. [31] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee. A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems, 24(3):45-77, 2007. [32] A. R. Hevner, S. T. March, J. Park, and S. Ram. Design Science in Information Systems Research. MIS Quarterly, 28(1):75-105, 2004. [33] J. Venable, J. Pries-Heje, and R. Baskerville: A Comprehensive Framework for Evaluation in Design Science Research. In International Conference on Design Science Research in Information Systems, pages 423-438. Springer, Berlin, 2012. [34] J. Venable, J. Pries-Heje, and R. Baskerville. FEDS: a Framework for Evaluation in Design Science Research. European Journal of Information Systems, 25(1):77-89, 2016. [35] L. Chandra, S. Seidel, and S. Gregor: Prescriptive Knowledge in IS Research: Conceptualizing Design Principles in Terms of Ma teriality, Action, and Boundary Conditions. In 48th Hawaii International Conference on System Sciences, pages 4039-4048, Kauai, HI, 2015. [36] R. N. Clarke. Expanding Mobile Wireless Capacity: The Challenges Presented by Technology and Economics. Telecommunications Policy, 38(8):693-708, 2014. [37] Cisco. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016–2021 White Paper. 2017, https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.pdf. [38] A. Khan, W. Kellerer, K. Kozu, and M. Yabusaki. Network Sharing in the Next Mobile Network: TCO Reduction, Management Flexibility, and Operational Independence. IEEE Communications Magazine, 49(10):134-142, 2011. [39] M. Seufert, V. Burger, and T. Hoßfeld: HORST - Home Router Sharing Based on Trust. In 9th International Conference on Network and Service Management (CNSM 2013), pages 402-405, Zurich, 2013. [40] N. Sastry, J. Crowcroft, and K. R. Sollins: Architecting Citywide Ubiquitous Wi-Fi Access. In ACM Workshops on HotNets-VI, pages 1-7, 2007. [41] C. B. Lafuente, X. Titi, and J. M. Seigneur: Flexible Communication: A Secure and Trust-Based Free Wi-Fi Password Sharing Service. In 10th International Conference on Trust, Security and Privacy in Computing and Communications, pages 706-713, Changsha, 2011. [42] P. Vidales, A. Manecke, and M. Solarski: Metropolitan Public WiFi Access Based on Broadband Sharing. In Mexican International Conference on Computer Science, pages 146-151. IEEE, Mexico City, 2009. [43] E. Y. Daraghmi and S.-M. Yuan. We are so Close, less than 4 Degrees Separating You and Me! Computers in Human Behavior, 30:273-285, 2014. [44] D. Trček. Computational Trust and Reputation Management. Trust and Reputation Management Systems: An e-Business Perspective, pages 21-54. Springer, Cham, 2018. [45] K. Lakshminarayanan and V. N. Padmanabhan. Some Findings on the Network Performance of Broadband Hosts. 3rd ACM SIGCOMM Conference on Internet Measurement, pages. 45-50, Miami Beach, FL, ACM, 2003. [46] B. Notheisen, F. Hawlitschek, and C. Weinhardt. Breaking Down the Blockchain Hype: Towards a Blockchain Market Engineering Approach. 25th European Conference on Information Systems, pages. 1062-1080, Guimarães, 2017. [47] A. Hofmann: Building Scalable Blockchain Applications: A Decision Process. In 15th International Conference on Design Science Research in Information Systems and Technology. Lecture Notes in Computer Science vol. 12388, pages 309-320 Springer, Kristiansand, 2020. [48] S. Mercan, E. Erdin, and K. Akkaya. Improving transaction success rate in cryptocurrency payme nt channel networks. Computer Communications, 166:196-207, 2021. [49] E. Erdin, S. Mercan, and K. Akkaya. An Evaluation of Cryptocurrency Payment Channel Networks and their Privacy Implications. ITU Journal on Future and Evolving Technologies, 2(1):1-10, 2021. [50] U. Gretzel, M. Sigala, Z. Xiang, and C. Koo. Smart tourism: foundations and developments. Electronic Markets, 25(3):179-188, 2015. [51] N. Singhal, M. K. Sharma, S. S. Samant, P. Goswami, and Y. A. Reddy. Smart KYC Using Blockchain and IPFS. In V . K. Gunjan, S. Senatore, A. Kumar, X.-Z. Gao, and S. Merugu (eds.) Advances in Cybernetics, Cognition, and Machine Learning for Communication Technologies. Lecture Notes in Electrical Engineering, vol. 643, pages 77-84. Springer, Berlin, 2020. [52] T. Berger. Analysis of Current VPN Technologies. 1st International Conference on Availability, Reliability and Security (ARES), pages. 108-115, Vienna, IEEE, 2006. [53] C. Janiesch, C. Rosenkranz, and U. Scholten. An Information Systems Design Theory for Service Network Effects. Journal of the Association for Information Systems, 21(6):1402-1460, 2020. [54] J. Recker, M. Rosemann, P. Green, and M. Indulska. Do Ontological Deficiencies in Modeling Grammars Matter? MIS Quarterly, 35(1):57-79, 2011. [55] V. Sivaraman, S. B. Venkatakrishnan, K. Ruan, P. Negi, L. Yang, R. Mittal, G. Fanti, and M. Alizadeh. High Throughput Cryptocurrency Routing in Payment Channel Networks. 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages. 77 7-796, Santa Clara, CA, 2020. ACM Trans. Manage. Inf. Syst.

Journal

ACM Transactions on Management Information Systems (TMIS)Association for Computing Machinery

Published: Jan 16, 2023

Keywords: Wi-Fi sharing

References

  • WLAN communities and internet access sharing: A regulatory overview
    [,
  • Wireless community networks: An alternative approach for nomadic broadband network access
    [,
  • Social Wi-Fi: Hotspot sharing with online friends
    [,
  • Cellular traffic offloading through WiFi networks
    [,
  • SWISH: Secure WiFi sharing
    [,
  • OPPay: Design and implementation of a payment system for opportunistic data services
    [,
  • Incentives and algorithms for broadband access sharing
    [,
  • Blockchain: The gateway to trust-free cryptographic transactions
    [,
  • Bitcoin: A Peer-to-Peer Electronic Cash System, 2008
    [,
  • Electronic markets and current general research
    [,
  • Trusted timestamping using the crypto currency Bitcoin
    [,
  • Bitcoin and beyond: A technical survey on decentralized digital currencies
    [,
  • Blockchain and its coming impact on financial services
    [,
  • Blockchain technology in the chemical industry: Machine-to-machine electricity market
    [,
  • Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance
    [,
  • A blockchain research framework
    [,
  • Blockchain as radical innovation: A framework for engaging with distributed ledgers as incumbent organization
    [,
  • Where is current research on blockchain technology?—A systematic review
    [,
  • Blockchain: Blueprint for a New Economy
    [,
  • From chaining blocks to breaking even: A study on the profitability of Bitcoin mining from 2012 to 2016
    [,
  • Trend of centralization in Bitcoin's distributed network
    [,
  • A hash based remote user authentication and authenticated key agreement scheme for the integrated EPR information system
    [,
  • Security proofs for identity-based identification and signature schemes
    [,
  • Credibility of algorithm based decentralized computer networks governing personal finances: The case of cryptocurrency
    [,
  • Jumping on the Blockchain bandwagon: Lessons of the past and outlook to the future
    [,
  • Concurrency and privacy with payment-channel networks
    [,
  • Towards a concurrent and distributed route selection for payment channel networks
    [,
  • A fast and scalable payment network with Bitcoin duplex micropayment channels
    [,
  • The Bitcoin Lightning Network: Scalable Off-chain Instant Payments
    [,
  • Towards Bitcoin payment networks
    [,
  • A design science research methodology for information systems research
    [,
  • Design science in information systems research
    [,
  • A comprehensive framework for evaluation in design science research
    [,
  • FEDS: A framework for evaluation in design science research
    [,
  • Prescriptive knowledge in IS research: Conceptualizing design principles in terms of materiality, action, and boundary conditions
    [,
  • Expanding mobile wireless capacity: The challenges presented by technology and economics
    [,
  • Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016–2021 White Paper
    [,
  • Network sharing in the next mobile network: TCO reduction, management flexibility, and operational independence
    [,
  • HORST - Home router sharing based on trust
    [,
  • Architecting citywide ubiquitous Wi-Fi access
    [,
  • Flexible communication: A secure and trust-based free Wi-Fi password sharing service
    [,
  • Metropolitan public WiFi access based on broadband sharing
    [,
  • We are so close, less than 4 degrees separating you and me! Computers in Human Behavior 30 (2014), 273–285
    [,
  • Computational trust and reputation management
    [,
  • Some findings on the network performance of broadband hosts
    [,
  • Breaking down the Blockchain hype: Towards a Blockchain market engineering approach
    [,
  • Building scalable Blockchain applications: A decision process
    [,
  • Improving transaction success rate in cryptocurrency payment channel networks
    [,
  • An evaluation of cryptocurrency payment channel networks and their privacy implications
    [,
  • Smart tourism: Foundations and developments
    [,
  • Smart KYC using Blockchain and IPFS
    [,
  • Analysis of current VPN technologies
    [,
  • An information systems design theory for service network effects
    [,
  • Do ontological deficiencies in modeling grammars matter? MIS Quarterly 35, 1 (2011), 57–79
    [,
  • High throughput cryptocurrency routing in payment channel networks
    [,