Skip to main content
Springer Nature Link
Log in

A Methodology for Retrofitting Privacy and Its Application to e-Shopping Transactions

  • Chapter
  • First Online:
Advances in Cyber Security: Principles, Techniques, and Applications

Abstract

The huge growth of e-shopping has brought convenience to customers and increased revenue to merchants and financial entities. Moreover, e-shopping has evolved to possess many functions, features, and requirements (e.g., regulatory ones). However, customer privacy has been mostly ignored, and while it is easy to add simple privacy to an existing system, this typically causes loss of functions. What is needed is enhanced privacy on one hand, and retaining the critical functions and features on the other hand. This is a dilemma which typifies the “privacy versus utility” paradigm, especially when it is applied to an established primitive with operational systems, where applying conventional privacy-by-design principles is not possible and completely altering information flows and system topologies is not an option. This dilemma is becoming more problematic with the advent of regulations such as the European GDPR, which requires companies to provide better privacy guarantees whenever and wherever personal information is involved. In this chapter, we put forward a methodology for privacy augmentation design that is specially suitable for real-world engineering processes that need to adhere to the aforementioned constraints. We call this the “utility, privacy, and then utility again” paradigm. In particular, we start from the state-of-the-art industry systems that we need to adapt; then we add privacy enhancing mechanisms, reducing functionality in order to tighten privacy to the fullest (privacy); and finally, we incorporate tools which add back lost features, carefully relaxing privacy this time (utility again). Specifically, we apply this process to current e-shopping infrastructures, making them privacy respectful without losing functionality. This gives an e-shopping system with enhanced privacy features, presents a set of “utility-privacy trade-offs,” and showcases a practical approach implementing the notion of “privacy by design” while maintaining as much compatibility as possible with current infrastructures. Finally, we note that we implemented and tested performance of our design, verifying its reasonable added costs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en. Last access on April 17th, 2018.

  2. 2.

    https://www.eugdpr.org/. Last access on April 17th, 2018.

  3. 3.

    A conference proceedings version of this chapter is available in [34] and further contextualization is given in [29].

  4. 4.

    As well as many proposals in nonacademic forums. See, for instance, https://z.cash/ (a modified implementation of Zerocash) and https://cryptonote.org/. Last access on March 21st, 2018.

  5. 5.

    See https://payments.amazon.com/help/5968. Last access on April 18th, 2018.

  6. 6.

    Key-privacy security requires that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary.

  7. 7.

    https://en.wikipedia.org/wiki/Address_Verification_System. Last access on March 21st, 2018.

  8. 8.

    https://magento.com/sites/default/files/White%20Paper%20-%20Magento%202.0%20Performance%20and%20Scalability%2003.31.16.pdf. Last access on March 21st, 2018.

  9. 9.

    https://usa.visa.com/dam/VCOM/global/about-visa/documents/visa-facts-figures-jan-2017.pdf. Last access on March 21st, 2018.

  10. 10.

    https://ripple.com/. Ripple is an open system for interoperation between different payment methods, e.g., Bitcoin, real currencies, or account-based transactions.

References

  1. Abe, M., & Fujisaki, E. (1996). How to date blind signatures. In ASIACRYPT (pp. 244–251).

    Google Scholar 

  2. Aiello, W., Ishai, Y., & Reingold, O. (2001). Priced oblivious transfer: How to sell digital goods. In EUROCRYPT (pp. 119–135).

    Google Scholar 

  3. Anderson, R. J. (2012). Risk and privacy implications of consumer payment innovation. http://www.cl.cam.ac.uk/~rja14/Papers/anderson-frb-kansas-mar27.pdf.

  4. Anderson, R. J., Barton, C., Böhme, R., Clayton, R., van Eeten, M., Levi, M., et al. (2012). Measuring the cost of cybercrime. In WEIS 2012, Germany, 25–26 June 2012.

    Google Scholar 

  5. Androulaki, E., & Bellovin, S. M. (2009). APOD: Anonymous physical object delivery. In Privacy Enhancing Technologies (pp. 202–215).

    Chapter  Google Scholar 

  6. Androulaki, E., Karame, G., Roeschlin, M., Scherer, T., & Capkun, S. (2013). Evaluating user privacy in bitcoin. In Financial Cryptography (pp. 34–51).

    Chapter  Google Scholar 

  7. Antoniou, G., & Batten, L. M. (2011). E-commerce: Protecting purchaser privacy to enforce trust. Electronic Commerce Research, 11(4), 421–456.

    Article  Google Scholar 

  8. Arroyo, D., Diaz, J., & Gayoso, V. (2015). On the difficult tradeoff between security and privacy: Challenges for the management of digital identities. In International Joint Conference - CISIS’15 and ICEUTE’15, 8th International Conference on Computational Intelligence in Security for Information Systems/6th International Conference on European Transnational Education, Burgos, Spain, 15–17 June 2015 (pp. 455–462).

    Google Scholar 

  9. Bellare, M., Boldyreva, A., Desai, A., & Pointcheval, D. (2001). Key-privacy in public-key encryption. In C. Boyd (Ed.), ASIACRYPT 2001 (Vol. 2248, pp. 566–582). LNCS. Heidelberg: Springer.

    Chapter  Google Scholar 

  10. Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., et al. (2014). Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014 (pp. 459–474). https://doi.org/10.1109/SP.2014.36.

  11. Benjumea, V., Choi, S. G., López, J., & Yung, M. (2008). Fair traceable multi-group signatures. In FC 2008 (pp. 231–246).

    Google Scholar 

  12. Blazy, O., Fuchsbauer, G., Pointcheval, D., & Vergnaud, D. (2013). Short blind signatures. Journal of Computer Security, 21(5), 627–661.

    Article  Google Scholar 

  13. Boneh, D., Sahai, A., & Waters, B. (2011). Functional encryption: Definitions and challenges. In Y. Ishai (Ed.), TCC 2011 (Vol. 6597, pp. 253–273). LNCS. Heidelberg: Springer.

    Chapter  Google Scholar 

  14. Boudot, F. (2000). Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, 14–18 May 2000, Proceeding (pp. 431–444).

    Chapter  Google Scholar 

  15. Brassard, G., Chaum, D., & Crépeau, C. (1988). Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2), 156–189.

    Article  MathSciNet  Google Scholar 

  16. Camenisch, J., & Stadler, M. (1997). Efficient group signature schemes for large groups (extended abstract). In CRYPTO (pp. 410–424).

    Chapter  Google Scholar 

  17. Camenisch, J., & Lysyanskaya, A. (2002). Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO (pp. 61–76).

    Chapter  Google Scholar 

  18. Camenisch, J., Piveteau, J.-M., & Stadler, M. (1996). An efficient fair payment system. In ACM Conference on Computer and Communications Security (pp. 88–94).

    Google Scholar 

  19. Camenisch, J., Dubovitskaya, M., & Neven, G. (2009). Oblivious transfer with access control. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, USA (pp. 131–140). ACM. https://doi.org/10.1145/1653662.1653679.

  20. Charikar, M. (2002). Similarity estimation techniques from rounding algorithms. In STOC (pp. 380–388).

    Google Scholar 

  21. Chaum, D. (1982). Blind signatures for untraceable payments. In CRYPTO (pp. 199–203).

    Chapter  Google Scholar 

  22. Chaum, D., & van Heyst, E. (1991). Group signatures. In EUROCRYPT (pp. 257–265).

    Chapter  Google Scholar 

  23. Choi, S. G., Park, K., & Yung, M. (2006). Short traceable signatures based on bilinear pairings. In IWSEC (pp. 88–103).

    Chapter  Google Scholar 

  24. Coull, S. E., Green, M., & Hohenberger, S. (2011). Access controls for oblivious and anonymous systems. ACM Transactions on Information and System Security, 14, 10:1–10:28. https://doi.org/10.1145/1952982.1952992.

    Article  Google Scholar 

  25. Danezis, G., Kohlweiss, M., Livshits, B., & Rial, A. (2012). Private client-side profiling with random forests and hidden Markov models. In Privacy Enhancing Technologies - 12th International Symposium, PETS 2012, Vigo, Spain, 11–13 July 2012. Proceedings (pp. 18–37).

    Chapter  Google Scholar 

  26. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Metayer, D., Tirtea, R., et al. (2014). Privacy and data protection by design-from policy to engineering. Technical report, ENISA.

    Google Scholar 

  27. Davida, G. I., Frankel, Y., Tsiounis, Y., & Yung, M. (1997). Anonymity control in e-cash systems. In Financial Cryptography (pp. 1–16).

    Google Scholar 

  28. de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. (2015). Unique in the shopping mall: On the reidentifiability of credit card metadata. Science, 347(6221), 536–539.

    Article  Google Scholar 

  29. Diaz, J. (2015). Design and implementation of secure protocols for practical authentication and fair anonymity systems. Ph.D. thesis, Escuela Politécnica Superior, Universidad Autónoma de Madrid.

    Google Scholar 

  30. Diaz, J., Arroyo, D., & Rodriguez, F. B. (2012). Anonymity revocation through standard infrastructures. In EuroPKI (pp. 112–127).

    Chapter  Google Scholar 

  31. Diaz, J., Arroyo, D., & Rodriguez, F. B. (2014). New X.509-based mechanisms for fair anonymity management. Computers & Security, 46, 111–125. http://www.sciencedirect.com/science/article/pii/S0167404814001023.

    Article  Google Scholar 

  32. Diaz, J., Arroyo, D., & de Borja Rodríguez, F. (2015). libgroupsig: An extensible C library for group signatures. IACR Cryptology ePrint Archive, 2015, 1146.

    Google Scholar 

  33. Diaz, J., Choi, S. G., Arroyo, D., Keromytis, A. D., Rodriguez, F. B., & Yung, M. (2015). Privacy threats in E-shopping (Position Paper). In Data Privacy Management.

    Google Scholar 

  34. Diaz, J., Choi, S. G., Arroyo, D., Keromytis, A. D., Rodríguez, F. B., & Yung, M. (2018). Privacy in e-shopping transactions: Exploring and addressing the trade-offs. In Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Beer Sheva, Israel, 21–22 June 2018, Proceedings (pp. 206–226).

    Google Scholar 

  35. Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

    Article  MathSciNet  Google Scholar 

  36. Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, Berkeley, CA, USA (pp. 21–21). USENIX Association. http://dl.acm.org/citation.cfm?id=1251375.1251396.

  37. Feige, U., Fiat, A., & Shamir, A. (1987). Zero knowledge proofs of identity. In STOC (pp. 210–217).

    Google Scholar 

  38. Garman, C., Green, M., & Miers, I. (2016). Accountable privacy for decentralized anonymous payments. IACR Cryptology ePrint Archive, 2016, 61.

    Google Scholar 

  39. Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. In M. Mitzenmacher (Ed.), 41st ACM STOC, May/June 2009 (pp. 169–178). ACM Press.

    Google Scholar 

  40. Goldwasser, S., Micali, S., & Rivest, R. L. (1988). A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2), 281–308.

    Article  MathSciNet  Google Scholar 

  41. Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1), 186–208.

    Article  MathSciNet  Google Scholar 

  42. Greenwood, D., Stopczynski, A., Sweatt, B., Hardjono, T., & Pentland, A. (2014). The new deal on data: A framework for institutional controls. Privacy, Big Data, and the Public Good: Frameworks for Engagement (p. 192).

    Google Scholar 

  43. ITU-T Recommendation. (1997). X.509. Information technology - open systems interconnection - the directory: Authentication framework.

    Google Scholar 

  44. Jakobsson, M., & M’Raïhi, D. (1998). Mix-based electronic payments. In Selected Areas in Cryptography (pp. 157–173).

    Google Scholar 

  45. Jha, S., Guillen, M., Christopher Westland, J. (2012). Employing transaction aggregation strategy to detect credit card fraud. Expert Systems with Applications, 39(16), 12650–12657.

    Article  Google Scholar 

  46. Kiayias, A., Tsiounis, Y., & Yung, M. (2004). Traceable signatures. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004, Proceedings (pp. 571–589). http://www.iacr.org/cryptodb/archive/2004/EUROCRYPT/2477/2477.pdf.

    Chapter  Google Scholar 

  47. Kumar, M., Rangachari, A., Jhingran, A., & Mohan, R. (1998). Sales promotions on the internet. In Proceedings of the 3rd Conference on USENIX Workshop on Electronic Commerce - Volume 3, WOEC98, Berkeley, CA, USA (pp. 14–14). USENIX Association. http://dl.acm.org/citation.cfm?id=1267147.1267161.

  48. Libert, B., & Yung, M. (2012). Fully forward-secure group signatures. In Cryptography and Security (pp. 156–184).

    Chapter  Google Scholar 

  49. Libert, B., Peters, T., & Yung, M. (2012). Group signatures with almost-for-free revocation. In CRYPTO (pp. 571–589).

    Google Scholar 

  50. Lysyanskaya, A., Rivest, R. L., Sahai, A., & Wolf, S. (1999). Pseudonym systems. In Selected Areas in Cryptography (pp. 184–199).

    Chapter  Google Scholar 

  51. Miers, I., Garman, C., Green, M., & Rubin, A. D. (2013). Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May 2013 (pp. 397–411).

    Google Scholar 

  52. Minkus, T., & Ross, K. W. (2014). I know what you’re buying: Privacy breaches on ebay. In PETS 2014, Amsterdam, July 2014.

    Google Scholar 

  53. Murdoch, S. J., & Anderson, R. J. (2010). Verified by Visa and MasterCard SecureCode: Or, how not to design authentication. In Financial Cryptography.

    Chapter  Google Scholar 

  54. Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system. http://www.bitcoin.org/bitcoin.pdf.

  55. Nakanishi, T., Haruna, N., & Sugiyama, Y. (1999). Unlinkable electronic coupon protocol with anonymity control. In ISW (pp. 37–46).

    Google Scholar 

  56. Narayanan, A., & Shmatikov, V. (2008). Robust de-anonymization of large sparse datasets. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), 18–21 May 2008, Oakland, California, USA.

    Google Scholar 

  57. Okamoto, T. (2006). Efficient blind and partially blind signatures without random oracles. In TCC (pp. 80–99).

    Chapter  Google Scholar 

  58. Parra-Arnau, J., Rebollo-Monedero, D., & Forné, J. (2014). Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy, 16(3), 1586–1631.

    Article  Google Scholar 

  59. Partridge, K., Pathak, M. A., Uzun, E., & Wang, C. (2012). Picoda: Privacy-preserving smart coupon delivery architecture.

    Google Scholar 

  60. Pedersen, T. P. (1991). Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO (pp. 129–140).

    Google Scholar 

  61. Preibusch, S., Peetz, T., Acar, G., & Berendt, B. (2015). Purchase details leaked to PayPal (Short Paper). In Financial Cryptography.

    Chapter  Google Scholar 

  62. Ramakrishnan, N., Keller, B. J., Mirza, B. J., Grama, A., & Karypis, G. (2001). Privacy risks in recommender systems. IEEE Internet Computing, 5(6), 54–62.

    Article  Google Scholar 

  63. Rial, A. (2013). Privacy-preserving E-commerce protocols. Ph.D. thesis, Arenberg Doctoral School, KU Leuven.

    Google Scholar 

  64. Rial, A., Kohlweiss, M., & Preneel, B. (2009). Universally composable adaptive priced oblivious transfer. In Pairing-Based Cryptography - Pairing 2009, Third International Conference, Palo Alto, CA, USA, 12–14 August 2009, Proceedings (pp. 231–247).

    Chapter  Google Scholar 

  65. Rivest, R. L., Shamir, A., & Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MathSciNet  Google Scholar 

  66. Rogaway, P. (2015). The moral character of cryptographic work. IACR Cryptology ePrint Archive, 2015, 1162.

    Google Scholar 

  67. Ruiz-Martinez, A. (2015). Towards a web payment framework: State-of-the-art and challenges. Electronic Commerce Research and Applications. http://www.sciencedirect.com/science/article/pii/S1567422315000587.

    Article  Google Scholar 

  68. Sander, T., & Ta-Shma, A. (1999). Flow control: A new approach for anonymity control in electronic cash systems. In Financial Cryptography (pp. 46–61).

    Chapter  Google Scholar 

  69. Stolfo, S., Yemini, Y., & Shaykin, L. (2006). Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party, November 2 2006. US Patent App. 11/476,304.

    Google Scholar 

  70. Tan, C., & Zhou, J. (2002). An electronic payment scheme allowing special rates for anonymous regular customers. In DEXA Workshops (pp. 428–434).

    Google Scholar 

  71. Toubiana, V., Narayanan, A., Boneh, D., Nissenbaum, H., & Barocas, S. (2010). Adnostic: Privacy preserving targeted advertising. In NDSS.

    Google Scholar 

  72. Visa. (2011). Verified by Visa – acquirer and merchant implementation guide.

    Google Scholar 

Download references

Acknowledgements

The work of Jesus Diaz was done in part in the Universidad Autónoma de Madrid and while visiting the Network Security Lab at Columbia University. The work of Seung Geol Choi was supported in part by ONR award N0001418WX01542 and NSF award #1618269. The work of David Arroyo was supported by projects S2013/ICE-3095-CM (CIBERDINE) and MINECO DPI2015-65833-P of the Spanish Government. The work of Francisco B. Rodriguez was supported by projects MINECO TIN2014-54580-R and TIN2017-84452-R of the Spanish Government. The work of Moti Yung was done in part while visiting the Simons Institute for Theory of Computing, UC Berkeley.

Author information

Authors and Affiliations

  1. BBVA Next Technologies, Madrid, Spain

    Jesus Diaz

  2. United States Naval Academy, Annapolis, MD, USA

    Seung Geol Choi

  3. Spanish National Research Council (CSIC), Madrid, Spain

    David Arroyo

  4. Georgia Institute of Technology, Atlanta, Georgia

    Angelos D. Keromytis

  5. Universidad Autónoma de Madrid, Madrid, Spain

    Francisco B. Rodriguez

  6. Columbia University, New York, NY, USA

    Moti Yung

  7. Google Inc., Menlo Park, CA, USA

    Moti Yung

Authors
  1. Jesus Diaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seung Geol Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Arroyo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Francisco B. Rodriguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Moti Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jesus Diaz .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Information Engineering, Providence University, Taichung, Taiwan

    Kuan-Ching Li

  2. School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China

    Xiaofeng Chen

  3. School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Diaz, J., Choi, S.G., Arroyo, D., Keromytis, A.D., Rodriguez, F.B., Yung, M. (2019). A Methodology for Retrofitting Privacy and Its Application to e-Shopping Transactions. In: Li, KC., Chen, X., Susilo, W. (eds) Advances in Cyber Security: Principles, Techniques, and Applications. Springer, Singapore. https://doi.org/10.1007/978-981-13-1483-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-1483-4_7

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-1482-7

  • Online ISBN: 978-981-13-1483-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics