Skip to main content
SpringerLink
Log in

Alambic: a privacy-preserving recommender system for electronic commerce

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. Customers should be able to keep private their personal information, including their buying preferences, and they should not be tracked against their will. The commercial interests of merchants should also be protected by allowing them to make accurate recommendations without revealing legitimately compiled valuable information to third parties. We introduce a theoretical approach for a system called Alambic, which achieves the above privacy-protection objectives in a hybrid recommender system that combines content-based, demographic and collaborative filtering techniques. Our system splits customer data between the merchant and a semi-trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system could only be subverted by a coalition between these two parties.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-commerce: examining user scenarios and privacy preferences. In: Proceedings of 1st ACM Conference on Electronic Commerce (EC’99), pp. 1–8. New York (1999)

  2. Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Proceedings of Eurocrypt 2001, pp. 119–135 (2001)

  3. Aïmeur, E., Brassard, G., Dufort, H., Gambs, S.: Clarisse: a machine learning tool to initialize student models. In: Proceedings of 6th International Conference on Intelligent Tutoring Systems (ITS ’02), pp. 718–728. Biarritz (2002)

  4. Aïmeur, E., Brassard, G., Fernandez, J.M., Mani Onana, F.S.: Privacy-preserving demographic filtering. In: Proceedings of 21st Annual ACM Symposium on Applied Computing (SAC), pp. 872–878. Dijon (2006)

  5. Aïmeur E., Brassard G. and Mani Onana F.S. (2006). Blind electronic commerce. J. Comput. Security 14(6): 535–559

    Google Scholar 

  6. Aïmeur E., Brassard G. and Mani Onana F.S. (2006). Secure anonymous physical delivery. IADIS Int. J. WWW/Internet 4(1): 55–69

    Google Scholar 

  7. Ardissono, L., Brna, P., Mitrovic, A. (eds.): Proceedings of 10th International Conference on user Modeling. Edinburgh (2005)

  8. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Proceedings of Crypto 2001, pp. 1–18. Santa Barbara (2001)

  9. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of 20th Annual ACM Symposium on the Theory of Computing (STOC), pp. 11–19 (1988)

  10. Boyan, J.: The anonymizer: protecting user privacy on the Web. Comput-Mediated Commun. Magaz. 4(9) (1997)

  11. Breese, J., Heckerman, D., Kadie, C.: Empirical analysis of predictive algorithms for collaborative filtering. In: Proceedings of 14th Conference on Uncertainty in Artificial Intelligence (UAI-98), pp. 43–52. Morgan Kaufman, Madison (1998)

  12. Burke R. (2002). Hybrid recommender systems: survey and experiments. Customer Model. Customer-Adapted Interaction 4(12): 331–370

    Article  Google Scholar 

  13. Burke, R., Mobasher, B., Bhaumik, R.: Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 17–24. Edinburgh (2005)

  14. Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Proceedings of Crypto 2005, pp. 169–187. Santa Barbara (2005)

  15. Canny, J.: Collaborative filtering with privacy. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 45–57. Oakland (2002)

  16. Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings of 25th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 238–245. Tampere (2002)

  17. Chang, Y.C.: Single database private information retrieval with logarithmic communication. eprint.iacr.org/2004/036/. Accessed 1 Nov 2005 (2004)

  18. Chaum D. (1981). Untraceable electronic mail, return addresses and digital pseudonyms. Commun. ACM 24(2): 84–90

    Article  Google Scholar 

  19. Chaum, D.: Blind signatures for untraceable payments. In: Proceedings of Crypto 82, pp. 199–203. Santa Barbara (1982)

  20. Chaum, D.: Blind signatures system. In: Proceedings of Crypto 83, p. 153. Santa Barbara (1983)

  21. Chaum D. (1985). Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10): 1030–1044

    Article  Google Scholar 

  22. Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: Proceedings of 20th Annual ACM Symposium on the Theory of Computing (STOC), pp. 1–10 (1988)

  23. Chaum, D., Damgård, I., van de Graaf, J.: Multiparty computations ensuring privacy of each party’s input and correctness of the result. In: Proceedings of Crypto 85, pp. 477–488. Santa Barbara (1985)

  24. Chen S. (2005). Strategic Management of e-Business, 2nd edn. Wiley, New York

    Google Scholar 

  25. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings of 36th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 41–51 (1995)

  26. Cooley, T.: A Treatise on the Constitutional Limitations Which Rest Upon the Legislative Power of States of the American Union, 2nd edn. Callaghan, Chicago (1888)

  27. Cover, T.M.: Rates of convergence for nearest neighbor procedures. In: Proceedings of Hawaii International Conference on System Science, pp. 413–415 (1968)

  28. Cover T.M. and Hart P.E. (1967). Nearest neighbor pattern classification. IEEE Trans Inf. Theory 13: 21–27

    Article  MATH  Google Scholar 

  29. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Proceedings of Eurocrypt 97, pp. 103–108 (1997)

  30. Flinn, S., Lumsden, J.: User perceptions of privacy and security on the Web. In: Proceedings of 3rd Annual Conference on Privacy, Security and Trust (PST), pp. 15–26. St Andrews (2005)

  31. Fox, S., Rainie, L.: Trust and privacy online: Why Americans want to rewrite the rules. Pew Internet & American Life Project, Washington. www.pewinternet.org/reports/toc.asp?Report=19. Accessed 29 April 2006 (2001)

  32. Freyne, J., Smyth, S.: Communities, collaboration and cooperation in personalized Web search. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 73–80. Edinburgh (2005)

  33. Gabber E., Gibbons P.B., Kristol D.M., Matias Y. and Mayer A.J. (1999). Consistent, yet anonymous, Web access with LPWA. Commun. ACM 42(2): 42–47

    Article  Google Scholar 

  34. Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proceedings of 30th Annual ACM Symposium on the Theory of Computing (STOC), pp. 151–160 (1998)

  35. Goldberg D., Nichols D., Oki B.M. and Terry D. (1992). Using collaborative filtering to weave an information tapestry. Commun. ACM 35(12): 61–70

    Article  Google Scholar 

  36. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Proceedings of 19th Annual ACM Symposium on the Theory of Computing (STOC), pp. 218–229 (1987)

  37. Goldschlag D.M., Reed M.G. and Syverson P.F. (1999). Onion routing for anonymous and private internet connections. Commun ACM 42(2): 84–88

    Article  Google Scholar 

  38. Greenspan, R.: Surfers Prefer Personalization. ClickzStats (2004)

  39. Harris Interactive: A survey of consumer privacy attitudes and behaviors (2000)

  40. Harris Interactive: Most people are privacy pragmatists (2003)

  41. Jain A.K., Murty M.N. and Flynn P.J. (1999). Data clustering: a review. ACM Comput. Surv. 31(3): 264–323

    Article  Google Scholar 

  42. Jha, S., Kruger, L., McDaniel, P.: Privacy preserving clustering. In: Proceedings of 10th European Symposium on Research in Computer Security (ESORICS ’05). Milan (2005)

  43. Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Proceedings of Crypto 83, pp. 335–354. Santa Barbara (2004)

  44. Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of 20th Annual Symposium on Theory of Computing (STOC), pp. 20–31 (1988)

  45. Kobsa A., Koenemann J. and Pohl W. (2001). Personalized hypermedia presentation techniques for improving online customer relationships. Knowl. Eng. Rev. 16(2): 111–155

    Article  MATH  Google Scholar 

  46. Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: Proceedings of 38th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 364–373 (1997)

  47. Lam, S.K., Riedl, J.: Shilling recommender systems for fun and profit. In: Proceedings of 13th International Conference on World Wide Web (WWW ’04), pp. 393–402. New York (2004)

  48. Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Proceedings of Eurocrypt 2004, pp. 20–39 (2004)

  49. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay – A secure two-party computation system. In: Proceedings of Usenix Security Symposium, pp. 9–13 (2004)

  50. Meregu, S., Ghosh, J.: Privacy-preserving distributed clustering using generative models. In: Proceedings of 3rd IEEE International Conference on Data Mining (ICDM’03), pp. 211–218. Melbourne (2003)

  51. Miller B.N., Konstan J.A. and Riedl J. (2004). Pocketlens: toward a personal recommender system. ACM Trans. Inf. Systems 22(3): 437–476

    Article  Google Scholar 

  52. Mobasher, B., Anand, S.S. (eds.): Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005). Edinburgh (2005)

  53. Mobasher B., Cooley R. and Srivastava J. (2000). Automatic personalization based on Web usage mining. Commun. ACM 43(8): 142–151

    Article  Google Scholar 

  54. Pazzani M. (1999). A framework for collaborative, content-based and demographic filtering. Arti. Intell. Rev. 13(5-6): 393–408

    Article  Google Scholar 

  55. Pazzani M. and Billsus D. (1997). Learning and revising user profiles: the identification of interesting Web sites. Mach. Learn. 27(5-6): 313–331

    Article  Google Scholar 

  56. Pedersen, T.: A threshold cryptosystem without a trusted party. In: Proceedings of Eurocrypt 91, pp. 522–526 (1991)

  57. Pennock, D., Horvitz, E., Lawrence, S., Giles, C.L.: Collaborative filtering by personality diagnosis: a hybrid memory- and model-based approach. In: Proceedings of 16th Conference on Uncertainty in Artificial Intelligence (UAI 2000), pp. 473–480. Stanford (2000)

  58. Perkowitz, M., Etzioni, O.: Adaptive Web sites: automatically synthesizing Web pages. In: Proceedings of 15th National Conference on Artificial Intelligence and 10th Innovative Applications of Artificial Intelligence Conference AAAI/IAAI, pp. 727–732 (1998)

  59. Pierrakos D., Paliouras G., Papatheodorou C. and Spyropoulos C.D. (2003). Web usage mining as a tool for personalization: a survey. User Model. User-Adapted Interaction 13(4): 311–372

    Article  Google Scholar 

  60. Polat H. and Du W. (2005). Privacy-preserving collaborative filtering. Int. J. Electron. Commerce 9(4): 9–35

    Google Scholar 

  61. Pretschner, A., Gauch, S.: Personalization on the Web. Tech. Rep. FY2000-TR-13591-01, ITTC, University of Kansas (1999)

  62. Resnick, P., Iacovou, N., Sushak, M., Bergstrom, P., Riedl, J.: Grouplens: An open architecture for collaborative filtering of netnews. In: Proceedings of Computer Supported Collaborative Work Conference (CSCW), pp. 175–186. Chapel Hill (1994)

  63. Roy Morgan Research: Privacy and the community. Prepared for the Office of the Federal Privacy Commissioner, Sydney. www.privacy.gov.au/publications/rcommunity.html. Accessed 29 April 2006 (2001)

  64. Rucker J. and Polanco M. (1997). SiteSeer: personalized navigation for the Web. Commun. ACM 40(3): 73–75

    Article  Google Scholar 

  65. Salinger, J.: The Catcher in the Rye. Little, Brown and Company (1951)

  66. Sander, T., Tschudin, C.F.: Towards mobile cryptography. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 162–167. Oakland (1998)

  67. Schafer, J.B., Konstan, J.A., Riedl, J.: Recommender systems in e-commerce. In: Proceedings of 1st ACM Conference on Electronic Commerce (EC’99), pp. 158–166. Denver (1999)

  68. Schafer J.B., Konstan J.A. and Riedl J. (2001). E-commerce recommendation applications. Data Mining Know. Discovery 5(1/2): 115–152

    Article  MATH  Google Scholar 

  69. Spiekermann, S., Großklags, J., Berendt, B.: E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior. In: Proceedings of 3rd ACM Conference on Electronic Commerce (EC’01), pp. 38–47 (2001)

  70. Suryavanshi, B., Shiri, N., Mudur, S.: A fuzzy hybrid collaborative filtering technique for web personalization. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 1–8. Edinburgh (2005)

  71. Teltzrow M. and Kobsa A. (2004). Impacts of user privacy preferences on personalized systems—a comparative study. In: Karat, C.M., Blom, J. and Karat, J. (eds) Designing Personalized user Experiences for eCommerce., pp 315–332. Kluwer, Dordrecht

    Chapter  Google Scholar 

  72. Turban E., King D., Viehland D. and Lee J. (2006). Electronic Commerce: a Managerial Perspective. Prentice Hall, New Jersey

    Google Scholar 

  73. UMR: Privacy concerns loom large. Conducted for the Privacy Commissioner of New Zealand. Survey summary, Auckland: PC of New Zealand. www.privacy.org.nz/privword/42pr.html. Accessed 29 April 2006 (2001)

  74. Verykios V.S., Bertino E., Fovino I.N., Provenza L.P., Saygin Y. and Theodoridis Y. (2004). State-of-the-art in privacy preserving data mining. ACM SIGMOD Record 33(1): 50–57

    Article  Google Scholar 

  75. Westin A. (1967). Privacy and Freedom. Atheneum, New York

    Google Scholar 

  76. Yao, A.C.C.: Protocols for secure computation. In: Proceedings of 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 160–164 (1982)

  77. Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of 27th IEEE Symposium Foundations of Computer Science (FOCS), pp. 162–167 (1986)

  78. Zhu K. (2004). Information transparency of business-to-business electronic markets: a game-theoretic analysis. Manage. Sci. 50(5): 670–685

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Département d’informatique et de recherche opérationnelle, Université de Montréal, Montréal, Canada

    Esma Aïmeur, Gilles Brassard & Flavien Serge Mani Onana

  2. Département de génie informatique, École Polytechnique de Montréal, Montréal, Canada

    José M. Fernandez

Authors
  1. Esma Aïmeur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gilles Brassard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José M. Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Flavien Serge Mani Onana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to José M. Fernandez.

Additional information

This work is supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC). In addition, G.B. is supported in part by the Canadian Institute for Advanced Research (CIFAR) and the Canada Research Chair Programme.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Aïmeur, E., Brassard, G., Fernandez, J.M. et al. Alambic: a privacy-preserving recommender system for electronic commerce. Int. J. Inf. Secur. 7, 307–334 (2008). https://doi.org/10.1007/s10207-007-0049-3

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0049-3

Keywords

Search

Navigation