Abstract
Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. Customers should be able to keep private their personal information, including their buying preferences, and they should not be tracked against their will. The commercial interests of merchants should also be protected by allowing them to make accurate recommendations without revealing legitimately compiled valuable information to third parties. We introduce a theoretical approach for a system called Alambic, which achieves the above privacy-protection objectives in a hybrid recommender system that combines content-based, demographic and collaborative filtering techniques. Our system splits customer data between the merchant and a semi-trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system could only be subverted by a coalition between these two parties.
Similar content being viewed by others
References
Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-commerce: examining user scenarios and privacy preferences. In: Proceedings of 1st ACM Conference on Electronic Commerce (EC’99), pp. 1–8. New York (1999)
Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Proceedings of Eurocrypt 2001, pp. 119–135 (2001)
Aïmeur, E., Brassard, G., Dufort, H., Gambs, S.: Clarisse: a machine learning tool to initialize student models. In: Proceedings of 6th International Conference on Intelligent Tutoring Systems (ITS ’02), pp. 718–728. Biarritz (2002)
Aïmeur, E., Brassard, G., Fernandez, J.M., Mani Onana, F.S.: Privacy-preserving demographic filtering. In: Proceedings of 21st Annual ACM Symposium on Applied Computing (SAC), pp. 872–878. Dijon (2006)
Aïmeur E., Brassard G. and Mani Onana F.S. (2006). Blind electronic commerce. J. Comput. Security 14(6): 535–559
Aïmeur E., Brassard G. and Mani Onana F.S. (2006). Secure anonymous physical delivery. IADIS Int. J. WWW/Internet 4(1): 55–69
Ardissono, L., Brna, P., Mitrovic, A. (eds.): Proceedings of 10th International Conference on user Modeling. Edinburgh (2005)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Proceedings of Crypto 2001, pp. 1–18. Santa Barbara (2001)
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of 20th Annual ACM Symposium on the Theory of Computing (STOC), pp. 11–19 (1988)
Boyan, J.: The anonymizer: protecting user privacy on the Web. Comput-Mediated Commun. Magaz. 4(9) (1997)
Breese, J., Heckerman, D., Kadie, C.: Empirical analysis of predictive algorithms for collaborative filtering. In: Proceedings of 14th Conference on Uncertainty in Artificial Intelligence (UAI-98), pp. 43–52. Morgan Kaufman, Madison (1998)
Burke R. (2002). Hybrid recommender systems: survey and experiments. Customer Model. Customer-Adapted Interaction 4(12): 331–370
Burke, R., Mobasher, B., Bhaumik, R.: Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 17–24. Edinburgh (2005)
Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Proceedings of Crypto 2005, pp. 169–187. Santa Barbara (2005)
Canny, J.: Collaborative filtering with privacy. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 45–57. Oakland (2002)
Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings of 25th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 238–245. Tampere (2002)
Chang, Y.C.: Single database private information retrieval with logarithmic communication. eprint.iacr.org/2004/036/. Accessed 1 Nov 2005 (2004)
Chaum D. (1981). Untraceable electronic mail, return addresses and digital pseudonyms. Commun. ACM 24(2): 84–90
Chaum, D.: Blind signatures for untraceable payments. In: Proceedings of Crypto 82, pp. 199–203. Santa Barbara (1982)
Chaum, D.: Blind signatures system. In: Proceedings of Crypto 83, p. 153. Santa Barbara (1983)
Chaum D. (1985). Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10): 1030–1044
Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: Proceedings of 20th Annual ACM Symposium on the Theory of Computing (STOC), pp. 1–10 (1988)
Chaum, D., Damgård, I., van de Graaf, J.: Multiparty computations ensuring privacy of each party’s input and correctness of the result. In: Proceedings of Crypto 85, pp. 477–488. Santa Barbara (1985)
Chen S. (2005). Strategic Management of e-Business, 2nd edn. Wiley, New York
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings of 36th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 41–51 (1995)
Cooley, T.: A Treatise on the Constitutional Limitations Which Rest Upon the Legislative Power of States of the American Union, 2nd edn. Callaghan, Chicago (1888)
Cover, T.M.: Rates of convergence for nearest neighbor procedures. In: Proceedings of Hawaii International Conference on System Science, pp. 413–415 (1968)
Cover T.M. and Hart P.E. (1967). Nearest neighbor pattern classification. IEEE Trans Inf. Theory 13: 21–27
Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Proceedings of Eurocrypt 97, pp. 103–108 (1997)
Flinn, S., Lumsden, J.: User perceptions of privacy and security on the Web. In: Proceedings of 3rd Annual Conference on Privacy, Security and Trust (PST), pp. 15–26. St Andrews (2005)
Fox, S., Rainie, L.: Trust and privacy online: Why Americans want to rewrite the rules. Pew Internet & American Life Project, Washington. www.pewinternet.org/reports/toc.asp?Report=19. Accessed 29 April 2006 (2001)
Freyne, J., Smyth, S.: Communities, collaboration and cooperation in personalized Web search. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 73–80. Edinburgh (2005)
Gabber E., Gibbons P.B., Kristol D.M., Matias Y. and Mayer A.J. (1999). Consistent, yet anonymous, Web access with LPWA. Commun. ACM 42(2): 42–47
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proceedings of 30th Annual ACM Symposium on the Theory of Computing (STOC), pp. 151–160 (1998)
Goldberg D., Nichols D., Oki B.M. and Terry D. (1992). Using collaborative filtering to weave an information tapestry. Commun. ACM 35(12): 61–70
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Proceedings of 19th Annual ACM Symposium on the Theory of Computing (STOC), pp. 218–229 (1987)
Goldschlag D.M., Reed M.G. and Syverson P.F. (1999). Onion routing for anonymous and private internet connections. Commun ACM 42(2): 84–88
Greenspan, R.: Surfers Prefer Personalization. ClickzStats (2004)
Harris Interactive: A survey of consumer privacy attitudes and behaviors (2000)
Harris Interactive: Most people are privacy pragmatists (2003)
Jain A.K., Murty M.N. and Flynn P.J. (1999). Data clustering: a review. ACM Comput. Surv. 31(3): 264–323
Jha, S., Kruger, L., McDaniel, P.: Privacy preserving clustering. In: Proceedings of 10th European Symposium on Research in Computer Security (ESORICS ’05). Milan (2005)
Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Proceedings of Crypto 83, pp. 335–354. Santa Barbara (2004)
Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of 20th Annual Symposium on Theory of Computing (STOC), pp. 20–31 (1988)
Kobsa A., Koenemann J. and Pohl W. (2001). Personalized hypermedia presentation techniques for improving online customer relationships. Knowl. Eng. Rev. 16(2): 111–155
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: Proceedings of 38th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 364–373 (1997)
Lam, S.K., Riedl, J.: Shilling recommender systems for fun and profit. In: Proceedings of 13th International Conference on World Wide Web (WWW ’04), pp. 393–402. New York (2004)
Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Proceedings of Eurocrypt 2004, pp. 20–39 (2004)
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay – A secure two-party computation system. In: Proceedings of Usenix Security Symposium, pp. 9–13 (2004)
Meregu, S., Ghosh, J.: Privacy-preserving distributed clustering using generative models. In: Proceedings of 3rd IEEE International Conference on Data Mining (ICDM’03), pp. 211–218. Melbourne (2003)
Miller B.N., Konstan J.A. and Riedl J. (2004). Pocketlens: toward a personal recommender system. ACM Trans. Inf. Systems 22(3): 437–476
Mobasher, B., Anand, S.S. (eds.): Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005). Edinburgh (2005)
Mobasher B., Cooley R. and Srivastava J. (2000). Automatic personalization based on Web usage mining. Commun. ACM 43(8): 142–151
Pazzani M. (1999). A framework for collaborative, content-based and demographic filtering. Arti. Intell. Rev. 13(5-6): 393–408
Pazzani M. and Billsus D. (1997). Learning and revising user profiles: the identification of interesting Web sites. Mach. Learn. 27(5-6): 313–331
Pedersen, T.: A threshold cryptosystem without a trusted party. In: Proceedings of Eurocrypt 91, pp. 522–526 (1991)
Pennock, D., Horvitz, E., Lawrence, S., Giles, C.L.: Collaborative filtering by personality diagnosis: a hybrid memory- and model-based approach. In: Proceedings of 16th Conference on Uncertainty in Artificial Intelligence (UAI 2000), pp. 473–480. Stanford (2000)
Perkowitz, M., Etzioni, O.: Adaptive Web sites: automatically synthesizing Web pages. In: Proceedings of 15th National Conference on Artificial Intelligence and 10th Innovative Applications of Artificial Intelligence Conference AAAI/IAAI, pp. 727–732 (1998)
Pierrakos D., Paliouras G., Papatheodorou C. and Spyropoulos C.D. (2003). Web usage mining as a tool for personalization: a survey. User Model. User-Adapted Interaction 13(4): 311–372
Polat H. and Du W. (2005). Privacy-preserving collaborative filtering. Int. J. Electron. Commerce 9(4): 9–35
Pretschner, A., Gauch, S.: Personalization on the Web. Tech. Rep. FY2000-TR-13591-01, ITTC, University of Kansas (1999)
Resnick, P., Iacovou, N., Sushak, M., Bergstrom, P., Riedl, J.: Grouplens: An open architecture for collaborative filtering of netnews. In: Proceedings of Computer Supported Collaborative Work Conference (CSCW), pp. 175–186. Chapel Hill (1994)
Roy Morgan Research: Privacy and the community. Prepared for the Office of the Federal Privacy Commissioner, Sydney. www.privacy.gov.au/publications/rcommunity.html. Accessed 29 April 2006 (2001)
Rucker J. and Polanco M. (1997). SiteSeer: personalized navigation for the Web. Commun. ACM 40(3): 73–75
Salinger, J.: The Catcher in the Rye. Little, Brown and Company (1951)
Sander, T., Tschudin, C.F.: Towards mobile cryptography. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 162–167. Oakland (1998)
Schafer, J.B., Konstan, J.A., Riedl, J.: Recommender systems in e-commerce. In: Proceedings of 1st ACM Conference on Electronic Commerce (EC’99), pp. 158–166. Denver (1999)
Schafer J.B., Konstan J.A. and Riedl J. (2001). E-commerce recommendation applications. Data Mining Know. Discovery 5(1/2): 115–152
Spiekermann, S., Großklags, J., Berendt, B.: E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior. In: Proceedings of 3rd ACM Conference on Electronic Commerce (EC’01), pp. 38–47 (2001)
Suryavanshi, B., Shiri, N., Mudur, S.: A fuzzy hybrid collaborative filtering technique for web personalization. In: Proceedings of 3rd International Workshop on Intelligent Techniques for Web Personalization (ITWP 2005), 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), pp. 1–8. Edinburgh (2005)
Teltzrow M. and Kobsa A. (2004). Impacts of user privacy preferences on personalized systems—a comparative study. In: Karat, C.M., Blom, J. and Karat, J. (eds) Designing Personalized user Experiences for eCommerce., pp 315–332. Kluwer, Dordrecht
Turban E., King D., Viehland D. and Lee J. (2006). Electronic Commerce: a Managerial Perspective. Prentice Hall, New Jersey
UMR: Privacy concerns loom large. Conducted for the Privacy Commissioner of New Zealand. Survey summary, Auckland: PC of New Zealand. www.privacy.org.nz/privword/42pr.html. Accessed 29 April 2006 (2001)
Verykios V.S., Bertino E., Fovino I.N., Provenza L.P., Saygin Y. and Theodoridis Y. (2004). State-of-the-art in privacy preserving data mining. ACM SIGMOD Record 33(1): 50–57
Westin A. (1967). Privacy and Freedom. Atheneum, New York
Yao, A.C.C.: Protocols for secure computation. In: Proceedings of 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 160–164 (1982)
Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of 27th IEEE Symposium Foundations of Computer Science (FOCS), pp. 162–167 (1986)
Zhu K. (2004). Information transparency of business-to-business electronic markets: a game-theoretic analysis. Manage. Sci. 50(5): 670–685
Author information
Authors and Affiliations
Corresponding author
Additional information
This work is supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC). In addition, G.B. is supported in part by the Canadian Institute for Advanced Research (CIFAR) and the Canada Research Chair Programme.
Rights and permissions
About this article
Cite this article
Aïmeur, E., Brassard, G., Fernandez, J.M. et al. Alambic: a privacy-preserving recommender system for electronic commerce. Int. J. Inf. Secur. 7, 307–334 (2008). https://doi.org/10.1007/s10207-007-0049-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-007-0049-3