An innovative electronic group-buying system for mobile commerce

https://doi.org/10.1016/j.elerap.2012.09.005Get rights and content

Abstract

With the benefits of discount and convenience, the group-buying mechanism has become a popular commerce service. Nevertheless, there exist several drawbacks in current group-buying systems. First, the absence of security consideration may reveal the privacy of involved participants. Moreover, buyers must pay money to the initiator in advance. Without a trusted third party to monitor the purchase, the initiator may vanish after collecting the money. To mitigate the risk of the above weaknesses, we propose a new mechanism introducing a group-buying server to secure and monitor the transaction. Because the server acts as a mediator, it can help the buyer and vender to negotiate with each other through a secure channel. Mutual authentication between the buyer and vender is guaranteed under the BAN logic model. In particular, we employ the Bloom filter and XOR operation to reduce the size of the transaction table and the computational cost. Thus, the new method can be implemented in mobile devices.

Highlights

► A lightweight group-buying mechanism is proposed for mobile commerce. ► A bloom filter is applied to reduce the size of verified table. ► The BAN logic model is used to prove the correctness of mutual authentication. ► The simulation is conducted to show the performance.

Introduction

Recently, a report of Cable News Network has clearly shown that lots of online shoppers have registered to the group-buying websites in Chinese for purchasing the same thing and negotiating hefty discounts (Cashmore.group.buying, 2010, Chinas-latest-obsession-group-buying, 2011). More precisely, the total number of group-buying users in China, Hong Kong, and Taiwan has reached to 18.75 million in 2010, leading to US$ 260 million in sales. In 2011, the number of users has approached to 42.2 million (Chung and Chen 2012). In particular, the well-known Groupon has realized an annual operating income of US$ 2.0 billion in 2010. It is expected to reach US$ 4.0 billion at the end of 2011 (Song, 2011).

Undoubtedly, the group-buying activity is a pure and successful C2B model which has brought an amazing profit for customers (Song, 2011). The merchant can accordingly earn the outstanding business achievement. This has proved the significance of electronic group-buying system. The conventional group-buying system is shown in (Fig. 1).

In conventional group-buying systems, an initiator collects money from buyers who want to purchase the same commodities. The initiator pays money to the account of the vender. For a large amount of orders, the vender can offer buyers a discount or provide some additional services, like carriage free. Upon receiving the commodities from the vender, the initiator then forwards the goods to each buyer. Thus, the buyer does not need to visit the store personally or pay a large price to get the commodity. Moreover, the group-buying system provides a platform which allows user to negotiate with other buyers; this can confirm the quality of the commodity and reduce the time of price comparison.

Although the conventional group-buying system is practical, some drawbacks still exist. First, the conventional group-buying system focuses on the convenience of the transaction and the selectivity of payment terms. Even a trusted third party (TTP), i.e. the bank, is introduced to monitor money transfer. The confidentiality of data is seldom considered in the transaction. Since the TTP never checks the integrity of the message, a malicious attacker can intercept and tamper with the message to break the deal. In addition, the group-buying system cannot verify and monitor the transaction procedure. Thus, after buyers pay money to the account of the initiator, they face the risk of the initiator taking the money away. Furthermore, the traditional system does not provide a reliable method to revoke illegal users. If a malicious user joins the buying group, it is infeasible to prevent him from violating the transaction.

To improve the drawback that the TTP does not get involved into the verification, previous study has introduced the concept of key escrow (Long et al., 2005, Youssef, 2010, Ni et al., 2012). The main idea is to authenticate the communications between the sender and receiver according to the TTP. This can achieve the essentials of identity verification and information filtering. Thus, it has been employed to secure dozens of online e-commerce mechanisms. The secret key of a key escrow method is usually separated into two parts. One is kept by the TTP, i.e. the key escrow. Once a user applies the secret key to encrypt the message, the receiver has to cooperate with the TTP to obtain two parts of secret to reconstruct the secret key. Then the secret key can be used to decrypt messages and verify the involved participant. The main advantage of this mechanism is that the secret key can be well protected and the TTP can help secure the communication. Nevertheless, the key escrow mechanism is constructed according to the asymmetric cryptosystem. The hefty computation and power consumption are not suitable for the mobile commerce. Moreover, the TTP has to record all the corresponding secret keys of involved participants. It has become an additional storage and key management problem. Hence, we aim to develop a more effective solution for securing electronic group-buying system instead of the key escrow method. The overview of the new electronic group-buying system is illustrated in Fig. 2.

We have introduced a fair server as the TTP to help secure the system. So far, the most famous group-buying services are provided by eBay and Google Offers (EBay, 2012, Google Offers, 2012), in which the complete of a transaction requires the cooperation of the enterprise and venders. Buyers need not to contact with venders directly. All they have to do is to order and pay for what they want via eBay or Google Offers. After that, eBay or Google Offers will contact with venders to finish the deal and send the product to buyers. It is obvious that the website of eBay or Google Offers can serve as the TTP in the novel electronic group-buying system. Since the TTP participates in the purchase, the correctness of transmitted message and the payment can be confirmed. This can secure the transaction from being tampered. Furthermore, we adopt the BAN logic model to ensure the correctness of mutual authentication between buyer and vender (Burrows et al. 1990).

Due to the fact that mobile devices are unable to support the heavy computation of asymmetric/symmetric cryptographic systems such as RSA, ElGaml, DES, and AES (Rivest et al., 1978, ElGamal, 1985, Biham and Shamir, 1991, Daemen and Rijmen, 2002), we apply the XOR operation and one-way hash function to enhance the efficiency of the new mechanism (Exclusive OR, 2011, Menezes et al., 1996). In addition, to prevent the server from spending a large amount of storage to keep transaction data and verified tables, we employ the Bloom filter to mitigate the storage consumption (Bloom 1970). This allows the server to support more businesses and enables users to easily check their transaction tables on a mobile device. The advantage of high efficiency and light storage consumption can greatly help carry out the new mechanism.

The rest of this article is organized as follows. In Section 2, we introduce and explain the concept of the Bloom filter. We then specify the new group-buying mechanism in Section 3. The security analyses and performance discussions are presented in Sections 4 Analyses, 5 Performance discussion, respectively. Finally, we make conclusions in Section 6.

Section snippets

Preliminaries of the Bloom filter

In the traditional verification method, if we want to check whether an element is in the set, we need to keep the identification of all elements as a verified table. When the amount of elements is very large, the storage consumption becomes impractical to serve the verification. Hence, B. Bloom has proposed the concept of the Bloom filter, which can solve the predicament of the bulky verified table problem (Bloom 1970). Many studies have researched how to compress the size of verified table and

Group-buying mechanism

The group-buying mechanism consists of five phases: registration, initiation, payment, dealing confirmation, and smart card reissue. In the mechanism, the server of eBay or Google Offers is assumed to play the role of the trusted third party, and all users need to register at the server and exchange the digital cash. Here, we set two denominations of digital cash, a and b, where a < b. The notations used in this mechanism are defined in Table 1. Note that only the server is able to embed data

Analyses

We define the essentials which the novel mechanism is able to achieve and analyze how this mechanism can resist the common attacks in e-commerce. The security of the new mechanism is guaranteed by the one-way hash function and exclusive-OR operation. The assumptions of exclusive-OR operation and one-way hash function are given as follows:

  • (1)

    The exclusive-OR operation shall not be compromised in polynomial time. For example, given a message M1, it is easy to calculate C = M1  M2 with a message M2.

Bloom filter

In this section, we discuss the relations between the probability of collision F, the number of different hash functions z, the bit size of HTBF m, and the number of elements n. The elements in our mechanism involve all of the buyers, so n is the number of supposed buyers. Previous research has defined F = (1  (1  1/m)zn)z and the optimal value z = mln 2/n (Bloom, 1970, Mitzenmacher, 2002, Ren et al., 2009). When m/n = 50, F can be held down to 10−10, but we need to use almost 36 one-way hash functions;

Conclusions and future works

With advantages such as discounts and saving traveling time, more and more people are joining the group-buying systems. Therefore, a secure mechanism to keep the privacy of buyers is necessary. In this article, we have proposed an innovative lightweight group-buying mechanism for mobile commerce, in which buyers can make purchases whenever and wherever they want. In particular, this mechanism can guarantee the e-commerce security of buyers as well as support the dealing confirmation and

References (19)

  • Y. Long et al.

    A dynamic threshold commercial key escrow scheme based on conic

    Applied Mathematics and Computation

    (2005)
  • A.M. Youssef

    Cryptanalysis of Boolean permutation-based key escrow scheme

    Computers and Electrical Engineering

    (2010)
  • M. Burrows et al.

    A logic of authentication

    ACM Transactions on Computer Systems

    (2007)
  • E. Biham et al.

    Differential cryptanalysis of DES-like cryptosystems

    Journal of Cryptology

    (1991)
  • B. Bloom

    Space/Time tradeoffs in hash coding with allowable errors

    Communications of the ACM

    (1970)
  • Chinas-latest-obsession-group-buying, 2011. Available at...
  • Cashmore.group.buying, 2010. Available at http://edition.cnn.com/2010/TECH/04/15/cashmore.group.buying/. Last accessed...
  • W.Y. Chung et al.

    Group-buying e-commerce in China

    IT Professional

    (2012)
  • J. Daemen et al.

    The Design of Rijndael: AES – The Advanced Encryption Standard

    (2002)
There are more references available in the full text version of this article.

Cited by (20)

  • Spreading dynamics of an e-commerce preferential information model on scale-free networks

    2017, Physica A: Statistical Mechanics and its Applications
    Citation Excerpt :

    Customers might consider forwarding the preferential information if it is considered beneficial. Forwarding preferential information could help customers to obtain some preferential treatment, such as discounts [7]. During information forwarding, other people may see the information and forward it to further possible customers.

  • Predicting actual spending in online group buying – An artificial neural network approach

    2019, Electronic Commerce Research and Applications
    Citation Excerpt :

    With a higher number of buyers, this means the price would be lower, and therefore consumers would be more enticed to more great discounts that lead to more actual spending. The present study contributes some theoretical implications which include, first, unlike most of the studies on OGB that examined behavioral intention (Lim, 2017), repeat purchase intention (Hsu et al., 2015), revisit intention (Che et al., 2015), stickiness intention (Wang et al., 2016), participation (Kauffman et al., 2010a), service quality (Hsu et al., 2018), mechanism (Lee and Lin, 2013), consumer group differences (Jeon et al., 2017), acceptance and continuance (Lim and Ting, 2014), the current study examines the determinants of actual spending in OGB. It is imperative to identify the predictors of actual spending in OGB because acceptance, repeat purchase intention, revisit intention or continuance intention in OGB may not necessarily trigger actual spending (Leong et al., 2018).

  • A bibliographic survey of business models, service relationships, and technology in electronic commerce

    2019, Electronic Commerce Research and Applications
    Citation Excerpt :

    Security is also a prevalent topic. A mechanism for a group-buying server was proposed to secure and monitor the transactions (Lee and Lin, 2013). In addition, new classifiers for fraud detection is presented in crowdfunding platforms based on data mining and machine learning techniques (Siering et al., 2016).

  • Preserving Collusion-Free and Traceability in Car-Sharing System Based on Blockchain

    2022, Communications in Computer and Information Science
View all citing articles on Scopus
View full text