Protocols that hide user's preferences in electronic transactions

Author

Feng BAO, Singapore Management UniversityFollow
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

7-2005

Abstract

The Internet creates many new threats to personal privacy and raises some unique privacy concerns. In this paper we study the problem of how to protect users’ privacy in web transactions of digital products. In particular, we introduce a system which (1) allows a user to disclose his/her identity information (such as user account or credit card number) to a web site in exchange for a digital product, but (2) prevents the web site from learning which specific product the user intends to obtain. The problem concerned here is orthogonal to the problem of anonymous transactions [M. Reed, P. Syverson, D. Goldschag, Anonymous connections and Onion Routing, IEEE Journal of Selected Areas in Communication 16 (4) (1998) 482–494; M. Reiter, A. Rubin, Crowds: anonymity for web transactions, ACM Transactions on Information System Security, 1 (1) (1998) 66–92] but commensurate with the general problem of PIR (private information retrieval) [B. Chor, O. Goldreich, E. Kushilevita, M. Sudan, Private information retrieval, in: Proceedings of 36th FOCS, 1995, pp. 41–50; B. Chor, N. Gilboa, Computational private information retrieval, in: Proceedings of 29th STOC, 1997, pp. 304–313]. Most of the existing results in PIR, however, are theoretical in nature and can not be applied in practice due to their huge communication and computational overheads. In the present paper, we introduce two practical solutions that satisfy the above two requirements and analyze their security and performance. Another issue we study in this paper is how to recover sales statistics data in our user privacy-protected system. We present a novel solution to the problem along with its security analysis.

Keywords

Anonymizer, Encryption, Privacy protection, On-line transaction, Digital products

Discipline

Information Security

Publication

Computer Networks

Volume

48

Issue

4

First Page

503

Last Page

515

ISSN

1389-1286

Identifier

10.1016/j.comnet.2004.10.010

Publisher

Elsevier

Citation

BAO, Feng and DENG, Robert H.. Protocols that hide user's preferences in electronic transactions. (2005). Computer Networks. 48, (4), 503-515.
Available at: https://ink.library.smu.edu.sg/sis_research/1170

Additional URL

http://dx.doi.org/10.1016/j.comnet.2004.10.010