ScienceDirect - Computer Networks : Protocols that hide user’s preferences in electronic transactions

Computer Networks
Volume 48, Issue 4, 15 July 2005, Pages 503-515

Font Size:

Abstract - selected

Article

Figures/Tables

References

Purchase PDF (1047 K)

E-mail Article

Add to my Quick Links

Bookmark and share in 2collab (opens in new window)

Request permission to reuse this article

Cited By in Scopus (0)

Related Articles in ScienceDirect

European and American privacy: commerce, rights and jus...
Computer Law & Security Report

Securing on-line credit card payments without disclosin...
Computer Standards & Interfaces

Ethical and online privacy issues in electronic commerc...
Business Horizons

PayCash: a secure efficient internet payment system
Electronic Commerce Research and Applications

A Generic Electronic Payment Model Supporting Multiple ...
Computers & Security

View More Related Articles

View Record in Scopus

doi:10.1016/j.comnet.2004.10.010

Protocols that hide user’s preferences in electronic transactions

Feng Bao ^a^, and Robert H. Deng ^b^,^,^,

^aInstitute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore 119613 ^bSchool of Information Systems, Singapore Management University, 469 Bukit Timah Road, Singapore 259756

Received 17 January 2004;

revised 15 September 2004;

accepted 27 October 2004.

Responsible Editor: D. Frincke.

Available online 20 November 2004.

References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

The Internet creates many new threats to personal privacy and raises some unique privacy concerns. In this paper we study the problem of how to protect users’ privacy in web transactions of digital products. In particular, we introduce a system which (1) allows a user to disclose his/her identity information (such as user account or credit card number) to a web site in exchange for a digital product, but (2) prevents the web site from learning which specific product the user intends to obtain. The problem concerned here is orthogonal to the problem of anonymous transactions [M. Reed, P. Syverson, D. Goldschag, Anonymous connections and Onion Routing, IEEE Journal of Selected Areas in Communication 16 (4) (1998) 482–494; M. Reiter, A. Rubin, Crowds: anonymity for web transactions, ACM Transactions on Information System Security, 1 (1) (1998) 66–92] but commensurate with the general problem of PIR (private information retrieval) [B. Chor, O. Goldreich, E. Kushilevita, M. Sudan, Private information retrieval, in: Proceedings of 36th FOCS, 1995, pp. 41–50; B. Chor, N. Gilboa, Computational private information retrieval, in: Proceedings of 29th STOC, 1997, pp. 304–313]. Most of the existing results in PIR, however, are theoretical in nature and can not be applied in practice due to their huge communication and computational overheads. In the present paper, we introduce two practical solutions that satisfy the above two requirements and analyze their security and performance. Another issue we study in this paper is how to recover sales statistics data in our user privacy-protected system. We present a novel solution to the problem along with its security analysis.

Keywords: Anonymizer; Encryption; Privacy protection; On-line transaction; Digital products