Title: Privacy-Preserving E-Commerce Protocols (Privacy-beschermende E-Commerce protocollen)
Other Titles: Privacy-Preserving E-Commerce Protocols
Authors: Rial Duran, Alfredo
Issue Date: 24-Apr-2013
Abstract: User privacy protection is of the utmost importance. Privacy has been acknowledged as a human right that is beneficial not only to each individual but also to society as a whole. We describe privacy-related legislation and address critical accounts on privacy. We also summarize the existing approaches to protect privacy.We also show that currently deployed e-commerce protocols reveal to service providers user personal data such as user identity and billing information, as well as the products or services that the user purchases. Such information is sensitive because it may reveal the political views, religion, sexual orientation or health condition of the user. Frequently without user awareness, service providers gather that information to profile users in order to offer a personalized service or discriminate against them.Consequently, we propose privacy-preserving e-commerce protocols. First, we categorize them as private purchase protocols, in which the service provider learns the user identity but not which items are bought by the user, and anonymous purchase protocols, in which the user identity is hidden from the service provider but the items bought are revealed. We focus on the first group and propose e-commerce protocols based on priced oblivious transfer. Additionally, we provide those protocols with necessary properties such as fairness and copyright protection. We also summarize our work on anonymous purchase protocols and note that both approaches can be combined into a protocol that is private and anonymous simultaneously.We also address the setting of consumption billing. Here, users have to pay their consumption based on meter readings output by a meter. We propose protocols for tamper-resistant and for non-tamper resistant meters in which users disclose to service providers only the final fee to be paid, and not the meter readings.Additionally, we provide protocols for two tasks usually required in e-commerce: access control and profiling. Although profiling is intrinsically privacy-invasive, our profiling protocol is the first that allows the profiling task to be done locally, so that service providers only learn the result of the profiling task.Finally, we conclude and we propose future work in the design and implementation of e-commerce protocols. We also mention the need of improving usability and making privacy properties understandable to users.
ISBN: 978-94-6018-659-2
Publication status: published
KU Leuven publication type: TH
Appears in Collections:ESAT - STADIUS, Stadius Centre for Dynamical Systems, Signal Processing and Data Analytics

Files in This Item:
File Status SizeFormat
thesis.pdf Published 2958KbAdobe PDFView/Open Request a copy

These files are only available to some KU Leuven Association staff members


All items in Lirias are protected by copyright, with all rights reserved.