Privacy in e-Shopping Transactions: Exploring and Addressing the Trade-Offs

• Published in: Cyber Security Cryptography and Machine Learning Vol. 10879; pp. 206 - 226
• Main Authors: Diaz, Jesus, Choi, Seung Geol, Arroyo, David, Keromytis, Angelos D., Rodriguez, Francisco B., Yung, Moti
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 01.01.2018; Springer International Publishing
• Series: Lecture Notes in Computer Science
• ISBN: 3319941461; 9783319941462
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-94147-9_17

The huge growth of e-shopping has brought convenience to customers, increased revenue to merchants and financial entities and evolved to possess a rich set of functionalities and requirements (e.g., regulatory ones). However, enhancing customer privacy remains to be a challenging problem; while it is easy to create a simple system with privacy, this typically causes loss of functions. In this work, we look into current e-shopping infrastructures and aim at enhancing customer privacy while retaining important features and requiring the system to maintain the topology and transaction flow of established e-shopping systems that are currently operational. Thus, we apply what we call the “utility, privacy, and then utility again” paradigm: we start from the state of the art of e-shopping (utility); then we add privacy enhancing mechanisms, reducing its functionality in order to tighten privacy to the fullest (privacy); and finally, we incorporate tools which add back lost features, carefully relaxing privacy this time (utility again). We also implemented and tested our design, verifying its reasonable added costs.