Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

A Polynomial-based Study on the Protection of Consumer Privacy

소비자 프라이버시 보호에 관한 다항식 기반 연구

  • Piao, Yanji (Yanbian University, College of Economics and Management) ;
  • Kim, Minji (Seoul National University, Business School)
  • Received : 2019.12.21
  • Accepted : 2020.01.25
  • Published : 2020.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

With the development and widespread application of online shopping, the number of online consumers has increased. With one click of a mouse, people can buy anything they want without going out and have it sent right to the doors. As consumers benefit from online shopping, people are becoming more concerned about protecting their privacy. In the group buying scenario described in our paper, online shopping was regarded as intra-group communication. To protect the sensitive information of consumers, the polynomial-based encryption key sharing method (Piao et al., 2013; Piao and Kim, 2018) can be applied to online shopping communication. In this paper, we analyze security problems by using a polynomial-based scheme in the following ways : First, in Kamal's attack, they said it does not provide perfect forward and backward secrecy when the members leave or join the group because the secret key can be broken in polynomial time. Second, for simultaneous equations, the leaving node will compute the new secret key if it can be confirmed that the updated new polynomial is recomputed. Third, using Newton's method, attackers can successively find better approximations to the roots of a function. Fourth, the Berlekamp Algorithm can factor polynomials over finite fields and solve the root of the polynomial. Fifth, for a brute-force attack, if the key size is small, brute force can be used to find the root of the polynomial, we need to make a key with appropriately large size to prevent brute force attacks. According to these analyses, we finally recommend the use of a relatively reasonable hash-based mechanism that solves all of the possible security problems and is the most suitable mechanism for our application. The study of adequate and suitable protective methods of consumer security will have academic significance and provide the practical implications.

Keywords

References

  1. Anthony, D.M. and F. Ana, "Consumer Perceptions of Privacy and Security Risks for Online Shopping", Journal of Consumer Affairs, Vol.35, No.1, 2005, 27-44. https://doi.org/10.1111/j.1745-6606.2001.tb00101.x
  2. Berlekamp, E.R., "Factoring polynomials over large finite fields", Mathematics of Computation, Vol.24, No.111, 1970, 713-735. https://doi.org/10.1090/S0025-5718-1970-0276200-X
  3. Blundo, C., F. Orciuoli, and M. Parente, "An AmI-based and privacy-preserving shopping mall model", Human-centric Computing and Information Sciences, Vol.7, No.1, 2017, 1-28. https://doi.org/10.1186/s13673-016-0083-0
  4. Cantor, D.G. and H. Zassenhaus, "A new algorithm for factoring polynomials over finite fields", Mathematics of Computation, Vol.36, No.154, 1981, 587-592. https://doi.org/10.1090/S0025-5718-1981-0606517-5
  5. Chang, C.C., L. Harn, and T.F. Cheng, "Notes on 'Polynomial-based key management for secure intra-group and inter-group communication' ", International Journal of Network Security, Vol.16, No.2, 2014, 165-170.
  6. Chen, H., C.E. Beaudoin, and T. Hong, "Securing online privacy : An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors", Computers in Human Behavior, Vol.70, 2017, 291-302. https://doi.org/10.1016/j.chb.2017.01.003
  7. Diffie, W. and M.E. Hellman, "New directions in cryptography", IEEE Transactions on Information Theory, Vol.22, No.6, 1976, 644-654. https://doi.org/10.1109/TIT.1976.1055638
  8. Dobelt, S., M. Jung, M. Busch, and M. Tscheligi, "Consumers' privacy concerns and implications for a privacy preserving Smart Grid architecture-Results of an Austrian study", Energy Research and Social Science, Vol.9, 2015, 137-145. https://doi.org/10.1016/j.erss.2015.08.022
  9. Galup, S.D., R. Dattero, J.J. Quan, and S. Conger, "An overview of it service management", Communications of the Acm, Vol.52, No.5, 2009, 124-127. https://doi.org/10.1145/1506409.1506439
  10. Gurung, A. and M.K. Raja, "Online privacy and security concerns of consumers", Information and Computer Security, Vol.24, No.4, 2016, 348-371. https://doi.org/10.1108/ICS-05-2015-0020
  11. Haddad, G.E., E. Aïmeur, and H. Hage, "Understanding trust, privacy and financial fears in online payment", Security And Privacy In Computing and Communications/12th IEEE International Conference On Big Data Science And Engineering, 2018, 28-36.
  12. Harney, H. and C. Muckenhirn, "Group key management protocol(GKMP) Specification", RFC 2093, 1997, Available at https://datatracker.ietf.org/doc/rfc2093/.
  13. Hwang, Y. and J. Jeong, "Electronic Commerce and Online Consumer Behavior Research : A Literature Review", Information Development, Vol.32, No.3, 2016, 377-388. https://doi.org/10.1177/0266666914551071
  14. Janse, N., C.X. Ou, Angelopoulos, J., S., Davison, R.M., and J.W. Jia, "Do security breaches matter to consumers?", ICEB 2017 Proceedings, 2017, Available at https://aisel.aisnet.org/iceb2017/50.
  15. Jo, H. and J.M. Lee, "A Study on Antecedents of WOM in the Context of Internet E-Commerce", Journal of Information Technology Services, Vol.12, No.2, 2013, 231-242. https://doi.org/10.9716/KITS.2013.12.2.231
  16. Kahn, C.M. and J.M. Linares-Zegarra, "Identity theft and consumer payment choice : Does security really matter?", Journal of Financial Services Research, Vol.50, No.1, 2016, 121-159. https://doi.org/10.1007/s10693-015-0218-x
  17. Kamal, A.A., "Cryptanalysis of a polynomialbased key management scheme for secure group communication", International Journal of Network Security, Vol.15, No.1, 2013, 68-70.
  18. Liu, D., P. Ning, and K. Sun, "Efficient selfhealing group key distribution with revocation capability", in Proceedings of the 10th ACM conference on computer and Communications Security, 2003, 231-240.
  19. Liu, N., S. Tang, and L. Xu, "Attacks and comments on several recently proposed key management schemes", 2013, Available at https://eprint.iacr.org/2013/100.
  20. Mou, J., D.H. Shin, and J.F. Cohen, "Trust and risk in consumer acceptance of e-services", Electronic Commerce Research, Vol.17, No.2, 2017, 255-288. https://doi.org/10.1007/s10660-015-9205-4
  21. Newton's Method, Available at https://en.wikipedia.org/wiki/Newton's_method.
  22. Patsakis C. and A. Solanas, "An efficient scheme for centralized group key management in collaborative environments", 2013, Available at http://citeseerx.ist.psu.edu/viewdoc/summary?.
  23. Piao, Y. and M.J. Kim, "A study on the protection of consumers' personal information in online shopping", Academic Society of Global Business Administration, Vol.15, No.5, 2018, 209-223. https://doi.org/10.38115/asgba.2018.15.5.209
  24. Piao, Y., J.U. Kim, U. Tariq, and M. Hong, "Polynomial-based key management for secure intra-group and inter-group communication", Computers and Mathematics with Applications, Vol.65, No.9, 2013, 1300-1309. https://doi.org/10.1016/j.camwa.2012.02.008
  25. Shamir, A., "How to share a secret", Communications of the ACM, Vol.22, No.11, 1979, 612-613. https://doi.org/10.1145/359168.359176
  26. Shoup, V., "On the deterministic complexity of factoring polynomials over finite fields", Information Processing Letters, Vol.33, No.5, 1990, 261-267. https://doi.org/10.1016/0020-0190(90)90195-4
  27. Staddon, J., S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean, "Self-healing key distribution with revocation", IEEE Symposium on Security and Privacy, 2002.
  28. Wang, W. and B. Bhargava, "Key distribution and update for secure inter-group multicast communication", SASN '05 Proceedings of the 3rd ACM workshop on Securityof ad hoc and sensor networks, 2005, 43-52.
  29. Wang, W. and T. Stransky, "Stateless key distribution for secure intra and inter-group multicast in mobile wireless network", Computer Networks, Vol.51, No.15, 2007, 4303-4321. https://doi.org/10.1016/j.comnet.2007.06.001
  30. Wang, W. and Y. Wang, "Secure group-based information sharing in mobile ad hoc networks", IEEE International Conference on Communications, 2008, 1695-1699.
  31. Wong, C.K., M. Gouda, and S.S. Lam, "Secure group communications using key graphs", IEEE/ACM Transactions on Networking, Vol.8, No.1, 2000, 68-79.