A Methodology for Retrofitting Privacy and Its Application to e-Shopping Transactions

  • Jesus DiazEmail author
  • Seung Geol Choi
  • David Arroyo
  • Angelos D. Keromytis
  • Francisco B. Rodriguez
  • Moti Yung


The huge growth of e-shopping has brought convenience to customers and increased revenue to merchants and financial entities. Moreover, e-shopping has evolved to possess many functions, features, and requirements (e.g., regulatory ones). However, customer privacy has been mostly ignored, and while it is easy to add simple privacy to an existing system, this typically causes loss of functions. What is needed is enhanced privacy on one hand, and retaining the critical functions and features on the other hand. This is a dilemma which typifies the “privacy versus utility” paradigm, especially when it is applied to an established primitive with operational systems, where applying conventional privacy-by-design principles is not possible and completely altering information flows and system topologies is not an option. This dilemma is becoming more problematic with the advent of regulations such as the European GDPR, which requires companies to provide better privacy guarantees whenever and wherever personal information is involved. In this chapter, we put forward a methodology for privacy augmentation design that is specially suitable for real-world engineering processes that need to adhere to the aforementioned constraints. We call this the “utility, privacy, and then utility again” paradigm. In particular, we start from the state-of-the-art industry systems that we need to adapt; then we add privacy enhancing mechanisms, reducing functionality in order to tighten privacy to the fullest (privacy); and finally, we incorporate tools which add back lost features, carefully relaxing privacy this time (utility again). Specifically, we apply this process to current e-shopping infrastructures, making them privacy respectful without losing functionality. This gives an e-shopping system with enhanced privacy features, presents a set of “utility-privacy trade-offs,” and showcases a practical approach implementing the notion of “privacy by design” while maintaining as much compatibility as possible with current infrastructures. Finally, we note that we implemented and tested performance of our design, verifying its reasonable added costs.



The work of Jesus Diaz was done in part in the Universidad Autónoma de Madrid and while visiting the Network Security Lab at Columbia University. The work of Seung Geol Choi was supported in part by ONR award N0001418WX01542 and NSF award #1618269. The work of David Arroyo was supported by projects S2013/ICE-3095-CM (CIBERDINE) and MINECO DPI2015-65833-P of the Spanish Government. The work of Francisco B. Rodriguez was supported by projects MINECO TIN2014-54580-R and TIN2017-84452-R of the Spanish Government. The work of Moti Yung was done in part while visiting the Simons Institute for Theory of Computing, UC Berkeley.


  1. 1.
    Abe, M., & Fujisaki, E. (1996). How to date blind signatures. In ASIACRYPT (pp. 244–251).Google Scholar
  2. 2.
    Aiello, W., Ishai, Y., & Reingold, O. (2001). Priced oblivious transfer: How to sell digital goods. In EUROCRYPT (pp. 119–135).Google Scholar
  3. 3.
    Anderson, R. J. (2012). Risk and privacy implications of consumer payment innovation.
  4. 4.
    Anderson, R. J., Barton, C., Böhme, R., Clayton, R., van Eeten, M., Levi, M., et al. (2012). Measuring the cost of cybercrime. In WEIS 2012, Germany, 25–26 June 2012.Google Scholar
  5. 5.
    Androulaki, E., & Bellovin, S. M. (2009). APOD: Anonymous physical object delivery. In Privacy Enhancing Technologies (pp. 202–215).CrossRefGoogle Scholar
  6. 6.
    Androulaki, E., Karame, G., Roeschlin, M., Scherer, T., & Capkun, S. (2013). Evaluating user privacy in bitcoin. In Financial Cryptography (pp. 34–51).CrossRefGoogle Scholar
  7. 7.
    Antoniou, G., & Batten, L. M. (2011). E-commerce: Protecting purchaser privacy to enforce trust. Electronic Commerce Research, 11(4), 421–456.CrossRefGoogle Scholar
  8. 8.
    Arroyo, D., Diaz, J., & Gayoso, V. (2015). On the difficult tradeoff between security and privacy: Challenges for the management of digital identities. In International Joint Conference - CISIS’15 and ICEUTE’15, 8th International Conference on Computational Intelligence in Security for Information Systems/6th International Conference on European Transnational Education, Burgos, Spain, 15–17 June 2015 (pp. 455–462).Google Scholar
  9. 9.
    Bellare, M., Boldyreva, A., Desai, A., & Pointcheval, D. (2001). Key-privacy in public-key encryption. In C. Boyd (Ed.), ASIACRYPT 2001 (Vol. 2248, pp. 566–582). LNCS. Heidelberg: Springer.CrossRefGoogle Scholar
  10. 10.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., et al. (2014). Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014 (pp. 459–474).
  11. 11.
    Benjumea, V., Choi, S. G., López, J., & Yung, M. (2008). Fair traceable multi-group signatures. In FC 2008 (pp. 231–246).Google Scholar
  12. 12.
    Blazy, O., Fuchsbauer, G., Pointcheval, D., & Vergnaud, D. (2013). Short blind signatures. Journal of Computer Security, 21(5), 627–661.CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Sahai, A., & Waters, B. (2011). Functional encryption: Definitions and challenges. In Y. Ishai (Ed.), TCC 2011 (Vol. 6597, pp. 253–273). LNCS. Heidelberg: Springer.CrossRefGoogle Scholar
  14. 14.
    Boudot, F. (2000). Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, 14–18 May 2000, Proceeding (pp. 431–444).CrossRefGoogle Scholar
  15. 15.
    Brassard, G., Chaum, D., & Crépeau, C. (1988). Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2), 156–189.MathSciNetCrossRefGoogle Scholar
  16. 16.
    Camenisch, J., & Stadler, M. (1997). Efficient group signature schemes for large groups (extended abstract). In CRYPTO (pp. 410–424).CrossRefGoogle Scholar
  17. 17.
    Camenisch, J., & Lysyanskaya, A. (2002). Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO (pp. 61–76).CrossRefGoogle Scholar
  18. 18.
    Camenisch, J., Piveteau, J.-M., & Stadler, M. (1996). An efficient fair payment system. In ACM Conference on Computer and Communications Security (pp. 88–94).Google Scholar
  19. 19.
    Camenisch, J., Dubovitskaya, M., & Neven, G. (2009). Oblivious transfer with access control. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, USA (pp. 131–140). ACM.
  20. 20.
    Charikar, M. (2002). Similarity estimation techniques from rounding algorithms. In STOC (pp. 380–388).Google Scholar
  21. 21.
    Chaum, D. (1982). Blind signatures for untraceable payments. In CRYPTO (pp. 199–203).CrossRefGoogle Scholar
  22. 22.
    Chaum, D., & van Heyst, E. (1991). Group signatures. In EUROCRYPT (pp. 257–265).CrossRefGoogle Scholar
  23. 23.
    Choi, S. G., Park, K., & Yung, M. (2006). Short traceable signatures based on bilinear pairings. In IWSEC (pp. 88–103).CrossRefGoogle Scholar
  24. 24.
    Coull, S. E., Green, M., & Hohenberger, S. (2011). Access controls for oblivious and anonymous systems. ACM Transactions on Information and System Security, 14, 10:1–10:28. Scholar
  25. 25.
    Danezis, G., Kohlweiss, M., Livshits, B., & Rial, A. (2012). Private client-side profiling with random forests and hidden Markov models. In Privacy Enhancing Technologies - 12th International Symposium, PETS 2012, Vigo, Spain, 11–13 July 2012. Proceedings (pp. 18–37).CrossRefGoogle Scholar
  26. 26.
    Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Metayer, D., Tirtea, R., et al. (2014). Privacy and data protection by design-from policy to engineering. Technical report, ENISA.Google Scholar
  27. 27.
    Davida, G. I., Frankel, Y., Tsiounis, Y., & Yung, M. (1997). Anonymity control in e-cash systems. In Financial Cryptography (pp. 1–16).Google Scholar
  28. 28.
    de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. (2015). Unique in the shopping mall: On the reidentifiability of credit card metadata. Science, 347(6221), 536–539.CrossRefGoogle Scholar
  29. 29.
    Diaz, J. (2015). Design and implementation of secure protocols for practical authentication and fair anonymity systems. Ph.D. thesis, Escuela Politécnica Superior, Universidad Autónoma de Madrid.Google Scholar
  30. 30.
    Diaz, J., Arroyo, D., & Rodriguez, F. B. (2012). Anonymity revocation through standard infrastructures. In EuroPKI (pp. 112–127).CrossRefGoogle Scholar
  31. 31.
    Diaz, J., Arroyo, D., & Rodriguez, F. B. (2014). New X.509-based mechanisms for fair anonymity management. Computers & Security, 46, 111–125. Scholar
  32. 32.
    Diaz, J., Arroyo, D., & de Borja Rodríguez, F. (2015). libgroupsig: An extensible C library for group signatures. IACR Cryptology ePrint Archive, 2015, 1146.Google Scholar
  33. 33.
    Diaz, J., Choi, S. G., Arroyo, D., Keromytis, A. D., Rodriguez, F. B., & Yung, M. (2015). Privacy threats in E-shopping (Position Paper). In Data Privacy Management.Google Scholar
  34. 34.
    Diaz, J., Choi, S. G., Arroyo, D., Keromytis, A. D., Rodríguez, F. B., & Yung, M. (2018). Privacy in e-shopping transactions: Exploring and addressing the trade-offs. In Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Beer Sheva, Israel, 21–22 June 2018, Proceedings (pp. 206–226).Google Scholar
  35. 35.
    Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.MathSciNetCrossRefGoogle Scholar
  36. 36.
    Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, Berkeley, CA, USA (pp. 21–21). USENIX Association.
  37. 37.
    Feige, U., Fiat, A., & Shamir, A. (1987). Zero knowledge proofs of identity. In STOC (pp. 210–217).Google Scholar
  38. 38.
    Garman, C., Green, M., & Miers, I. (2016). Accountable privacy for decentralized anonymous payments. IACR Cryptology ePrint Archive, 2016, 61.Google Scholar
  39. 39.
    Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. In M. Mitzenmacher (Ed.), 41st ACM STOC, May/June 2009 (pp. 169–178). ACM Press.Google Scholar
  40. 40.
    Goldwasser, S., Micali, S., & Rivest, R. L. (1988). A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2), 281–308.MathSciNetCrossRefGoogle Scholar
  41. 41.
    Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1), 186–208.MathSciNetCrossRefGoogle Scholar
  42. 42.
    Greenwood, D., Stopczynski, A., Sweatt, B., Hardjono, T., & Pentland, A. (2014). The new deal on data: A framework for institutional controls. Privacy, Big Data, and the Public Good: Frameworks for Engagement (p. 192).Google Scholar
  43. 43.
    ITU-T Recommendation. (1997). X.509. Information technology - open systems interconnection - the directory: Authentication framework.Google Scholar
  44. 44.
    Jakobsson, M., & M’Raïhi, D. (1998). Mix-based electronic payments. In Selected Areas in Cryptography (pp. 157–173).Google Scholar
  45. 45.
    Jha, S., Guillen, M., Christopher Westland, J. (2012). Employing transaction aggregation strategy to detect credit card fraud. Expert Systems with Applications, 39(16), 12650–12657.CrossRefGoogle Scholar
  46. 46.
    Kiayias, A., Tsiounis, Y., & Yung, M. (2004). Traceable signatures. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004, Proceedings (pp. 571–589). Scholar
  47. 47.
    Kumar, M., Rangachari, A., Jhingran, A., & Mohan, R. (1998). Sales promotions on the internet. In Proceedings of the 3rd Conference on USENIX Workshop on Electronic Commerce - Volume 3, WOEC98, Berkeley, CA, USA (pp. 14–14). USENIX Association.
  48. 48.
    Libert, B., & Yung, M. (2012). Fully forward-secure group signatures. In Cryptography and Security (pp. 156–184).CrossRefGoogle Scholar
  49. 49.
    Libert, B., Peters, T., & Yung, M. (2012). Group signatures with almost-for-free revocation. In CRYPTO (pp. 571–589).Google Scholar
  50. 50.
    Lysyanskaya, A., Rivest, R. L., Sahai, A., & Wolf, S. (1999). Pseudonym systems. In Selected Areas in Cryptography (pp. 184–199).CrossRefGoogle Scholar
  51. 51.
    Miers, I., Garman, C., Green, M., & Rubin, A. D. (2013). Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May 2013 (pp. 397–411).Google Scholar
  52. 52.
    Minkus, T., & Ross, K. W. (2014). I know what you’re buying: Privacy breaches on ebay. In PETS 2014, Amsterdam, July 2014.Google Scholar
  53. 53.
    Murdoch, S. J., & Anderson, R. J. (2010). Verified by Visa and MasterCard SecureCode: Or, how not to design authentication. In Financial Cryptography.CrossRefGoogle Scholar
  54. 54.
    Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system.
  55. 55.
    Nakanishi, T., Haruna, N., & Sugiyama, Y. (1999). Unlinkable electronic coupon protocol with anonymity control. In ISW (pp. 37–46).Google Scholar
  56. 56.
    Narayanan, A., & Shmatikov, V. (2008). Robust de-anonymization of large sparse datasets. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), 18–21 May 2008, Oakland, California, USA.Google Scholar
  57. 57.
    Okamoto, T. (2006). Efficient blind and partially blind signatures without random oracles. In TCC (pp. 80–99).CrossRefGoogle Scholar
  58. 58.
    Parra-Arnau, J., Rebollo-Monedero, D., & Forné, J. (2014). Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy, 16(3), 1586–1631.CrossRefGoogle Scholar
  59. 59.
    Partridge, K., Pathak, M. A., Uzun, E., & Wang, C. (2012). Picoda: Privacy-preserving smart coupon delivery architecture.Google Scholar
  60. 60.
    Pedersen, T. P. (1991). Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO (pp. 129–140).Google Scholar
  61. 61.
    Preibusch, S., Peetz, T., Acar, G., & Berendt, B. (2015). Purchase details leaked to PayPal (Short Paper). In Financial Cryptography.CrossRefGoogle Scholar
  62. 62.
    Ramakrishnan, N., Keller, B. J., Mirza, B. J., Grama, A., & Karypis, G. (2001). Privacy risks in recommender systems. IEEE Internet Computing, 5(6), 54–62.CrossRefGoogle Scholar
  63. 63.
    Rial, A. (2013). Privacy-preserving E-commerce protocols. Ph.D. thesis, Arenberg Doctoral School, KU Leuven.Google Scholar
  64. 64.
    Rial, A., Kohlweiss, M., & Preneel, B. (2009). Universally composable adaptive priced oblivious transfer. In Pairing-Based Cryptography - Pairing 2009, Third International Conference, Palo Alto, CA, USA, 12–14 August 2009, Proceedings (pp. 231–247).CrossRefGoogle Scholar
  65. 65.
    Rivest, R. L., Shamir, A., & Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.MathSciNetCrossRefGoogle Scholar
  66. 66.
    Rogaway, P. (2015). The moral character of cryptographic work. IACR Cryptology ePrint Archive, 2015, 1162.Google Scholar
  67. 67.
    Ruiz-Martinez, A. (2015). Towards a web payment framework: State-of-the-art and challenges. Electronic Commerce Research and Applications. Scholar
  68. 68.
    Sander, T., & Ta-Shma, A. (1999). Flow control: A new approach for anonymity control in electronic cash systems. In Financial Cryptography (pp. 46–61).CrossRefGoogle Scholar
  69. 69.
    Stolfo, S., Yemini, Y., & Shaykin, L. (2006). Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party, November 2 2006. US Patent App. 11/476,304.Google Scholar
  70. 70.
    Tan, C., & Zhou, J. (2002). An electronic payment scheme allowing special rates for anonymous regular customers. In DEXA Workshops (pp. 428–434).Google Scholar
  71. 71.
    Toubiana, V., Narayanan, A., Boneh, D., Nissenbaum, H., & Barocas, S. (2010). Adnostic: Privacy preserving targeted advertising. In NDSS.Google Scholar
  72. 72.
    Visa. (2011). Verified by Visa – acquirer and merchant implementation guide.Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Jesus Diaz
    • 1
    Email author
  • Seung Geol Choi
    • 2
  • David Arroyo
    • 3
  • Angelos D. Keromytis
    • 4
  • Francisco B. Rodriguez
    • 5
  • Moti Yung
    • 6
    • 7
  1. 1.BBVA Next TechnologiesMadridSpain
  2. 2.United States Naval AcademyAnnapolisUSA
  3. 3.Spanish National Research Council (CSIC)MadridSpain
  4. 4.Georgia Institute of TechnologyAtlantaGeorgia
  5. 5.Universidad Autónoma de MadridMadridSpain
  6. 6.Columbia UniversityNew YorkUSA
  7. 7.Google Inc.Menlo ParkUSA

Personalised recommendations