Impeding individual user profiling in shopper loyalty programs

Authors:
Philip Marquardt;David Dagon;Patrick Traynor
Affiliations:
Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), School of Computer Science, Georgia Institute of Technology, Atlanta, GA;Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), School of Computer Science, Georgia Institute of Technology, Atlanta, GA;Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), School of Computer Science, Georgia Institute of Technology, Atlanta, GA
Venue:
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Year:
2011

Citing 9
Cited 0

Efficient oblivious transfer protocols

SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
A New Efficient All-Or-Nothing Disclosure of Secrets Protocol

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Response to ''Can We Eliminate Certificate Revocation Lists?''

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Efficient 1-Out-n Oblivious Transfer Schemes

PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
A New Design for Efficient t-out-n Oblivious Transfer Scheme

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
On attack causality in internet-connected cellular networks

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Privately querying location-based services with SybilQuery

Proceedings of the 11th international conference on Ubiquitous computing
Louis, Lester and Pierre: three protocols for location privacy

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
VPriv: protecting privacy in location-based vehicular services

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

Shopper loyalty club programs are advertised as a means of reducing prices for consumers. When making a purchase, a customer simply scans their keyring tag along with the items they intend to buy and is granted a reduction in the total price. While the use of these cards results in a visible reduction in price, customers are largely unaware of the privacy implications of such discounts. In particular, the ability to link all purchases made by an individual customer allows retailers to develop detailed profiles that may reveal sensitive information, especially if leaked or sold to third parties. In this paper, we present ShopAnon, a mobile phone-based infrastructure designed to help consumers partake in shopper loyalty programs without allowing their transactions to be linked by a retailer. ShopAnon displays legitimate but random barcodes for specific retailers on each execution, and provides a number of operational modes that respond to the changing availability of resources and the specific privacy concerns of the user. Communications between the application and the database storing the barcodes occurs using an Oblivious Transfer protocol to prevent our system from exposing the barcode received by a requester. We design, implement and characterize the behavior of our application on the iPhone mobile platform, and demonstrate its practical efficiency (i.e., the ability to render random tags in less than 0.25 seconds via 802.11 links and approximately 3.9 seconds via a 3G cellular connection). Through this, we provide a powerful tool through which customers can improve their privacy in a retail environment.