Browse > Article
http://dx.doi.org/10.9716/KITS.2020.19.1.145

A Polynomial-based Study on the Protection of Consumer Privacy  

Piao, Yanji (Yanbian University, College of Economics and Management)
Kim, Minji (Seoul National University, Business School)
Publication Information
Journal of Information Technology Services / v.19, no.1, 2020 , pp. 145-158 More about this Journal
Abstract
With the development and widespread application of online shopping, the number of online consumers has increased. With one click of a mouse, people can buy anything they want without going out and have it sent right to the doors. As consumers benefit from online shopping, people are becoming more concerned about protecting their privacy. In the group buying scenario described in our paper, online shopping was regarded as intra-group communication. To protect the sensitive information of consumers, the polynomial-based encryption key sharing method (Piao et al., 2013; Piao and Kim, 2018) can be applied to online shopping communication. In this paper, we analyze security problems by using a polynomial-based scheme in the following ways : First, in Kamal's attack, they said it does not provide perfect forward and backward secrecy when the members leave or join the group because the secret key can be broken in polynomial time. Second, for simultaneous equations, the leaving node will compute the new secret key if it can be confirmed that the updated new polynomial is recomputed. Third, using Newton's method, attackers can successively find better approximations to the roots of a function. Fourth, the Berlekamp Algorithm can factor polynomials over finite fields and solve the root of the polynomial. Fifth, for a brute-force attack, if the key size is small, brute force can be used to find the root of the polynomial, we need to make a key with appropriately large size to prevent brute force attacks. According to these analyses, we finally recommend the use of a relatively reasonable hash-based mechanism that solves all of the possible security problems and is the most suitable mechanism for our application. The study of adequate and suitable protective methods of consumer security will have academic significance and provide the practical implications.
Keywords
Online Shopping; Consumer Privacy; Security Problems; Polynomial-based Study;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Anthony, D.M. and F. Ana, "Consumer Perceptions of Privacy and Security Risks for Online Shopping", Journal of Consumer Affairs, Vol.35, No.1, 2005, 27-44.   DOI
2 Berlekamp, E.R., "Factoring polynomials over large finite fields", Mathematics of Computation, Vol.24, No.111, 1970, 713-735.   DOI
3 Blundo, C., F. Orciuoli, and M. Parente, "An AmI-based and privacy-preserving shopping mall model", Human-centric Computing and Information Sciences, Vol.7, No.1, 2017, 1-28.   DOI
4 Cantor, D.G. and H. Zassenhaus, "A new algorithm for factoring polynomials over finite fields", Mathematics of Computation, Vol.36, No.154, 1981, 587-592.   DOI
5 Wang, W. and B. Bhargava, "Key distribution and update for secure inter-group multicast communication", SASN '05 Proceedings of the 3rd ACM workshop on Securityof ad hoc and sensor networks, 2005, 43-52.
6 Wang, W. and T. Stransky, "Stateless key distribution for secure intra and inter-group multicast in mobile wireless network", Computer Networks, Vol.51, No.15, 2007, 4303-4321.   DOI
7 Dobelt, S., M. Jung, M. Busch, and M. Tscheligi, "Consumers' privacy concerns and implications for a privacy preserving Smart Grid architecture-Results of an Austrian study", Energy Research and Social Science, Vol.9, 2015, 137-145.   DOI
8 Chang, C.C., L. Harn, and T.F. Cheng, "Notes on 'Polynomial-based key management for secure intra-group and inter-group communication' ", International Journal of Network Security, Vol.16, No.2, 2014, 165-170.
9 Chen, H., C.E. Beaudoin, and T. Hong, "Securing online privacy : An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors", Computers in Human Behavior, Vol.70, 2017, 291-302.   DOI
10 Diffie, W. and M.E. Hellman, "New directions in cryptography", IEEE Transactions on Information Theory, Vol.22, No.6, 1976, 644-654.   DOI
11 Galup, S.D., R. Dattero, J.J. Quan, and S. Conger, "An overview of it service management", Communications of the Acm, Vol.52, No.5, 2009, 124-127.   DOI
12 Gurung, A. and M.K. Raja, "Online privacy and security concerns of consumers", Information and Computer Security, Vol.24, No.4, 2016, 348-371.   DOI
13 Haddad, G.E., E. Aïmeur, and H. Hage, "Understanding trust, privacy and financial fears in online payment", Security And Privacy In Computing and Communications/12th IEEE International Conference On Big Data Science And Engineering, 2018, 28-36.
14 Harney, H. and C. Muckenhirn, "Group key management protocol(GKMP) Specification", RFC 2093, 1997, Available at https://datatracker.ietf.org/doc/rfc2093/.
15 Hwang, Y. and J. Jeong, "Electronic Commerce and Online Consumer Behavior Research : A Literature Review", Information Development, Vol.32, No.3, 2016, 377-388.   DOI
16 Kahn, C.M. and J.M. Linares-Zegarra, "Identity theft and consumer payment choice : Does security really matter?", Journal of Financial Services Research, Vol.50, No.1, 2016, 121-159.   DOI
17 Wang, W. and Y. Wang, "Secure group-based information sharing in mobile ad hoc networks", IEEE International Conference on Communications, 2008, 1695-1699.
18 Wong, C.K., M. Gouda, and S.S. Lam, "Secure group communications using key graphs", IEEE/ACM Transactions on Networking, Vol.8, No.1, 2000, 68-79.
19 Janse, N., C.X. Ou, Angelopoulos, J., S., Davison, R.M., and J.W. Jia, "Do security breaches matter to consumers?", ICEB 2017 Proceedings, 2017, Available at https://aisel.aisnet.org/iceb2017/50.
20 Jo, H. and J.M. Lee, "A Study on Antecedents of WOM in the Context of Internet E-Commerce", Journal of Information Technology Services, Vol.12, No.2, 2013, 231-242.   DOI
21 Kamal, A.A., "Cryptanalysis of a polynomialbased key management scheme for secure group communication", International Journal of Network Security, Vol.15, No.1, 2013, 68-70.
22 Liu, D., P. Ning, and K. Sun, "Efficient selfhealing group key distribution with revocation capability", in Proceedings of the 10th ACM conference on computer and Communications Security, 2003, 231-240.
23 Liu, N., S. Tang, and L. Xu, "Attacks and comments on several recently proposed key management schemes", 2013, Available at https://eprint.iacr.org/2013/100.
24 Mou, J., D.H. Shin, and J.F. Cohen, "Trust and risk in consumer acceptance of e-services", Electronic Commerce Research, Vol.17, No.2, 2017, 255-288.   DOI
25 Newton's Method, Available at https://en.wikipedia.org/wiki/Newton's_method.
26 Patsakis C. and A. Solanas, "An efficient scheme for centralized group key management in collaborative environments", 2013, Available at http://citeseerx.ist.psu.edu/viewdoc/summary?.
27 Piao, Y. and M.J. Kim, "A study on the protection of consumers' personal information in online shopping", Academic Society of Global Business Administration, Vol.15, No.5, 2018, 209-223.   DOI
28 Shoup, V., "On the deterministic complexity of factoring polynomials over finite fields", Information Processing Letters, Vol.33, No.5, 1990, 261-267.   DOI
29 Piao, Y., J.U. Kim, U. Tariq, and M. Hong, "Polynomial-based key management for secure intra-group and inter-group communication", Computers and Mathematics with Applications, Vol.65, No.9, 2013, 1300-1309.   DOI
30 Shamir, A., "How to share a secret", Communications of the ACM, Vol.22, No.11, 1979, 612-613.   DOI
31 Staddon, J., S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean, "Self-healing key distribution with revocation", IEEE Symposium on Security and Privacy, 2002.