Abstract
Shopper loyalty club programs are advertised as a means of reducing prices for consumers. When making a purchase, a customer simply scans their keyring tag along with the items they intend to buy and is granted a reduction in the total price. While the use of these cards results in a visible reduction in price, customers are largely unaware of the privacy implications of such discounts. In particular, the ability to link all purchases made by an individual customer allows retailers to develop detailed profiles that may reveal sensitive information, especially if leaked or sold to third parties. In this paper, we present ShopAnon, a mobile phone-based infrastructure designed to help consumers partake in shopper loyalty programs without allowing their transactions to be linked by a retailer. ShopAnon displays legitimate but random barcodes for specific retailers on each execution, and provides a number of operational modes that respond to the changing availability of resources and the specific privacy concerns of the user. Communications between the application and the database storing the barcodes occurs using an Oblivious Transfer protocol to prevent our system from exposing the barcode received by a requester. We design, implement and characterize the behavior of our application on the iPhone mobile platform, and demonstrate its practical efficiency (i.e., the ability to render random tags in less than 0.25 seconds via 802.11 links and approximately 3.9 seconds via a 3G cellular connection). Through this, we provide a powerful tool through which customers can improve their privacy in a retail environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AppShouter. CardStar iPhone App Review (2009), http://appshouter.com/iphone-app-review/iphone-app-review-cardstar/
CardStar, Inc. CardStar (2009), http://www.mycardstar.com/
Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN). Is Big Brother in Your Grocery Cart? (2009), http://www.nocards.org/
Fischer, B.: AppAdvice: CardStar (2009), http://appadvice.com/appnn/2009/02/review-cardstar/
Gilles, B., Claude, C., Stefan, W.: Oblivious Transfers and Privacy Amplification. Journal of Cryptology 16(4) (2003)
Holma, H., Toskala, A. (eds.): HSDPA/HSUPA for UMTS. John Wiley & Sons, Ltd. (2006)
Huang, H.-F., Chang, C.-C.: A new design for efficient t-out-n oblivious transfer scheme. In: International Conference on Advanced Information Networking and Applications, vol. 2, pp. 499–502 (2005)
McDaniel, P., Rubin, A.D.: A Response to Can We Eliminate Certificate Revocation Lists? In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 245–258. Springer, Heidelberg (2001)
Naor, M., Pinkas, B.: Efficient Oblivious Transfer Protocols. In: Proceedings of SIAM Symposium on Discrete Algorithms (SODA) (2001)
National Cash Register (NCR). NCR RealPOS High Performance Bi-Optic Scanner/Scale (2009), http://www.ncr.com/products_and_services/point_of_sale/pos_scanners/index.jsp
Popa, R.A., Balakrishan, H., Blumberg, A.J.: Vpriv: Protecting privacy in location-based vehicular services. In: Proceedings of the USENIX Security Symposium (2009)
Shankar, P., Ganapathy, V., Iftode, L.: Privately Querying Location-based Services with SybilQuery. In: Proceedings of the International Conference on Ubiquitous Computing (2009)
Stern, J.P.: A New and Efficient All-or-Nothing Disclosure of Secrets Protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)
Traynor, P., McDaniel, P., La Porta, T.: On Attack Causality in Internet-Connected Cellular Networks. In: Proceedings of the USENIX Security Symposium (SECURITY) (2007)
Tzeng, W.-G.: Efficient 1-Out-n Oblivious Transfer Schemes. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 159–171. Springer, Heidelberg (2002)
Zhong, G., Goldberg, I., Hengartner, U.: Louis, Lester and Pierre: Three Protocols for Location Privacy. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 62–76. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Marquardt, P., Dagon, D., Traynor, P. (2012). Impeding Individual User Profiling in Shopper Loyalty Programs. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-27576-0_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27575-3
Online ISBN: 978-3-642-27576-0
eBook Packages: Computer ScienceComputer Science (R0)