BUSINESS REPUTATION SYSTEMS BASED ON BLOCKCHAIN TECHNOLOGY—A RISKY ADVANCE

Reputation is indispensable for online business since it supports customers in their buying decisions and allows sellers to justify premium prices. While IS research has investigated reputation systems mainly as review systems on online platforms for business-to-consumer (B2C) transactions, no proper solutions have been developed for business-to-business (B2B) transactions yet. We use blockchain technology to propose a new class of reputation systems that apply ratings as voluntary bonus payments: Before a transaction is performed, customers commit to pay a bonus that is granted if a service provider has performed a service properly. As opposed to rival reputation systems that build on cumulated ratings or reviews, our system enables monetized reputation mechanisms that are inextricably linked with online transactions. We expect this system class to provide more trustworthy ratings, which might reduce agency costs and serve quality providers to establish a reputation towards new customers, building on second-order trust

Layer-based Privacy and Security Architecture for Cloud Data Sharing

The management of data while maintaining its utility and preservation of security scheme is a matter of concern for the cloud owner. In order to minimize the overhead at cloud service provider of applying security over each document and then send it to the client, we propose a layered architecture. This approach maintains security of the sensitive document and privacy of its data sensitivity. To make a balance between data security and utility, the proposed approach categorizes the data according to its sensitivity. Perseverance of various categorization requires different algorithmic schemes. We set up a cloud distributed environment where data is categorized into four levels of sensitivity; public, confidential, secret, top secret and a different approach has been used to preserve the security at each level. At the most sensitive layers i.e. secret and top secret data, we made a provision to detect the faulty node that is responsible for data leakage. Finally, experimental analysis is carried out to analyze the performance of the layered approach. The experimental results show that time taken (in ms) in processing 200 documents of size 20 MB is 437, 2239, 3142, 3900 for public, confidential, secret and top secret data respectively when the documents are distributed among distinct users, which proves the practicality of the proposed approach

Dignitas: uso de reputação como moeda para avaliar a sensorização humana em cidades inteligentes

We live in an increasingly digital world, where Smart Cities have become a reality. One of the characteristics that make these cities smart is their ability to gather information and act upon it, improving their citizens lives. In this work, we present our system, Dignitas. A blockchain-based reputation system that allows citizens of a Smart City to assess the truthiness of information posted by other citizens. This assessment is based on a bet that reporters make, and all of those who agreed with him, that puts their gathered reputation at stake. This use of Reputation as a currency is a novel idea that allowed us to build an anonymous system. Using blockchain we were able to have multiple authorities, working with each other to make the system secure and thus avoiding centralized schemes. Our work was focused on developing our idea, a proof of concept, and testing the viability of our new solution.Vivemos num mundo cada vez mais digital, onde as cidades inteligentes passaram a ser uma realidade. Uma das características que permite a estas cidades serem inteligentes é a capacidade de adquirir informação e agir sobre ela, melhorando a vida de todos os cidadãos. Neste trabalho apresentamos o nosso sistema, Dignitas, um sistema de reputação baseado numa blockchain que permite aos cidadãos de uma cidade inteligente avaliar informação relatada por outras pessoas. Esta avaliação é baseada numa aposta feita pelo relator, e por todos os que com ele concordam, em que põe em risco parte da sua Reputação no sistema. Este uso da Reputação como uma moeda é o que nos permite construir um sistema anónimo. O uso de uma blockchain permite-nos ter múltiplas autoridades responsáveis, evitando por isso o uso de esquemas centralizados. O nosso trabalho focou-se em desenvolver a nossa ideia, uma prova de conceito, e testar a viabilidade desta nossa nova solução.Mestrado em Engenharia de Computadores e Telemátic

Security and Privacy Preservation in Mobile Advertising

Mobile advertising is emerging as a promising advertising strategy, which leverages prescriptive analytics, location-based distribution, and feedback-driven marketing to engage consumers with timely and targeted advertisements. In the current mobile advertising system, a third-party ad broker collects and manages advertisements for merchants who would like to promote their business to mobile users. Based on its large-scale database of user profiles, the ad broker can help the merchants to better reach out to customers with related interests and charges the merchants for ad dissemination services. Recently, mobile advertising technology has dominated the digital advertising industry and has become the main source of income for IT giants. However, there are many security and privacy challenges that may hinder the continuous success of the mobile advertising industry. First, there is a lack of advertising transparency in the current mobile advertising system. For example, mobile users are concerned about the reliability and trustworthiness of the ad dissemination process and advertising review system. Without proper countermeasures, mobile users can install ad-blocking software to filter out irrelevant or even misleading advertisements, which may lower the advertising investments from merchants. Second, as more strict privacy regulations (e.g. European General Data Privacy Regulations) take effect, it is critical to protect mobile users’ personal profiles from illegal sharing and exposure in the mobile advertising system. In this thesis, three security and privacy challenges for the mobile advertising system are identified and addressed with the designs, implementations, and evaluations of a blockchain-based architecture. First, we study the anonymous review system for the mobile advertising industry. When receiving advertisements from a specific merchant (e.g. a nearby restaurant), mobile users are more likely to browse the previous reviews about the merchant for quality-of-service assessments. However, current review systems are known for the lack of system transparency and are subject to many attacks, such as double reviews and deletions of negative reviews. We exploit the tamper-proof nature and the distributed consensus mechanism of the blockchain technology, to design a blockchain-based review system for mobile advertising, where review accumulations are transparent and verifiable to the public. To preserve user review privacy, we further design an anonymous review token generation scheme, where users are encouraged to leave reviews anonymously while still ensuring the review authenticity. We also explore the implementation challenges of the blockchain-based system on an Ethereum testing network and the experimental results demonstrate the application feasibility of the proposed anonymous review system. Second, we investigate the transparency issues for the targeted ad dissemination process. Specifically, we focus on a specific mobile advertising application: vehicular local advertising, where vehicular users send spatial-keyword queries to ad brokers to receive location-aware advertisements. To build a transparent advertising system, the ad brokers are required to provide mobile users with explanations on the ad dissemination process, e.g., why a specific ad is disseminated to a mobile user. However, such transparency explanations are often found incomplete and sometimes even misleading, which may lower the user trust on the advertising system if without proper countermeasures. Therefore, we design an advertising smart contract to efficiently realize a publicly verifiable spatial-keyword query scheme. Instead of directly implementing the spatial-keyword query scheme on the smart contract with prohibitive storage and computation cost, we exploit the on/off-chain computation models to trade the expensive on-chain cost for cheap off-chain cost. With two design strategies: digest-and-verify and divide-then-assemble, the on-chain cost for a single spatial keyword query is reduced to constant regardless of the scale of the spatial-keyword database. Extensive experiments are conducted to provide both on-chain and off-chain benchmarks with a verifiable computation framework. Third, we explore another critical requirement of the mobile advertising system: public accountability enforcement against advertising misconducts, if (1) mobile users receive irrelevant ads, or (2) advertising policies of merchants are not correctly computed in the ad dissemination process. This requires the design of a composite Succinct Non-interactive ARGument (SNARG) system, that can be tailored for different advertising transparency requirements and is efficient for the blockchain implementations. Moreover, pursuing public accountability should also achieve a strict privacy guarantee for the user profile. We also propose an accountability contract which can receive explanation requirements from both mobile users and merchants. To promote prompt on-chain responses, we design an incentive mechanism based on the pre-deposits of involved parties, i.e., ad brokers, mobile users, and merchants. If any advertising misconduct is identified, public accountability can be enforced by confiscating the pre-deposits of the misbehaving party. Comprehensive experiments and analyses are conducted to demonstrate the versatile functionalities and feasibility of the accountability contract. In summary, we have designed, implemented, and evaluated a blockchain-based architecture for security and privacy preservations in the mobile advertising. The designed architecture can not only enhance the transparency and accountability for the mobile advertising system, but has also achieved notably on-chain efficiency and privacy for real-world implementations. The results from the thesis may shed light on the future research and practice of a blockchain-based architecture for the privacy regulation compliance in the mobile advertising

A privacy-aware decentralized and personalized reputation system

Reputation systems enable consumers to evaluate the trustworthiness of business entities (retailers, sellers) over the marketplace. In electronic marketplaces, the reputation of an business entity (retailer, seller) is computed by aggregating the “trust-scores” assigned to her by the parties who have had transactions with her. Most reputation systems designed for online marketplaces use all the available trust-scores to compute the reputation of business entity. However, in some scenarios, the consumer may wish to compute the reputation of a business entity by considering the trust-scores from a set of trustworthy participants, however, she does not want to disclose the identities of the users she trusts. There are two privacy protection challenges in the design of this kind of personalized reputation system: 1) protecting the set of trusted users of participants, and 2) protecting the trust-scores assigned by the participants in the trusted set. In this paper, we present a novel framework for computing the personalized global reputation of a business entity by considering the trust-scores from a set of trusted participants without disclosing identities of participants in the trusted set and their trust-scores. To this extent, the participants share cryptograms of their trust-scores for the business entity to the decentralized public bulletin board or tally center. These encrypted trust-scores are then used by the requester to compute the personalized reputation score of the business entity without leaking private information of participants in the system. We have analyzed the security and privacy properties of the scheme for the malicious adversarial model. The protocol has a linear message complexity, which proves that the system can be deployed in a real setup where such personalized recommendations may be required in practice. Furthermore, the system ensures correctness, privacy and security of trust-scores of participants in the trusted set under the malicious adversarial model