A Digital Cash Paradigm with Valued and No-Valued e-Coins

Digital cash is a form of money that is stored digitally. Its main advantage when compared to traditional credit or debit cards is the possibility of carrying out anonymous transactions. Diverse digital cash paradigms have been proposed during the last decades, providing different approaches to avoid the double-spending fraud, or features like divisibility or transferability. This paper presents a new digital cash paradigm that includes the so-called no-valued e-coins, which are e-coins that can be generated free of charge by customers. A vendor receiving a payment cannot distinguish whether the received e-coin is valued or not, but the customer will receive the requested digital item only in the former case. A straightforward application of bogus transactions involving no-valued e-coins is the masking of consumption patterns. This new paradigm has also proven its validity in the scope of privacy-preserving pay-by-phone parking systems, and we believe it can become a very versatile building block in the design of privacy-preserving protocols in other areas of research. This paper provides a formal description of the new paradigm, including the features required for each of its components together with a formal analysis of its security.This research was funded by the Spanish Ministry of Science, Innovation and Universities grant number MTM2017-83271-R

Cryptography and Its Applications in Information Security

Nowadays, mankind is living in a cyber world. Modern technologies involve fast communication links between potentially billions of devices through complex networks (satellite, mobile phone, Internet, Internet of Things (IoT), etc.). The main concern posed by these entangled complex networks is their protection against passive and active attacks that could compromise public security (sabotage, espionage, cyber-terrorism) and privacy. This Special Issue “Cryptography and Its Applications in Information Security” addresses the range of problems related to the security of information in networks and multimedia communications and to bring together researchers, practitioners, and industrials interested by such questions. It consists of eight peer-reviewed papers, however easily understandable, that cover a range of subjects and applications related security of information

Preserving individual privacy in ubiquitous e-commerce environments: a utility preserving approach for user-based privacy control

Applications such as e-commerce, smart home appliances, and healthcare systems, amongst other things, have become part and parcel of our daily lives. The data aggregated through these applications combined with state-of-the-art machine learning approaches have even increased the widespread uptake of these applications. However, such data aggregation and analytical practices have raised privacy concerns among users. Privacy-preserving machine learning models mitigate these concerns through private data aggregation and analytical techniques. The first objective of this thesis is to design a privacy preserving data aggregation and analytical approach for recommendation systems. Recommendation systems rely heavily on behavioural and preferential data of a user to produce accurate recommendations. Aggregation of such data can reveal sensitive information about users to the Third-Party Service Providers (TPSPs). We start with designing a recommendation system that uses Local Differential Privacy (LDP) based input data perturbation mechanism to perturb users’ ratings locally before sending it to the TPSP. Hence, the TPSP aggregates only the perturbed ratings and has no access to original ratings. This approach protects a user’s privacy from TPSPs who aggregate ratings to infer any sensitive information. Next, we propose an LDP-based hybrid recommendation framework to protect users’ privacy from TPSPs who aggregate both ratings and reviews. We propose to perturb user ratings and pre-process user reviews at the user-side before sending them to the TPSP. Such an approach ensures that the TPSP cannot aggregate the original ratings or reviews from the users. However, these approaches still do not protect a user’s privacy from TPSPs who collect implicit feedback to predict a user’s preferences. Hence, we design an LDP-based federated matrix factorization for implicit feedback. We motivate the idea of stochastic gradient perturbation using the Bounded Laplace (BLP) mechanism to ensure strong privacy protection for users. The second objective of this thesis is to design a privacy preserving untraceable TPSP-based payment protocol. A TPSP based payment system does not protect a customer’s privacy in the face of an untrustworthy TPSP. Customers cannot make transactions anonymously as the TPSP collects detailed transaction-related information. TPSP uses this information to create a comprehensive behaviour profile of each customer, based on which TPSP can deduce sensitive information about a customer’s lifestyle. Hence we propose an untraceable payment system in this thesis to tackle this problem