2 research outputs found
Design and Modeling of Privacy-Friendly Reputation (Ontwerp en modellering van privacy vriendelijke reputatie-systemen)
No full textAs the Internet has advanced into a mass media technology that is easy to accessand use, its applications have become more business oriented. For example, onlineshopping has become a very common way to purchase goods for a large part ofsociety. The involvement of money and financial transactions attracts fraudsters.Hence online shopping platforms need to implement protection measures. Nowadaysthese measures are implemented by either contracts with full identities, so that inthe case of fraud the problem can be disputed off-line, or via payment systems, suchas credit cards, that provide insurance to cover any potential losses and/or disputes.These online shopping platforms come with both monetary costs and a fundamentallack of privacy. However, privacy is basic right guaranteed by the EuropeanConvention on Human Rights. Hence it is argued that these aforementioned rightsshould be respected in online environments as well. Privacy enhancing technologies (PET) aim to reduce the amount of personaldata that is needed for a transaction. With the help of these technologies itis possible to interact anonymously on the Internet. However, PETs lower thethreshold for fraudsters: if a fraudulent transaction partner is not identifiable thenhe or she loses the motivation to actually deliver the requested goods or services,or to pay for them. Hence, mechanisms are needed to filter out untrustworthyusers. In the physical world, low and medium value transactions are usually basedon trust, i.e., the vendor trusts that the customer will pay before walking out ofthe shop and the customer trusts that the product he or she is purchasing is asdescribed. This trust is based on many, often subconsciously perceived, hints inthe context, but also on explicit factors as reputation and recommendations. However, for a straightforward implementation of a reputation system, iden-tification of the transaction partners is needed. This however is in oppositionwith the aims of PETs. Fortunately, there exist cryptographic protocols that canattest properties about items without identification. In this thesis, we utilize theseprotocols to enrich reputation systems with privacy properties. This study examines privacy in reputation systems from a technical point ofview. First, we show that linkability information, i.e., the information whethertwo items are in a relation or not, helps to de-anonymize items. Following that wepropose a model to evaluate the adversary s success in linking items that belongto a user. From this we conclude that reputation items should stay unlinkable to protect their owners privacy. Finally we present a set of reputation protocols thatprotect user privacy by hiding the relation of reputation items. While developingthese protocols, we discovered the need of a privacy model for such systems hencereinforcing the importance and applicability of this research.status: publishe
