Anonymous Single-Sign-On for n designated services with traceability

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.Comment: 3

Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table

Navigating MazeMap: indoor human mobility, spatio-logical ties and future potential

Global navigation systems and location-based services have found their way into our daily lives. Recently, indoor positioning techniques have also been proposed, and there are several live or trial systems already operating. In this paper, we present insights from MazeMap, the first live indoor/outdoor positioning and navigation system deployed at a large university campus in Norway. Our main contribution is a measurement case study; we show the spatial and temporal distribution of MazeMap geo-location and wayfinding requests, construct the aggregated human mobility map of the campus and find strong logical ties between different locations. On one hand, our findings are specific to the venue; on the other hand, the nature of available data and insights coupled with our discussion on potential usage scenarios for indoor positioning and location-based services predict a successful future for these systems and applications.Comment: 6 pages, accepted at PerMoby Workshop at IEEE PerCom 201

Unwillingness to pay for privacy: A field experiment

We measure willingness to pay for privacy in a field experiment. Participants were given the choice to buy a maximum of one DVD from one of two online stores. One store consistently required more sensitive personal data than the other, but otherwise the stores were identical. In one treatment, DVDs were one Euro cheaper at the store requesting more personal information, and almost all buyers chose the cheaper store. Surprisingly, in the second treatment when prices were identical, participants bought from both shops equally often. -- Wir messen die Zahlungsbereitschaft für Datenschutz in einem Feldexperiment. Die Teilnehmer konnten maximal eine DVD bei einem von zwei Online-Shops kaufen. Einer der beiden Läden verlangte immer mehr sensitive Daten als der andere, aber abgesehen davon waren die Läden gleich. Im ersten Treatment waren alle DVDs genau einen Euro günstiger bei dem Laden, der mehr sensitive Daten abfragte, und fast alle Käufer wählten diesen günstigeren Laden. In einem zweiten Treatment mit identischen Preisen bei beiden Läden kauften die Teilnehmer überraschenderweise bei beiden Läden gleich häufig.privacy,willingness to pay,field experiments

The Price of Privacy - An Evaluation of the Economic Value of Collecting Clickstream Data

The analysis of clickstream data facilitates the understanding and prediction of customer behavior in e-commerce. Companies can leverage such data to increase revenue. For customers and website users, on the other hand, the collection of behavioral data entails privacy invasion. The objective of the paper is to shed light on the trade-off between privacy and the business value of cus- tomer information. To that end, the authors review approaches to convert clickstream data into behavioral traits, which we call clickstream features, and propose a categorization of these features according to the potential threat they pose to user privacy. The authors then examine the extent to which different categories of clickstream features facilitate predictions of online user shopping pat- terns and approximate the marginal utility of using more privacy adverse information in behavioral prediction models. Thus, the paper links the literature on user privacy to that on e-commerce analytics and takes a step toward an economic analysis of privacy costs and benefits. In par- ticular, the results of empirical experimentation with large real-world e-commerce data suggest that the inclusion of short-term customer behavior based on session-related information leads to large gains in predictive accuracy and business performance, while storing and aggregating usage behavior over longer horizons has comparably less value

Anonymous reputation based reservations in e-commerce (AMNESIC)

Online reservation systems have grown over the last recent years to facilitate the purchase of goods and services. Generally, reservation systems require that customers provide some personal data to make a reservation effective. With this data, service providers can check the consumer history and decide if the user is trustable enough to get the reserve. Although the reputation of a user is a good metric to implement the access control of the system, providing personal and sensitive data to the system presents high privacy risks, since the interests of a user are totally known and tracked by an external entity. In this paper we design an anonymous reservation protocol that uses reputations to profile the users and control their access to the offered services, but at the same time it preserves their privacy not only from the seller but the service provider