Annual WorkshopFebruary 5th, 2014

COSIC

inShopnito

A privacy-preserving mobile shopping assistant

3

Customer Loyalty Programs (CLP)

• Goal: to retain existing customers and attract new ones.

• Customers receive benefits• Very popular, adopted by many different

providers: retailers, airlines, restaurants, gas stations, etc.

4

CLPs’ Shortcomings

• Customers’ privacy concerns– CLPs collect too much personal information

• Physical loyalty cards are not scalable– Too may cards, easily lost or stolen

• Physical loyalty cards are not extensible– No support for more

advanced services

5

CLPs and Smartphones

• Smartphones are an attractive platform for CLPs– Very popular, multiple capabilities and

extensibility

• Several Smartphone-based solutions are already available– Loyalty card managers, mobile

wallets, shopping assistants

• Still, privacy concerns are no being addressed

6

inShopnito

• More advanced AND privacy-friendly CLP based on smartphones

• Loyalty points and voucher transactions can be anonymous and unlinkable

• Customer controlled data• Secure storage• Advanced services

– Shopping assistant – Product recommendations

7

inShopnito Benefits

To Providers:• Competitive advantage:

privacy• Competitive advantage:

advanced services• Lower infrastructure costs• Better quality, less

sensitive data• Improved resilience

against attacks

To Customers:• Better privacy guarantees• Customer-controlled

information• Monetization of privacy• Loyalty card

dematerialization• Enhanced shopping

experience• Better protection of loyalty

information

8

Architecture

Credential mgt

Loyalty points mgt

CUSTOMER RETAILER

DB DB

Credential Issuance and Verification

Loyalty points and Vouchers issuance

and verificationinShopnito appInShopnito server

Profile mgt

Secure StorageVoucher mgt

Recommendation system

PriMan

Privacy PreservingRecommendations

UGent - WiCa

Kris Vanhecke, Toon De Pessemier and Luc MartensUgent-WiCa

10

Privacy Preserving Recommendations

• Recommender systems overview

– Right suggestion at the right time to the right person to improve the user experience, to boost sales,...

– Learn customer preferences by collecting and linking

• Customer behavior data (shopping basket contents)

• Product metadata (category, ingredients)

• Customer metadata (age, gender, family situation)

• Contextual information (seasonal)

– Computationally demanding, typically performed on a powerful backend with permanent access to all user data

11

Privacy Preserving Recommendations

• Recommender challenges in MobCom

– Useful suggestions in transparent, privacy-friendly way

– Shopping sessions are unlinkable

• Full shopping history is only available on the mobile device

• Always a cold start problem, some algorithms are not suitable

• Recommendations based on the current shopping basket contents

– Learn customer preferences on mobile device

• Shopping history across multiple retailers

• Limited computational power, battery

• Optionally disclose preferences to retailer at the start of the shopping session to kickstart recommender system

12

Privacy Preserving Recommendations

• Implementation details

– Basic use cases:

• Products you may like based on your basket and/or preferences

• Products similar to the product you just scanned

– Higher value use cases not limited to products:

• Vouchers or coupons for products that may interest you

• Draw attention to current promotions for products you may like

• Suggest recipes and the products required to prepare them

– Insight: customer can see and modify their preferences

– Promise better recommendations if the customerdiscloses their preferences

Secure Storage Module

MSEC

13

Faysal Boukayoua – KU Leuven

14

Motivation: threats

Theft Malware

15

Motivation: Android shortcomings

• Filesystem encryption: not by default

• No application-level secure storage

• Heterogeneity across:– API access: libraries,

middleware, Android versions– secure storage mediums:

• software-based• device-backed• tamperproof hardware

16

Implementation

• App-level access to sensitive data

• Pluralism of secure storage technologies

• API uniformity– Android KeyChain– Tamperproof module

• User authentication

17

Discussion: alternatives

• Less complex setup• Application support required• Typically in-house corporate app

• Centralised policy administration• No changes to client apps• Suitable for 3rd party apps

App 1 App 2 Dedicated app

Client app 1

Client app 2

Privacy-friendly loyalty scheme

SecAnon-DistriNet

Milica Milutinovic – KU Leuven

19

inShopnito loyalty points

• Held by the user

• Signed structure

– Link with credential

– Value

– Expiration information

• Unlinkable gathering and spending

- Commitment- Value- Expiration

20

Obtaining points

- Commitment- Value- Expiration

21

- Commitment- Value- Expiration

Obtaining points

22

Obtaining points: Underlying Operations

23

- Commitment- Value- Expiration

Redeeming points

Proof

24

Benefits

• Chosen level of anonymity

• Privacy-friendly points use

• Assurance for the provider

– Linked with the user

– No double spending

– Controlled sharing

Anonymous eVouchers

ESAT-COSIC

Stefaan Seys – KU Leuven COSIC

User 1User 2Retailer

Issuer1

2

3

4

eVoucher life cycle

X

Specific Voucher Threats

• Changing monetary value• Duplicating or cloning• Counterfeiting (fake vouchers)• Double-spending• Privacy leaks

Initialisation

• Issuer has 2 keys, for:– Secure communications with the

SE– Signing vouchers

• User’s SE has:– Issuer cert for communications– Secret key and cert. to proof

• That the issuer is talking to an SE• The identity of the user

Issuer

UserRetailer

Voucher Issuing

Verify ID userand presence of SE

Generate and Sign Vouchers

Issuer

User

Vouchers

Verify vouchers

TCP

Serial Nr Expiration date

Value Status RSA signature (128 bytes)Voucher:

Establish secure tunnel to the SE

User-to-user payment

User selects vouchers Mark them as “dirty”

Mark as “spent”(delete them)

User

NFC

User

vouchers

Establish secure tunnel between SEs

Verify vouchers

Send ACK

TCP

Merchant redeems money

User selects vouchers Mark them as “dirty”

Mark as “spent”(delete them)

vouchers

Establish secure tunnel between SE and Issuer

Verify vouchers

Send ACK

TCP

IssuerRetailer

32

Privacy

• The user is identified during issuing (the user needs to proof he is entitled to a voucher)

• The Issuer signs the voucher

• The Issuer verifies this voucher when it is redeemed by the merchant

• So why can he not link the Serial Nrs and track the user?

Serial Nr Expiration date

Value Status RSA signature (128 bytes)

33

Privacy

• The answer: fancy crypto (partially blinded signatures)

• During the voucher issuing, the user generates and ‘hides’ or blinds the serial number and sends it to the issuer

• The issuer generates the other values and signs everything

• Finally, the user unblinds the serial number to obtain a valid voucher

Serial Nr Expiration date

Value Status RSA signature (128 bytes)

inShopnito Demonstrator

35

Starting a Shopping Session

inShopnito serverinShopnito app

Server auth.

Shopping profile

DB

User auth. + revealed data

1

2

3

3Customized offers, info.4

DB

Customer Retailer

36

Shopping with inShopnito

inShopnito serverinShopnito app

Update profile

Shopping profile

DB

3

3

3New customized offers, info.4

DB

Customer Retailer

Context info.1

Scan items2

37

Checking Out

inShopnito serverinShopnito app

Shopping profile

DB

3

DB

Customer Retailer

1

(Anonymous) payment +Loyalty Points + Vouchers2

Compute amount due

Issue loyalty points3

4 Update DB

5 Delete shopping profile

Questions?

38