JAC : A Journal Of Composition Theory ISSN : 0731-6755

Asymmetric secrecy to safeguard your shopping preferences

B Kishore Kumar#1, T Anusha #2, P Sri Kavya #3, N Surya Teja #4, P Ashok #5
#1 Asst. Professor, #2,3,4,5 B.Tech., Scholars
Department of Computer Science & Engineering, QIS College of Engineering &
Technology

Abstract- Because of different assaults, online banks may reveal customer buying habits. Each
consumer can locally interrupt his/her consumption before submitting it to internet banks with
differing privacy. However, direct usage of differing data protection in online banking would
actually cause issues, because present differential data protection systems do not take account of
the noise limit issue. In this document, we are proposing to enable online banks to establish their
limits of consumer quantities with additional noise, using an optimised differential prIvate on-
line transaction system (O-DIOR). We then review O-DIOR to create a RO-DIOR system to
choose various limits and to comply with the concept of difference in privacy. In addition, we do
thorough theoretical research to show that our systems can meet the differential privacy limit.
Finally, in mobile payment tests to assess the performance of our systems. Experimental results
show that the pertinence of the amount of consumption and the amount of the online bank is
considerably lower, while the losses in privacy of information on each other are less than 0.5.
Keywords—Differential Privacy, Noise Boundary, Online Bank, Shopping Preference
Protection.

I. INTRODUCTION
In the previous decade, financial services were usually employed by online banks [1]. But, for
outsiders[2] and insiders[4][5], internet banks are insecure. Outer assaults include attacks of the
brute forces[6], dispersed assaults[7] and social phishing[8]. Data having authorized access are
abused by insider attacks. The financial information can be gathered by outsiders and internal
attackers to deduce individual purchasing choices, patterns of consumption or loan data [9][10].
Shoppers may receive advertising recommendations, harassment messages or fraud e-mails if
consumer buying records have been exposed. It adds more significantly to credit development,
illicit inquiries, property fraud and even kidnappings [11]. Without appropriate guarantees for
consumers, they would be unwilling to use online banks, resulting to loss of users and greater
costs for online banks. Thus, the loss of the rights to privacy in online banking must be stopped
by suitable ways. Existing techniques primarily employ cryptography to safeguard customer
privacy. In most cases, encryption systems [13] and authentication systems [14] [15] have been
used, which might impede unlawful and unauthorised access. However, the efficient
management of insider assaults is typically challenging for cryptography schemes. Insiders still
have access to credits and shopping data to misuse permitted access[16].
Differential privacy, on the other hand, can provide robust data security by guaranteeing that
one person's involvement in a dataset is indistinguishable [17]. There are, however, certain issues
with the straight application of differing privacy in online banking. The quantity of consumption
with additional noise might exceed the limits after transactions as illustrated in Figure 1. The
range of noise from negative to positive infinity is variable, but in fact the amount of
consumption with additional noise cannot exceed the balance of the online bank account;
otherwise there is no adequate deposit in the online bank bank account to pay for the bills. A
simple way is to remove and re-generate noise across borders, however the conventional

Volume XIV, Issue VII, JULY 2021 Page No: 54

JAC : A Journal Of Composition Theory ISSN : 0731-6755

definition of differential privacy would not be satisfied, therefore ensuring a degree of

confidentiality cannot be managed. Existing differential confidentiality techniques did not
address limiting additional noise data [18][19].

Fig. 1: Valid and restricted range for noise and balance

To tackle these issues, we have a novel noise probability density function defined under an
optimised private online transaction (O-DIOR) system. The primary aim is essentially to
eliminate the likelihood of noise generating outside borders. The method can meet the criteria of
differing privacy, given that noise can be of any value in an acceptable range in order to prevent
infering the quantity of consumption and noise. Given the large quantity of consumption and
little money to produce noise, we suggest a redesigned O-DIOR system to choose variable limits.
In the noise distribution, we construct a new parameter to change limits at a time. We change the
noise distribution so that the probability of conserving cash from a payment application is
increased if the consumption amount is near zero and the likelihood of withdrawals when the
consumption is close to maximum. We build a security module to generate and remove noise in
order for online payments to ensure the usefulness of consumer amounts. To execute this system.
For instance, here we take Apple Pay. A user uses Apple Pay to pay his bill and gets money from
his online bank accounts, as well as from his Apple Pay account. Apple Pay does not keep card
and consumer information that can follow customers so they do not know the purchasing habits
of consumers. Traditionally, Apple Pay withdraws money directly from online banks and uses
money from Apple Pay's own accounts, which may not lead to any additional security and trust
concerns.
The safety module may calculate the value of noise and set the amount of consumption. A
consumer, for example, has to pay a trader 12 dollars. He must withdraw $12 from an online
bank without differentiation of privacy so that he is not aware of his real consumption. With
differential confidentiality, the online bank has to revoke $17 from the online bank, and this is
not $ 12, if the security module assesses the noise level as 5 $, and adds the noise to the online
bank account. Privacy can therefore be preserved for personal usage. In order to minimise the
additional noise, the security system then saved $5 for the Apple Pay, thus the real usage
amounts to $12. The online bank consumption record shows that Apple Pay withdrew the money
from the on-line banking account of the customer $17, so attackers are unable to infer the
payment quantities and purchasing points of the consumer on online banks.

II. RELATEDWORKS
Payment services were often utilised by online banks. A lot of work is aimed at protecting the
privacy of internet consumption for better privacy. Two categories may be used for the

Volume XIV, Issue VII, JULY 2021 Page No: 55

JAC : A Journal Of Composition Theory ISSN : 0731-6755

approaches. Authentication is the first category. This study [20] initially proposed a systemic
biometric fingerprint authentication method that offered an identity check procedure to validate
the authenticity of distant users. This technique has been applied. They built a privacy portal to
obscure and disensitize customer account details by anonymizing tokenization and data. The
study in [2] indicated that many online banking users in Norway have become too weak to
authenticate and that they are discussing authentication techniques and potential assaults. The
study in [21] examined the customer and online bank authentication concerns. The paper [22]
examined the techniques of authentication used in online banking. In [14] the work was built on
a short-term password solution and a certificate-based method to withstand breakdowns.
Encryption is the second category. Pathak et al. [12] have developed an arithmetic cryptography
privacy technique for safeguarding bank calculations. In [23] the paper provided a safe hybrid
architectural concept for the use of Hyper elliptics and the Hash algorithm in Internet banking.
The hybrid homomorphism encryption technique suggested by Tebaa et al.[12] to safeguard the
privacy of cloud banking data. But there are still certain limits to these methods. Authentication
and encryption solutions in online banks are problematic since consumer records must be
available to persons with approved access. Insider assaults are difficult to manage.
Differential privacy is commonly employed to handle insider assaults. Our system is the
first to fulfil differentiated privacy requirements for online banks to the best of our knowledge.
We evaluate current systems that solve differential privacy noise issues in various circumstances.
For estimating population volumes and variational bounds on reciprocal information, Duchi and
Jordan[18] utilised lower and upper limits under the protection of local privacy. Zhang et al. [25]
have developed differential, smart metre privacy conservation strategies, restricting noise levels
and battery capabilities. Hardt and Talwar[26] presented upper and lower limit polynomial noise
complexity and mistake time computable. The work in [27] offered upper and lower boundary
confidentiality computing seals after composition. The paper[28] maintaining the confidentiality
of individual entries with limited additive noise and its optimum density of probabilities might
optimise data privacy.
In addition, differential privacy plans are available to control noise for better use. Data
controllers were permitted to adapt the distortion on a data set, which may decrease noise and
better maintain utility, by working in [29] with individual differential confidentiality. Zhu et al.
[30] have determined the associated noise reduction sensitivity. Private data-based error
bounders have been optimised and complete end-to-end privacy has been obtained. The [32]
study showed that differences in privacy were limited and that may meet axioms of privacy.
However, prior differential data protection approaches did not address restricting the data range
to reality with additional noise. We cannot immediately implement their plans to preserve the
privacy of internet consumption. Moreover, their systems cannot choose alternative borders to
meet customers' needs. We construct a new probability density function of noise in response to
the aforesaid difficulties, although the consumption with more noise is lower and higher. The
noise can be of any value in the valid range to help prevent the induction of noise and
consumption. Differential privacy is the cutting edge technique used in the Google Chrome
browser to address privacy problems in data collection [33]. The major aim is to make sure that
the data collector does not acquire or have the precise values of any personal information. The
technical concept of the difference in privacy [34] is briefly described [34].

Volume XIV, Issue VII, JULY 2021 Page No: 56

JAC : A Journal Of Composition Theory ISSN : 0731-6755

III. PROPOSED SYSTEM

The system type shown in Fig. 2 includes three (1) online bank consumer account, (2) payment
application security module and (3) payment application account. Each online bank account
contains the consumer's balance and transaction records online, allowing the user to retrieve all
transactions. A mobile payment application contains a security element. It's popular for people to
pay for their bills via mobile applications. The safety module is a vital element for calculating
the value of noise to safeguard the quantity of noise consumption under differential privacy.
The consumer can compute a noise, and plan the money from the consumer's account in the
online bank and in the application for payment when the security module gets the payment
request, then it shall pay the bill. Apple Pay, Alipay, Paypal or Wechat on the mobile phone
might be the payment application. It's like a cash bill that can store for a consumer a specified
amount. It can make it easier for us to produce and reduce the quantity of noise consumed. For
example, in this document, we use Apple Pay as a payment request. The opponent is honest-but
strange in this paper. The transaction records in online banks are disclosed seriously and the data
leakage is not easy to find. The opponent is supposed to have acquired all transaction
information from each customer and seeks to limit the privacy of the consumer from online
banking cash transactions. With curiosity, the opponent attempts, via analysis of account
information, to deduce the consumer's purchase preference and credit. However, the opponent
will not insert, suppress or change the deposit information because it is simple to find and can
lead to a felony because of his honesty.

Fig 2. System model

Note that if the opponent is able to enter, remove or change deposit information, it may be used
to encrypt and sign transaction records for customers in online banks using a cryptographic
approach, for example encryption and signature. This might just ensure that our strategy resists
such attacks. In this work, we focus on dealing with data leaking privacy problems. Even if the
consumer records have been gained by the opponent, they can never infer the privacy of the
customer, since with noise we disturb the quantity of consumption. We suggested a Private
online Differential Transaction Scheme (DIOR). In Algorithm 1, the DIOR specification is
provided. In DIOR, noise is based on the Laplace standard and pdf(x) is indicated in the
methodology for its probability density function. In the safety module, the consumer's account
first calculates a random noise from the Laplace distribution. If the noise is not sufficient to pay,

Volume XIV, Issue VII, JULY 2021 Page No: 57

JAC : A Journal Of Composition Theory ISSN : 0731-6755

it will inform the customer on the online bank of the security module that the other portion is
withdrawn. Otherwise, the security module sends an additional amount on the consumer's
account in an online bank if the noise is higher than the payment amount.

If there is a consumer situation, we are designing a dynamic online transaction policy. If

a consumer shops, he has to settle his account. The money which the consumer has to pay is
defined by C. The customer transmits his application to the safety module. The safety module
gets the request and starts to compute the noise n according to differentiated privacy. If the noise
≥ 0, the safety module submit a request to the online bank for the withdrawal of money C+n.
This application is sent to the online bank and the money C + n will be sent to the security
module. The safety module gets C + n and transfers money C to pay the bill, then stores the
money n on the payment app.
If the noise is < 0, the security module will transmit the withdrawal request n to the
payment request. The application for payment must transfer money to the security module. Two
scenarios exist. (1) In cases when n noise is below the C level, the security module shall make a
request to the online bank for withdrawal of C-n funds. The C-n money is being sent via the
online bank. The security module transfers the whole amount C to pay the bill. (2) The security
module saves money n-C at an online bank when the noise n is higher than C consumption, and
transmits money C at bill payment. Without our plan, the customer must personally withdraw C
money from the online bank which can communicate his privacy of spending. The security
module noises the number of transactions in the online bank, the consumption record is not up to
date as previously.

IV. RESULTS AND DISCUSSION

In order to confirm the efficiency of our systems on our own server we have performed
simulated studies. The test results and some noteworthy outcomes are described in depth in this
section. The first is to analyze the loss of confidentiality in our systems. Secondly, the influence
of the various system factors should be compared. In the third section, we compare the
significance of online transaction systems for various types of customers in order to preserve
privacy. The privacy loss of differing privacy needs to be statistically assessed. The efficient
metric for measuring data relevance in statistics is reciprocal information [33]. The fewer the
reciprocal information, the less the data significance, the less the loss of privacy. In this work we
use mutual information to assess the loss of our systems' privacy, between real consumption
quantity and online bank payment amount. In terms of privacy protection, customer

Volume XIV, Issue VII, JULY 2021 Page No: 58

JAC : A Journal Of Composition Theory ISSN : 0731-6755

confidentiality at every stage has been shown to have a similar assurance of privacy since the
three privacy conservation methods offered are capable of fulfilling the differential privacy need.

Three separate consumer kinds are calculated on mutual information. In order to replicate the
actual scenario, we produce a random quantity of deposits in the online bank and payment
application. At first, there are around $ 2000 to $ 28,000 in deposits in the online bank. In
addition, MI0 and MI1 have a higher value as the final loss of privacy. The lower the MI0 and
MI1 levels, the less the loss of privacy. We conduct four tests to compare the information
included in the present online system [12] [13] with DIOR, O-DIOR, and RO-DIOR without any
differential data privacy (c). The privacy losses in our systems in terms of reciprocal information,
which is less than the one in existing systems, are shown in Figure 3. Moreover, because of the
limited quantity of noise consumption RO-DIOR exceeds O-DIOR and DIOR. The loss of
privacy will rise if the noise surpasses its limits. The loss of privacy in our schemes is not larger
compared to the differential system of privacy [33].

Fig. 3: Mutual Information in Privacy Preserving Deposit Transfer Schemes

Fig. 4: The Relationship between ε and δ

Volume XIV, Issue VII, JULY 2021 Page No: 59

JAC : A Journal Of Composition Theory ISSN : 0731-6755

We show the relationship between ε and δ in Figure 4. When ε is constant, the privacy level is
constant. It is illustrated that with the increasing value of ε, the value of δ decreases. Besides, the
value of δ is always less than 0.135 in the RODIOR scheme. This guarantees that our schemes
can protect privacy in almost the same level.
V. FUTURE SCOPE AND CONCLUSION
For online banks, protecting user data with differentiated privacy is a challenge. A DIOR system
illustrates the approach of direct application of differential privacy. In this article, we suggest O-
DIOR, a private, online transactional differential system to solve privacy issues during financial
transactions. O-DIOR may establish consumption limits with additional noise, taking account
balance into consideration. Consumer actions and behaviour cannot be deduced from
consumption statistics using a payment application as a noise generator. Next we review O-
DIOR in order to suggest RO-DIOR, which satisfies the necessity to pick various limits. In
addition our systems have proven to meet the differential confidentiality requirement in detailed
theoretical analyses. Experimental findings show a substantial reduction in relevance from the
actual consumer amount to the amount of an online bank transaction and the privacy losses in
terms of reciprocal information are less than 0.5.

REFERENCES
[1] S. Nilakanta and K. Scheibe, “The digital personal and trust bank: A privacy management
framework,” Journal of Information Privacy and Security, vol. 1, no. 4, pp. 3–21, 2005.
[2] K. J. Hole, V. Moen, and T. Tjostheim, “Case study: Online banking security,” IEEE Security &
Privacy, vol. 4, no. 2, pp. 14–20, 2006.
[3] A. Rawat, S. Sharma, and R. Sushil, “Vanet: Security attacks and its possible solutions,” Journal of
Information and Operations Management, vol. 3, no. 1, p. 301, 2012.
[4] M. B. Salem, S. Hershkop, and S. J. Stolfo, “A survey of insider attack detection research,” Insider
Attack and Cyber Security, pp. 69–90, 2008.
[5] E. E. Schultz, “A framework for understanding and predicting insider attacks,” Computers & Security,
vol. 21, no. 6, pp. 526–531, 2002.
[6] C. Herley and D. Florˆencio, “Protecting financial institutions from brute-force attacks,” in Proc. IFIP
International Information Security Conference, 2008.
[7] A. Householder, K. Houle, and C. Dougherty, “Computer attack trends challenge internet security,”
Computer, vol. 35, no. 4, pp. 5–7, 2002.
[8] T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer, “Social phishing,” Communications of
the ACM, vol. 50, no. 10, pp. 94–100, 2007.
[9] Y.-A. De Montjoye, L. Radaelli, V. K. Singh et al., “Unique in the shopping mall: On the
reidentifiability of credit card metadata,” Science, vol. 347, no. 6221, pp. 536–539, 2015.
[10] C. Krumme, A. Llorente, M. Cebrian, E. Moro et al., “The predictability of consumer visitation
patterns,” Scientific reports, vol. 3, p. 1645, 2013.
[11] H. Wang, M. K. O. Lee, and C. Wang, “Consumer privacy concerns about internet marketing,”
Commununications of the ACM, vol. 41, no. 3, pp. 63–70, 1998.
[12] R. Pathak, S. Joshi, and D. Mishra, “A novel protocol for privacy preserving banking computations
using arithmetic cryptography,” in Proc. Security and Identity Management, 2009.
[13] J. Nie and X. Hu, “Mobile banking information security and protection methods,” in Proc. Computer
Science and Software Engineering, 2008.
[14] A. P. Hiltgen, T. Kramp, and T. Weigold, “Secure internet banking authentication,” IEEE Security &
Privacy, vol. 4, no. 2, pp. 21–29, 2006.

Volume XIV, Issue VII, JULY 2021 Page No: 60

JAC : A Journal Of Composition Theory ISSN : 0731-6755

[15] Y. S. Lee, N. H. Kim, H. Lim, H. Jo, and H. J. Lee, “Online banking authentication system using
mobile-otp with qr-code,” in Proc. International Conference on Computer Sciences and Convergence
Information Technology, 2010.
[16] M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, “Insider threat study: Illicit
cyber activity in the banking and finance sector,” CERT Coordination Center, Software Engineering
Institute, Carnegie Mellon University (PA, USA), 2004.
[17] C. Xu, R. Ju, Y. Zhang, Q. Zhan, and K. Ren, “Dppro: Differentially private high-dimensional data
release via random projection,” IEEE Transactions on Information Forensics and Security, vol. 12,
no. 12, pp. 3081–3093, 2017.
[18] J. C. Duchi, M. I. Jordan, and M. J. Wainwright, “Local privacy and statistical minimax rates,” in
Proc. IEEE Symposium on Foundations of Computer Science, 2013.
[19] P. Kairouz, S. Oh, and P. Viswanath, “The composition theorem for differential privacy,” IEEE
Transactions on Information Theory, vol. 63, no. 6, pp. 4037–4049, 2017.
[20] S. Nagaraju and L. Parthiban, “Trusted framework for online banking in public cloud using multi-
factor authentication and privacy protection gateway,” Journal of Cloud Computing, vol. 4, p. 22,
2015.
[21] J. Claessens, V. Dem, D. De Cock, B. Preneel, and J. Vandewalle, “On the security of todays online
electronic banking systems,” Computers & Security, vol. 21, no. 3, pp. 253–265, 2002.
[22] S. Kiljan, H. P. E. Vranken, and M. C. J. D. van Eekelen, “Evaluation of transaction authentication
methods for online banking,” Future Generation Computer System, vol. 80, pp. 430–447, 2018.
[23] R. Ganesan et al., “A secured hybrid architecture model for internet banking (e-banking),” The
Journal of Internet Banking and Commerce, vol. 14, no. 1, pp. 1–17, 1970.
[24] M. Tebaa, K. Zkik, and S. El Hajji, “Hybrid homomorphic encryption method for protecting the
privacy of banking data in the cloud,” International Journal of Security and Its Applications, vol. 9,
no. 6, pp. 61–70, 2015.
[25] Z. Zhang, Z. Qin, L. Zhu, J. Weng, and K. Ren, “Cost-friendly differential privacy for smart meters:
Exploiting the dual roles of the noise,” IEEE Transactions on Smart Grid, vol. 8, no. 2, pp. 619–626,
2016.
[26] M. Hardt and K. Talwar, “On the geometry of differential privacy,” in Proc. ACM Symposium on
Theory of Computing, 2010.
[27] S. Meiser and E. Mohammadi, “Tight on budget? tight bounds for r-fold approximate differential
privacy,” in Proc. ACM SIGSAC Conference on Computer and Communications Security, 2018.
[28] F. Farokhi and H. Sandberg, “Ensuring privacy with constrained additive noise by minimizing fisher
information,” Automatica, vol. 99, pp. 275– 288, 2019.
[29] J. Soria-Comas, J. Domingo-Ferrer, D. S´anchez, and D. Meg´ıas, “Individual differential privacy: A
utility-preserving formulation of differential privacy guarantees,” IEEE Transactions on Information
Forensics and Security, vol. 12, no. 6, pp. 1418–1429, 2017.
[30] T. Zhu, P. Xiong, G. Li, and W. Zhou, “Correlated differential privacy: Hiding information in non-
iid data set,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 2, pp. 229–242,
2015.
[31] M. Fanaeepour and B. I. P. Rubinstein, “Histogramming privately ever after: Differentially-private
data-dependent error bound optimisation,” in Proc. IEEE International Conference on Data
Engineering (ICDE), 2018.
[32] K. Chaudhuri, J. Imola, and A. Machanavajjhala, “Capacity bounded differential privacy,” in Proc.
Advances in Neural Information Processing Systems (NIPS), 2019.
[33] Z. Zhang, W. Cao, Z. Qin, L. Zhu, Z. Yu, and K. Ren, “When privacy meets economics: Enabling
differentially-private battery-supported meter reporting in smart grid,” in Proc. International
Symposium on Quality of Service, IWQoS, 2017.

Volume XIV, Issue VII, JULY 2021 Page No: 61

JAC : A Journal Of Composition Theory ISSN : 0731-6755

[34] D. Cynthia and L. Jing, “Differential privacy and robust statistics,” in Proc. ACM Symposium on
Theory of Computing, 2009.

Volume XIV, Issue VII, JULY 2021 Page No: 62