Student Projects

This page lists selected student projects I proposed and supervised at the Lucerne University of Applied Sciences and Arts.

Security Protocols for Virtual Currencies

Master of Science in Computer Science, Laurent Cuennet, 2013 / 2014.

Many commercial customer loyalty programs (like Migros' Cumulus) have further objectives than just enhancing customer loyalty. Most of all, vendors are interested in generating customer profiles in order to deliver customized advertisements and promotions to their clients. In the process, customer privacy is severly violated. We propose an inherently privacy-preserving protocol allowing vendors to issue a virtual currency to customers (like frequent flier miles or Coop Superpoints). The project involves analysis of existing protocols, design and validation of new protocols and prototype implementation.

Keywords: security protocol design and implementation

Privacy-Preserving Online Dating

Bachelor of Engineering in Computer Science, Daniel Koch and Domenic Helfenstein, 2014.

Within the scope of this bachelor thesis in computer science, on behalf of the Lucerne University of Applied Sciences and Arts – Engineering and Architecture, a protocol to compare privacy relevant data has been developed and implemented on the basis of an online dating platform. It is the aim of the assignment at hand to present the possibility of comparing datasets in a privacy-preserving manner, even though the data is not available centrally and in an unencrypted state, by applying a specific im-plementation. In order to achieve this result the principle of homomorphism, as used in the cryptosys-tem developed by Pascal Paillier, has been applied. In order to be able to apply the Paillier cryptosystem the key exchange protocol described by Whitfield Diffie and Martin Hellman has also been implemented. Above all, this paper has been written to clarify if and how such a data comparing protocol could be implemented and how the performance adapts. Furthermore, the success of such an applica-tion when scaling in relation to the number of users shall be determined. The protocol, including the specific implementation, has been successfully developed and tested within the predefined scope. Re-sults have shown that the developed application does scale linearly. However, depending on the chosen key length, a complete comparison between two users may take several seconds. It can therefore be concluded that such a system can only be successful in the market if the data to be compared is consid-ered extremely sensitive, which would influence the user’s willingness to accept massively higher latency times. For more information see here.

Keywords: security protocol design and implementation

Cumulus and Decision Trees

Computer Science Project, Roman Jeitziner and Kevin Gygax, 2012.

Migros is a Swiss supermarket chain whose royalty card system became very popular round here in recent years. However, such systems may raise severe privacy issues as pointed out e.g. here. On the other hand, we appreciate that Migros makes the collected information visible to its customers via their website, where people can log in and find their collected sale slips from the last 15 months. These slips for example contain all purchased products, exact date, time and store of each purchase, and further allow to derive other information such as the elapsed time between two purchases of the same product. Based on this data pool, the project consisted of profiling individual customers using decision tree learning techniques in order to predict our shopping chart of e.g. next Saturday. The project idea was inspired by this paper.

Keywords: decision tree learning, prediction

Preference Reasoning in e-Commerce

Bachelor' of Engineering in Computer Science, Christoph Suter and Tobias Portmann, 2012.

When customers search a webshop for a product, they are usually not willing to invest too much time in communicating their preferences to the system. However, this may change for more valuable objects (e.g. a new car) or when visiting a real estate or dating platform. Online forms for preference elicitation usually come as simple filter options, which is of little use especially if no product exists that perfectly meets all customer preferences. More advanced forms sort product databases according to the customer's preference model. If this model consists of only preferences about single (independent) criteria, it is relatively easy to transform the query into a single-objective optimization problem. Far more challenging are conditional preferences: the customer may want to express that her new appartment should be close to a bus station, but if it comes with a garage the distance to the next bus station does not matter anymore. Here, the preference about proximity to a bus station is influenced by the avaiability of a garage. To represent and calculate with such advanced preference models the formalism of CP-nets was proposed. In this project we developed an online system that allows customers to communicate conditional preferences to the system, which then arranges the database products according to the preferences in a browsable graphical structure. Customers are shown how each product fulfills their preferences and find out whether there is another product that dominates their currently favoured product.

Keywords: preference reasoning, CP-nets

Privacy-Preserving Toll Pricing

Computer Science Project, Christoph Moser and Thomas Galliker, 2012.

Road charges in Switzerland are payed as an annual lump sum while other European countries run different systems, e.g. toll stations in France. For many years there have been voices advocating road pricing systems based on a pay-as-you-use principle. Such a system would further enable more advanced traffic management where road prices are calculated depending on traffic density, day time or road type. A straight forward implementation of such a toll pricing system presupposes that cars are equipped with an on-board unit that sends GPS data to the service provider. At the end of a tax period the service provider then bills drivers based on their actual road usage. However, the immediate consequence of such a system is that cars can be located at any point in time, which completely discloses privacy. Researchers at the University of Leuven (Belgium) therefore proposed a GPS based toll pricing system that preserves the driver's privacy by transmitting only encrypted GPS data. Still this system uncovers fraud by malicious drivers manipulating their on-board units. Nowadays, more and more people constantly carry around GPS sensors integrated in their smartphones. The question therefore was whether smartphones are capable of doing the heavy cryptography necessary for this protocol, which was proved by a prototype implementation on Android smartphones.

Keywords: security protocol, Android programming

Digital Royalty Cards

Computer Science Project, Martin Gasser and Tobias Portmann, 2011.

Most larger shops provide some sort of royalty card to reward loyal customers. The simplest form are paper stamp cards known from take-away coffee shops at the train station, but more sophisticated systems such as CUMULUS and SUPERCARD in Switzerland are becoming increasingly popular. However, paper stamp cards protect privacy because they usually do not link to the individual customer and do not uncover long-time shopping behavior. In contrast, the more sophisticated systems require user registration and remember every single transaction for at least 15 months. This full disclosure of a customer's shopping behavior does not only allow for detailed profiling and personalized advertisement campaigns. See for example The Village Voice for a quite frightening story on the misuse of this data. The aim of this project was the specification of a security protocol for digital stamp cards that protects the customer's privacy and also detects manipulation of malicious customers and shop owners. A prototype of this protocol was implemented on Android smartphones.

Keywords: security protocol, Android programming