With the development and widespread application of online shopping, the number of online consumers has increased. With one click of a mouse, people can buy anything they want without going out and have it sent right to the doors. As consumers benefit from online shopping, people are becoming more concerned about protecting their privacy. In the group buying scenario described in our paper, online shopping was regarded as intra-group communication. To protect the sensitive information of consumers, the polynomial-based encryption key sharing method (Piao et al., 2013; Piao and Kim, 2018) can be applied to online shopping communication. In this paper, we analyze security problems by using a polynomial-based scheme in the following ways : First, in Kamal’s attack, they said it does not provide perfect forward and backward secrecy when the members leave or join the group because the secret key can be broken in polynomial time. Second, for simultaneous equations, the leaving node will compute the new secret key if it can be confirmed that the updated new polynomial is recomputed. Third, using Newton s method, attackers can successively find better approximations to the roots of a function. Fourth, the Berlekamp Algorithm can factor polynomials over finite fields and solve the root of the polynomial. Fifth, for a brute-force attack, if the key size is small, brute force can be used to find the root of the polynomial, we need to make a key with appropriately large size to prevent brute force attacks. According to these analyses, we finally recommend the use of a relatively reasonable hash-based mechanism that solves all of the possible security problems and is the most suitable mechanism for our application. The study of adequate and suitable protective methods of consumer security will have academic significance and provide the practical implications.

• 1. Introduction 2. Related Works 3. Security Analysis 4. Discussion and Result 5. Conclusions References

1 조현, "인터넷 전자상거래 환경에서의 구전효과의 선행 요인에 관한 연구" 한국IT서비스학회 12 (12): 231-242, 2013

2 Haddad, G. E., "Understanding trust, privacy and financial fears in online payment" 28-36, 2018

3 Mou, J., "Trust and risk in consumer acceptance of e-services" 17 (17): 255-288, 2017

4 Wang, W., "Stateless key distribution for secure intra and inter-group multicast in mobile wireless network" 51 (51): 4303-4321, 2007

5 Staddon, J., "Self-healing key distribution with revocation" 2002

6 Chen, H., "Securing online privacy : An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors" 70 : 291-302, 2017

7 Wang, W., "Secure group-based information sharing in mobile ad hoc networks" 1695-1699, 2008

8 Wong, C. K., "Secure group communications using key graphs" 8 (8): 68-79, 2000

9 Piao, Y., "Polynomial-based key management for secure intra-group and inter-group communication" 65 (65): 1300-1309, 2013

10 Gurung, A., "Online privacy and security concerns of consumers" 24 (24): 348-371, 2016

11 Shoup, V., "On the deterministic complexity of factoring polynomials over finite fields" 33 (33): 261-267, 1990

12 Chang, C. C., "Notes on ‘Polynomial-based key management for secure intra-group and inter-group communication’" 16 (16): 165-170, 2014

13 "Newton’s Method"

14 Diffie, W., "New directions in cryptography" 22 (22): 644-654, 1976

15 Wang, W., "Key distribution and update for secure inter-group multicast communication" 43-52, 2005

16 Kahn, C. M., "Identity theft and consumer payment choice : Does security really matter?" 50 (50): 121-159, 2016

17 Shamir, A., "How to share a secret" 22 (22): 612-613, 1979

18 Harney, H., "Group key management protocol(GKMP) Specification, RFC 2093"

19 Berlekamp, E. R., "Factoring polynomials over large finite fields" 24 (24): 713-735, 1970

20 Hwang, Y., "Electronic Commerce and Online Consumer Behavior Research : A Literature Review" 32 (32): 377-388, 2016

21 Liu, D., "Efficient selfhealing group key distribution with revocation capability" 231-240, 2003

22 Janse, N., "Do security breaches matter to consumers?" 2017

23 Kamal, A. A., "Cryptanalysis of a polynomialbased key management scheme for secure group communication" 15 (15): 68-70, 2013

24 Döbelt, S., "Consumers’ privacy concerns and implications for a privacy preserving Smart Grid architecture—Results of an Austrian study" 9 : 137-145, 2015

25 Anthony, D. M., "Consumer Perceptions of Privacy and Security Risks for Online Shopping" 35 (35): 27-44, 2005

26 Liu, N., "Attacks and comments on several recently proposed key management schemes"

27 Galup, S. D., "An overview of it service management" 52 (52): 124-127, 2009

28 Patsakis C., "An efficient scheme for centralized group key management in collaborative environments"

29 Blundo, C., "An AmI-based and privacy-preserving shopping mall model" 7 (7): 1-28, 2017

30 Cantor, D.G., "A new algorithm for factoring polynomials over finite fields" 36 (36): 587-592, 1981

31 박연희, "A Study on the Protection of Consumers’ Personal Information in Online Shopping" 글로벌경영학회 15 (15): 209-223, 2018